News

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

• By Gladys Rama
• June 26, 2025

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).

Meant for select Microsoft security partners, the new platform serves the WRI's overall goal of "helping organizations prevent, withstand, and recover from disruptions," according to a blog post by Microsoft's head of Enterprise & OS Security David Weston.

Microsoft laid the groundwork for WRI last fall, after the disastrous CrowdStrike outage that crippled millions of Windows PCs worldwide as the result of a faulty update. Microsoft convened several of its biggest endpoint security partners, including CrowdStrike, to brainstorm ways to protect their mutual customers from similar incidents. To that end, Microsoft and its partners agreed to develop a new Windows security and resilience framework.

On Thursday, Microsoft announced that new platform will see daylight in July as a private preview for Microsoft Virus Initiative (MVI) partners. These are antimalware vendors that work closely with Microsoft on new Windows security features. Besides CrowdStrike, they include Bitdefender, ESET, SentinelOne, Trellix, Trend Micro and WithSecure. The upcoming endpoint security platform will enable these partners to "start building their solutions to run outside the Windows kernel," according to Weston. "This means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do."

Besides the new platform, Microsoft also announced multiple related capabilities aimed at enterprises. They include:

• A "streamlined" UI, coming later this summer to Windows 11 24H2 devices, to recover from unexpected restarts. Recovering from a crash should take most users about two seconds, according to Weston, thanks to "crash dump collection" improvements in Windows 11.

• A quick machine recovery (QMR) capability for crashed Windows 11 24H2 devices that are caught in restart limbo. Also coming this summer, QMR works with the Windows Recovery Environment to deliver "targeted remediations to affected devices," theoretically freeing IT from restoring these PCs manually. QMR will be turned on by default for Windows 11 Home PCs, while Windows 11 Pro and Enterprise organizations will be able to opt in. Additional IT controls will roll out later this year, per Weston.

• Starting July 9, the ability for device fleets to download Windows updates en masse from a local cache instead of over the air, reducing the likelihood of bandwidth bottlenecks. This capability, called "Connected Cache," serves updates from locally deployed nodes, not the cloud. Connected Cache supports Windows 11 updates, Windows Autopatch updates, Microsoft Intune app installations and Windows Autopilot device provisioning.

• The ability for organizations to use temporary "loaner PCs" via the cloud in the event of device theft, loss or damage. Called Windows 365 Reserve, this offering gives customers access to preconfigured cloud PCs until their normal device access is restored. Microsoft plans to offer Windows 365 Reserve as a preview "soon."

• An update to Universal Print that "enables users to securely release their printing request from anywhere in the organization to any authorized printer." The idea is to reduce the chance that sensitive documents are left exposed when they're not immediately retrieved from a printer. IT admins can configure the printers that are available to end users at their discretion.