Microsoft has started rolling out a new feature that brings built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. Sysmon is a free tool that monitors for malicious activity, logs events to the Windows Event Log, and can be configured to detect complex behavior.
The feature is enabled by default in the Beta and Dev channels of Windows 11 Preview Build 26220.7752 and Build 26300.7733, respectively. To enable Sysmon, users must follow a specific procedure: go to Settings > System > Optional features, check Sysmon, or run the command `Dism /Online /Enable-Feature /FeatureName:Sysmon` in PowerShell or Command Prompt.
Microsoft is also testing a new policy that allows IT admins to uninstall AI-powered Copilot from managed devices. The company is moving towards modern IT infrastructure that can handle faster and more automated workflows.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring