Applies To
Windows 11 Home and Pro, version 23H2 Windows 11 Enterprise and Education, version 23H2 Windows 11 Enterprise Multi-Session, version 23H2 DO_NOT_USE_Windows 11 IoT Enterprise, version 23H2 Windows 11 SE, version 24H2 Windows 11 Enterprise and Education, version 24H2 Windows 11 Enterprise Multi-Session, version 24H2 Windows 11 Home and Pro, version 24H2 Windows 11 IoT Enterprise, version 24H2 Windows Server 2025

Original publish date: August 29, 2025

KB ID: 5065083

Summary

When an older device (one running an earlier version of Windows 11) is enrolled in an enterprise using a mobile device management (MDM) provider, the enrollment request pulls the build version and application version from the device’s Update Build Revision (UBR). During the update process, the build version remains unchanged, while the application version increases by one.

For example, if the device is running Windows version 26100.4770, the build version sent during enrollment will be 26100.4770, but after the out-of-box experience (OOBE) update is installed, the application version will become 26100.4771.

This change is applicable to the following:

  • Windows 11, version 23H2 devices after installing the Windows update released on or after August 26, 2025 (KB5064080} or the Windows OOBE update released on or after August 26, 2025 (KB5065813).

  • Windows 11, version 24H2 devices after installing the Windows update released on or after August 29, 2025 (KB5064081) or the Windows OOBE update released on or after August 29, 2025 (KB5065848).

More information

In some scenarios, an older device might fail to install the OOBE update. The OOBE update includes the restore configuration service provider (CSP) policies. An MDM provider, unaware of this failure, might send the restore policy expecting the CSP to be present. This mismatch can cause policy applications to fail, potentially breaking enterprise enrollment and leaving users stuck in OOBE, resulting in support escalations.

Currently, MDM controllers, such as third-party MDM providers, do not have a way to determine if a device is capable (has the restore policy code present) of showing the restore experience during OOBE. Devices that can have restore enabled through OOBE packages are not supported to show the restore experience.

To enable the restore experience for older devices during device enrollment, the enrollment request now increments the application version by 1. This indicates that the older device is restore-capable, and the MDM providers should use this as a detection mechanism to send the restore CSP. This change is captured during OOBE.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center