New Microsoft feature aims to prevent CrowdStrike-like outages on Windows

TL;DR: Microsoft is testing a new feature called Quick Machine Recovery that's designed to help IT teams restore unbootable Windows 11 devices remotely. The move comes nearly a year after the infamous CrowdStrike outage, which left countless businesses scrambling to manually fix systems.

The feature, part of Microsoft's Windows Resiliency Initiative, was first announced last year. It's now being tested as part of the latest Windows Insider Preview build – specifically, version 6120.3653.

For the uninitiated, last July, a faulty kernel-level update from CrowdStrike triggered Blue Screens of Death on millions of Windows machines, disrupting critical infrastructure, including airlines and banks. Many IT admins had to physically access affected devices to resolve the issue.

With Quick Machine Recovery, Microsoft aims to avoid another CrowdStrike-style situation. The feature can be found in the Advanced options menu for the Windows Recovery Environment (Windows RE), as shown below.

The process works by automatically booting a failed device into the RE when it can't boot normally. Once in that mode, the device establishes a network connection via Ethernet or Wi-Fi and sends diagnostic crash data to Microsoft.

The company then analyzes this data across affected devices and uses it to identify widespread issues, develop targeted fixes, and remotely rolls them out through Windows Update. This should streamline what would otherwise require tedious manual intervention by IT admins on each machine.

IT admins can enable or disable Quick Machine Recovery using the RemoteRemediation CSP or via command prompt. They can also preconfigure network credentials, set scanning intervals (recommended every 30 minutes), and adjust timeout periods (suggested at 72 hours). A test mode lets admins simulate the process before deploying it widely.

For now, the feature is enabled by default for home users in the Windows 11 version 24H2 Insider Preview, available in the Beta Channel. IT admins on Pro and Enterprise versions will have full control over enabling or customizing it.

Microsoft is encouraging Windows Insiders to try the feature and provide feedback through the Feedback Hub. For more details, check out the announcement on the Windows Insider Blog.

Microsoft made hardening security a centerpiece of its strategy last year. The company is already doubling down on safeguarding credentials, smart app control policies, data security, and OS management tools.

However, an even more significant architectural shift is brewing under the hood. Microsoft intends to remove all security software components from Windows' kernel going forward. This would force antivirus products and other security tools to run in standard user mode rather than having privileged kernel access.