Windows 11 update adds Local Administrator Password Solution and design tweaks

It's that time of the month again when Microsoft rolls out new cumulative updates for all supported versions of Windows, which now includes just Windows 11 and Windows 10. While all versions of Windows 11 are supported, Windows 10 users are only supported on specific versions, depending on the edition they're running. The more interesting updates are also exclusive to Windows 11, since that's the more active platform.

Windows 11 version 22H2 gets built-in LAPS and design tweaks (22621.1555)

Starting things off with the latest version of Windows 11, version 22H2, this update includes a couple of notable changes, particularly if you skip the optional updates each month. These changes are rolling out with build 22621.1555 for Windows 11 version 22H2, and the update itself is labeled as KB5023778. You can download it manually here if you're interested.

The one thing that's completely new with this update, even if you have the March optional update, is the inclusion of the Local Administrator Password Solution (LAPS) as part of Windows itself. This administrative tool was previously as a free download, but now it's more easily accessible. This has been available for Windows Insiders for a few months at this point, so it's nice to finally see it become widely available.

As for the changes that were in the previous optional update, Microsoft has made some design changes. The search box now adapts better to custom color modes, specifically when using a dark mode for Windows and the app mode to light (under Settings -> Personalization -> Colors). You may also see a Bing button if you've been given access to the Bing preview. Another change is that the user menu in the Start menu can now display certain messages prompting users to take specific actions. Finally, Microsoft Defender for Endpoint has also been updated with a few new features.

Screenshot of different messages shown on the Start menu when Windows 11 recommends the user back up their files

n addition to the changes above, there are a lot of fixes and smaller improvements in this release, particularly when you consider all the changes from the previous optional update. You can see the full list of changes, including the ones from the optional update from last month:

This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.

Added with March 28 optional update:

This update addresses an issue that affects the Notepad combo box in Settings. It fails to show all the available options.
This update addresses an issue that affects Microsoft PowerPoint. It stops responding. This occurs when you use accessibility tools.
This update addresses an issue that affects Microsoft Narrator. It fails to read items in dropdown lists in Microsoft Excel.
This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.
This update addresses an issue that affects complexity policy settings for PINs. They are ignored.
This update addresses an issue that affects the Fast Identity Online 2.0 (FIDO2) PIN credential icon. It does not appear on the credentials screen of an external monitor. This occurs when that monitor is attached to a closed laptop.
This update addresses an issue that affects a Clustered Shared Volume (CSV). The CSV fails to come online. This occurs if you enable BitLocker and local CSV managed protectors, and the system recently rotated the BitLocker keys.
This update addresses an issue that affects Active Directory Users & Computers. It stops responding. This occurs when you use TaskPad view to enable or disable many objects at the same time.
The update addresses an issue that affects the Remote Procedure Call Service (rpcss.exe). The issue might cause a race condition between the Distributed Component Object Model (DCOM) and the Microsoft Remote Procedure Call (RPC) endpoint mapper.
This update addresses an issue that affects Microsoft PowerPoint. It stops responding on the Azure Virtual Desktop (AVD). This occurs when you use Visual Basic for Applications (VBA).
This update addresses an issue that affects Windows Search. Windows Search fails inside of Windows container images.
This update affects the Group Policy Editor. It adds Transport Layer Security (TLS) 1.3 to the list of protocols that you can set.
This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
This update affects jscript9Legacy.dll. It adds ITracker and ITrackingService to stop MHTML from not responding.
This update addresses an issue that affects the Microsoft HTML Application Host (HTA). This issue blocks code execution that uses Microsoft HTA. This occurs when you turn on Windows Defender Application Control (WDAC) User Mode Code Integrity (UMCI) enforced mode.
This update affects the Group Policy Management Console. It addresses a scripting error in the Group Policy Preferences window.
This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
This update addresses an issue that affects Desired State Configuration. It loses its previously configured options. This occurs if metaconfig.mof is missing.
This update addresses an issue that affects the Dynamic Host Configuration Protocol (DHCP) option 119 - Domain Search Option. The issue stops you from using a connection-specific DNS Suffix Search List.
This update addresses a rare issue that might cause an input destination to be null. This issue might occur when you attempt to convert a physical point to a logical point during hit testing. Because of this, the computer raises a stop error.
This update addresses an issue that affects the Simple Certificate Enrollment Protocol (SCEP) certificate. The system reports some SCEP certificate installations as failed. Instead, the system should report them as pending.
This update addresses an issue that affects the new Windows Runtime (WinRT) API. This issue stops an application from querying for location information using MBIM2.0+.
This update addresses a known issue that affects kiosk device profiles. If you have enabled automatic logon, it might not work. After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later.
This update affects Xbox Elite users who have the Xbox Adaptive Controller. This update applies your controller remapping preferences on the desktop.
This update addresses an issue that might affect your audio. It might cause glitching or screeching. This occurs when the system is under a heavy load or wakes from sleep.
This update addresses an issue that stops WDAC from parsing fields from binaries.
This update addresses an issue that might affect Win32 and Universal Windows Platform (UWP) apps. They might close when devices enter Modern Standby. Modern Standby is an expansion of the Connected Standby power model. This issue occurs if certain Bluetooth PhoneLink features are turned on.

