Sunday, 17 October 2021

My first look at Windows 11 readiness

I'm a little bit late to the party here but I've been very busy this year. Some of my customers have started asking about Windows 11 so I've started looking into Windows 11 readiness. There has been some controversy about this already. Organizations are finding that many of the devices that easily run Windows 10 are not capable of running Windows 11. 

Windows 11 requirements.

Let's start with the hardware requirements. They are clearly defined in the Microsoft documentation. 

  • Processor: 1 gigahertz (GHz) or faster with two or more cores on a compatible 64-bit processor or system on a chip (SoC).
  • RAM: 4 gigabytes (GB) or greater.
  • Storage: 64 GB or greater available storage is required to install Windows 11.
    • Additional storage space might be required to download updates and enable specific features.
  • Graphics card: Compatible with DirectX 12 or later, with a WDDM 2.0 driver.
  • System firmware: UEFI, Secure Boot capable.
  • TPM: Trusted Platform Module (TPM) version 2.0.
  • Display: High definition (720p) display, 9" or greater monitor, 8 bits per color channel.
In general all these requirements seem pretty reasonable. The TPM requirement seems to be the one that has caused the most fuss. Many organizations still have a lot of hardware with TPM 1.2. Fortunately the firmware of many models can be upgraded to give you TPM 2.0, but your mileage may vary on that. Updating firmware on thousands of devices can be an administrative challenge, but we should be doing that anyway, shouldn't we 😀.

Michael Niehaus has published a blog post, Windows 11 new hardware requirements: Justified or not?, which delves into each requirement in detail. It's worth a read.

Windows 10 upgrade

If you want an in-pace upgrade from Windows 10 to Windows 11, you must be running a supported version of Windows 10. Currently that is v1909 or later. You can find the supported versions here

Windows 11 readiness.

This is the part that really interested me. How can organizations verify if their devices are Windows 11 capable or not? I've looked at a few options.

Script

Microsoft have published a script to determine whether an individual device meets the system requirements for Windows 11. Download HardwareReadiness.ps1 and run with an elevated prompt. 


The script output will be a returnCode (is the device capable or not)..... 

.
..and returnReason (why the device is not capable).

It is recommended to use Microsoft Endpoint Manager or Configuration Manager to deploy the script at scale.

Configuration Manager report

The guys at System Center Dudes have developed a pretty cool Windows 11 readiness report for Configuration Manager. You can download the report for free from their website

The report lists the following components and highlights in red if a component does not match the Microsoft minimum requirement: Device Name, UserName, Client Status, Client Version, OS Edition, OS Version, OS Branch, CPU Speed, RAM, Free Space, Device Manufacturer, Device Model, Secure Boot Status, UEFI Bios status, TPM version and status

Endpoint Analytics

I've been interested in this feature for some time now and it is really useful for assessing Windows 11 readiness. Windows 11 insights are available for all Intune-managed and co-managed devices in Endpoint analytics, as well as devices enrolled via tenant attach with Configuration Manager, version 2107 or newer.

In the MEM console, navigate to Reports > Endpoint Analytics.


Select
Work from anywhere (preview) and click WindowsA chart is displayed showing which specific hardware requirements are the top blockers in your organization.

In the Windows tab, a device-by-device view of Windows 11 hardware readiness is displayed. 


The 
Windows 11 readiness status column indicates if device is Capable of upgrading to Windows 11 based on the minimum system requirements. 


We see a Windows 11 readiness reason if it is 
Not capable.


In most cases, devices with a Windows 11 readiness status of Unknown are inactive. You can verify this by reviewing the last check in time from Intune. I've seen a lot of Unknown devices so I'll be doing some troubleshooting on these and will update this post with my findings.

I hope this helps. Until next time.....