The latest Windows 11 Canary build here under build number 28020.1611, and it brings a couple of useful improvements, including built-in Sysmon, new features for sharing files via OneDrive, and a single fix for the wrong build number on the desktop watermark.
Here is the changelog:
[Built-in Sysmon]
Previously announced here, Windows now brings Sysmon functionality natively to Windows. Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor. The captured events are written on the Windows event log, enabling them to be used with security applications and a wide range of use cases.
Built-in Sysmon is disabled by default and must be explicitly enabled.
Go to Settings > System > Optional features > More Windows features > checking Sysmon or in PowerShell or command prompt:
Dism /Online /Enable-Feature /FeatureName:Sysmon
To complete the installation, from PowerShell or command prompt run:
sysmon -i
Note: If you’ve already installed Sysmon from the website, it must be uninstalled before enabling the built-in Sysmon.
Documentation will be added to Windows soon. The functionality of Sysmon remains unchanged, learn more here.
[Windows Share]
When you share a OneDrive cloud file by right-clicking to share on the file – new options for sharing that link through other apps will be provided under “Share using” when the “Copy link” button is clicked. This experience is rolling out to Windows Insiders signed in with their Microsoft accounts not in the EEA.
[General]
Fixed the desktop watermark to show the correct build number.
The announcement blog post is available here.