Windows 11 initial release (22000.1817)

The updates for the initial release of Windows 11 also include the addition of the Local Administrator Password Solution, and there isn't much else that's new in terms of big new features. This update brings the OS build number to 22000.1817, and the update itself is labeled KB5025224. You can download it manually here.

Aside from LAPS, the only other notable change here is an improved search experience. You can also now customize how the search box looks in the taskbar settings page. Aside from this, it's mostly fixes, and once again, the full list of changes is split between today's update and the optional update released at the end of March. We've compiled everything below:

This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.
This update addresses a known issue that affects kiosk device profiles. If you have enabled automatic logon, it might not work. After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later.

Included in the March 28 optional update:

This update addresses an issue that affects the command line. It fails when you set the system locale to Japanese and cmd.exe is configured in legacy mode.
The update addresses an issue that affects the Remote Procedure Call Service (rpcss.exe). The issue might cause a race condition between the Distributed Component Object Model (DCOM) and the Microsoft Remote Procedure Call (RPC) endpoint mapper.
This update affects the ms-appinstaller URI.It now works with the DesktopAppInstaller policy.
This update addresses an issue that affects Microsoft PowerPoint. It stops responding on the Azure Virtual Desktop (AVD). This occurs when you use Visual Basic for Applications (VBA).
This update addresses an issue that affects Windows Search. Windows Search fails inside of Windows container images.
This update addresses an issue that affects the Microsoft HTML Application Host (HTA). This issue blocks code execution that uses Microsoft HTA. This occurs when you turn on Windows Defender Application Control (WDAC) User Mode Code Integrity (UMCI) enforced mode.
This update addresses an issue that affects Desired State Configuration. It loses its previously configured options. This occurs if metaconfig.mof is missing.
This update addresses compatibility issues that affect some printers. These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not completely adhere to GDI specifications.
This update addresses an issue that affects the Simple Certificate Enrollment Protocol (SCEP) certificate. The system reports some SCEP certificate installations as failed. Instead, the system should report them as pending.
This update addresses an issue that affects the new Windows Runtime (WinRT) API. This issue stops an application from querying for location information using MBIM2.0+.
This update addresses an issue that affects the Fast Identity Online 2.0 (FIDO2) PIN credential icon. It does not appear on the credentials screen of an external monitor. This occurs when that monitor is attached to a closed laptop.
This update affects the “Set a default associations configuration file” Group Policy Object (GPO). You can now use it to create an extension to specific applications.
This update addresses an issue that affects the SharedPC account manager. It cannot delete multiple accounts during cleanup.
This update addresses an issue that might affect lsass.exe. It might stop responding. This occurs when it sends a Lightweight Directory Access Protocol (LDAP) query to a domain controller that has a very large LDAP filter.

Windows 10 (multiple supported versions)

Finally, Windows 10 is also getting some updates, particularly for Windows 10 version 22H2 and version 21H2, which are the only ones supported for Home and Pro editions. Enterprise and Education editions are also still supported for Windows 1 version 20H2. The update is labeled as KB5025221 — which you can download here — and depending on the version you have, you'll have build 19045.2846, 19044.2846, or 19042.2846.

This update also includes LAPS integration, so Microsoft is making this available to as many users as possible. Otherwise, it's all about fixes with this release, and there's only a handful of them. You can check them out below:

This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.
This update addresses a known issue that affects kiosk device profiles. If you have enabled automatic logon, it might not work. After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later.

Very specific channels are also still getting updated for older versions of Windows 10. You can find more information about these updates using the links below:

Windows version	KB article	Build number	Download
Windows 10 version 1809	KB5025229	17763.4252	Update Catalog
Windows 10 version 1607	KB5025228	14393.5850	Update Catalog
Windows 10 version 1507	KB5025234	10240.19869	Update Catalog

As per usual, since these are mandatory updates, they'll be installed automatically sooner or later. You can use the links in this article to install them manually at a more convenient time so you don't get interrupted when you don't want to.