Windows 11 is here – should you upgrade now?

Windows 11 introduces some significant changes to hardware requirements and improvements to security. Your organisation will benefit from these changes by improving the security posture of your Windows endpoints, I suspect most organisations will have some work to do before upgrading all devices to Windows 11. 

When Microsoft announced Windows 11, they also announced the retirement of Windows 10 for October 14th, 2025. A migration to Windows 11 for everyone is inevitable; however, should you upgrade your organisation’s devices now or continue with Windows 10 until 2025? 

Although Windows 11 is available now, Windows 10 21H2 is also ready for release. Windows 10 21H2 continues the cumulative update approach Microsoft has taken with Windows 10 2004, 20H2 and 21H1. 

Windows 10 21H2 introduces just a few new features – the most interesting of which, will be the simplification of Windows Hello for Business with a cloud trust model. This will do away with the need to integrate Active Directory Certificate Services, making Windows Hello for Business deployment far simpler. See this article for more details: Introducing the next feature update to Windows 10: 21H2

Are your devices ready for Windows 11? 

In my experience, many organisations are still having challenges in keeping their Windows endpoints current and it’s common to see devices in the organisation running Windows 10 versions which are out of support. It’s also not uncommon to see Windows 8 and Windows 7 devices still out in the wild. 

What is also becoming clear is the number of corporate devices which aren’t ready for Windows 11. Although a small sample size, I have seen devices in client environments which won’t meet Windows 11’s hardware requirements. Issues include Secure Boot not being enabled and devices which don’t meet TPM requirements (TPM not enabled or not TPM 2.0 capable). Resolving these issues would represent a significant amount of work.  

Additionally, Windows 11’s minimum CPU requirements will ensure a certain percentage of devices in an organisation won’t be running Windows 11 until they are retired and replaced. 

Update to Windows 10 21H2 now 

Upgrading to Windows 11 for many organisations is going to be a challenge in the short term, so instead, your time would be better spent upgrading devices to Windows 10 21H2. 

Windows 10 21H2 is a cumulative update for any Windows 10 device on version 2004 or later, which means you will be able to update without delay and have confidence your devices and applications will be compatible. Updating to Windows 10 21H2 as soon as possible, will ensure your organisation benefits from extended support, 18 months for Windows 10 Pro and 30 months for Windows 10 Enterprise and Education. As Microsoft has not yet made an announcement for Windows 10 releases beyond 21H2, it’s reasonable to assume this version will be supported right up to 2025. 

A new Windows 10 21H2 Long-Term Servicing Channel (LTSC) will also be available, allowing all compatible devices to be upgraded to 21H2 Semi-annual Channel or LTSC and have those devices supported until 2025. 

Read more about the importance of patching in this blog by my colleague Peter Cooney, Global Head of Solutions here at Insentra.  

Report on your device compatibility with Windows 11 

Microsoft has a few tools you can use to report on Windows 11 compatibility. The preferred approach for reporting on Windows 11 readiness is to use the Work from anywhere report in Endpoint Analytics in the Microsoft Endpoint Manager admin centre.  

For environments using Microsoft Intune to manage devices, you will have access to this report now. If you’re using Microsoft Endpoint Configuration Manager to manage your Windows devices, make sure you’ve deployed tenant attach and co-management so you can take advantage of this report as well.

There are plenty of good reasons to adopt tenant attach and co-management. For most clients, it will provide more insights into your Windows endpoint environment and the opportunity to simplify the management of Windows devices.

For those environments which haven’t yet moved to tenant attach and co-management or can’t (for whatever reason), Microsoft has a hardware readiness script available which can be run via Configuration Manager. For more information see this article: Understanding readiness for Windows 11 with Microsoft Endpoint Manager.

Update devices for Windows 11 compatibility

Once you’ve determined Windows 11 readiness in your environment, you will have some work to do updating devices which are not compatible. In real client environments, we are seeing the need to update firmware, configure Trusted Platform Modules, enable Secure Boot or upgrade RAM capacity.

With those devices incapable of running Windows 11 at all (typically due to CPU), then updating them to Windows 10 21H2 will ensure the device is running a supported configuration until its end of life. From there you can plan for their retirement and replacement.

Ensure your device management tools are Windows 11 ready

Adding support for Windows 11 in your deployment tools should be an easy task – upgrade to Configuration Manager 2017 and/ or wait for Microsoft to include full support for Windows 11 in Intune.

Just like Windows, you should be keeping your Configuration Manager environments current, so upgrading to Configuration Manager 2107 should be part of the standard support lifecycle.

Microsoft has already been updating Microsoft Intune to support Windows 11 with changes in the Microsoft Endpoint Manager admin center.

Capable devices won’t automatically update to Windows 11. As a Windows administrator, you will have controls in Group Policy, Windows Server Update Services, Configuration Manager and Microsoft Intune to upgrade devices to Windows 11 when you are ready to do so.

Customers using Windows Autopilot should be aware of which version of Windows comes with new devices. Remember Windows 10 is supported until 2025, however  well before then device manufacturers will start shipping PCs with Windows 11.

Validate and pilot Windows 11 now

Whether you know it or not, I’ll bet at least one person in your organisation is already testing Windows 11. I have seen this over the past few months in at least four client environments.

It is important to start validating Windows 11 now to determine whether you need to make changes to your deployment methodology. There are no major changes you need to make in the way you manage Windows 10 today to start managing Windows 11; however, there are some key changes and features introduced with Windows 11.

Not least of these changes is the new Start menu, Taskbar and the Settings application. These will be obvious changes to users, thus it’s worth ensuring these new features are well understood before Windows 11 is deployed to your managed endpoints. Additionally, there are changes to the Microsoft Store coming with Windows 11 which could have a big impact on the way some organisations manage applications on their devices.

Start with a small-scale pilot within IT, even if it’s manually updating devices to Windows 11, and validate if the organisation is ready for those important changes coming with this new version of Windows.

Communicate with your users

I highly recommend communicating with user end-users that Windows 11 is on the way, even if it’s just to say, “Windows 11 is coming”.

Changes to the Windows 10 interface since the initial release in 2015 have realistically been minor with iterative updates with each release. Windows 11 introduces major interface changes and while the way you interact with Windows 11 doesn’t fundamentally change, users should have some understanding of the changes they will see when their PC is upgraded.

Deploy in 2022

Can you believe it’s already October 2021? You’ve probably got plenty to do before the end of the year and for all of us, 2020 and 2021 have been difficult enough. Plan and prepare now, so you’re ready to start deploying Windows 11 in 2022.

We’re here to help, of course. We have developed a robust methodology for modern device management using Microsoft Endpoint Manager which takes you from design right through to production release, providing a framework for a successful deployment and adoption of new technologies introduced in Windows 10 and Windows 11.

Curious about Microsoft Edge? I captured  17 reasons why organisations should standardise on Edge in my previous blog.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

Secure Jump Box in Azure

The announcement, Login to Windows virtual machine in Azure using Azure Active Directory authentication, has opened up some very interesting use cases for secure management

Read More »