With Windows 11 scheduled for a GA release today, 5th October 2021, in this short blog post, let us quickly jump on to see how you can move to Windows 11 on your managed Windows 10 endpoints with Intune and Windows Update for Business.
Table of Contents
Know the device requirements for Windows 11
There has been so much noise about the Windows 11 hardware requirements in social media that I am pretty sure that you are already aware of the same. By any chance, if you are not aware still, then here is a quick reference of the minimum system requirements specs for Windows 11.
| Processor | 1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC). |
| RAM | 4 GB |
| Storage | 64 GB or larger storage device |
| System firmware | UEFI, Secure Boot capable |
| TPM | Trusted Platform Module (TPM) version 2.0 |
| Graphics card | Compatible with DirectX 12 or later with WDDM 2.0 driver. |
| Display | High definition (720p) display that is greater than 9” diagonally, 8 bits per color channel. |
Check Windows 11 requirements – What’s new in Windows for more info.
Check Windows 11 readiness in the environment
If you have the proper license in place to take benefit of Endpoint Analytics, you can easily get Windows 11 readiness check insights for your managed Windows 10 environment as part of the Work from anywhere reports.
For more info check Understanding readiness for Windows 11 with Microsoft Endpoint Manager.
If you do not have the license in place to make use of Endpoint Analytics, you may proceed to check Windows 11 readiness manually via running the Hardware Readiness script locally on the endpoints and collating the results. But that would be a pain for sure 😅
Plan and Prepare for Windows 11
When doing modern management of Windows endpoint, the below three steps are the essential part of any activity.
- Plan
- identify users/devices for a Pilot rollout, to
- Prepare
- create comms for end-user readiness for a successful pilot, to
- create work instructions and other documents to prepare the OSS/IT Helpdesk and all others involved with the support delivery to be prepared, to
- validate and check application, infrastructure and deployment process readiness, to finally
- Deploy
- Windows 11 to Pilot and based on the results, proceed to Broad Adoption.
Move to Windows 11 with Intune
This has been highlighted by tweets from Aria (MSFT PM) as well as mentioned in MS docs that Windows 10 endpoints managed by Intune and serviced via Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicitly configures a feature update profile in Intune.
Though the normal Update Rings policies from Intune can get you from one Windows 10 version to another (like from 21H1 to 21H2), those are version upgrades within the same product that is Windows 10, controllable via the feature update deferral setting within the policies.
However, the move from Windows 10 to Windows 11 is an upgrade from one product to another. As such, with only Update Ring policies created in Intune, you are not going anywhere.
You will need to create a Feature Update deployment policy from Intune to push your managed Windows 10 devices to transition to Windows 11.
Deploy the policy to the required group(s) for the intended devices to get updated to Windows 11.
Note - You should be creating the policy only after Windows 11 is made GA from Microsoft.
Trying to create a Windows 11 Feature Update deployment policy in Intune currently results in an error as below, which should be expected. [This has been fixed by MS]
Servicing Windows 11 with Intune and WUfB
Windows 11 will continue to use the same methodology of servicing as it has been with Intune managed Windows 10 using the Update Ring policies.
The top row in the above image shows the Microsoft Release path whereas the bottom row shows the Rings created in the environment to control the update deployment that is aligned with the Microsoft Release path.
The only difference here would be the Windows 10 used to come with two major version updates (feature update) an year (the reason why the update channel is named Semi-Annual) whereas, with Windows 11, Microsoft will be delivering a single feature update annually.
Monthly updates for Windows 11 will continue as it has been with Windows 10.
As an Intune admin, you can control Windows 11 Feature and Quality updates using the Update Ring policies.
It’s only when you need your managed Windows 10 endpoint to transition to Windows 11, is when you need a Feature Update deployment policy from Intune to set the TargetReleaseVersion on the endpoint to get it to move to Windows 11.
The End
For more information or details on how to transition to Windows 11 using Intune, check the official Tech Community post Endpoint Manager simplifies upgrades to Windows 11.
In the end, I can say that I have been using the preview builds of Windows 11 on my personal laptop for quite some time and I do agree when MS says that it brings in a fresh experience that is flexible and fluid.
Do check my blog post on trying out Autopilot deployment with Windows 11.