Introduction
When we introduced the first part of the series it was more of a teaser or an enhanced version of a table of contents on what is to come on this new series which is all around Windows 11 Management.
Today we look to now expand on this topic as this being the first real part of the Leveraging Windows 11 management, where we will get into the ballistics of going through how we assess overall readiness of Windows 11.
Readiness is not necessarily just about going from one OS to another on specific or all clients, but also the readiness of your overall environment and how this will affect your working situation and plans moving forward. We want to ensure that a transition into Windows 11 as well as leveraging it does not have a negative impact and this is what we look to achieve with this next part within the series.
The overall goal here is to present this part which has a consolidation of areas and ideas to help scale all areas of readiness across your environment.
Multiple layers of readiness
What we will do in this part is go through different areas of discussion around all the levels of readiness and whilst we may touch and speak of minimum, recommended and best practice requirements what we want to do is also expand on certain actions which you can perform to make the readiness tasks more scalable for you.
Hardware Requirements
First part of the journey of course is to analyse the hardware requirements for each device. The hardware requirements can be found on the official docs.microsft.com website here https://docs.microsoft.com/en-us/windows/whats-new/windows-11-requirements
Now this is fine if we are perhaps checking over a couple of rogue machines which we want to bring up to Windows 11, but how do we handle this in bigger amounts of devices? Especially when we have a deadline or project tasks which aim to have a certain amount ready to go.
We need to get to a point where we know what devices are eligible for a Windows 11 Upgrade right out the gate.
Reporting From Endpoint Manager
Looking at native reporting options can help this overall area. For example we have native reports in SCCM which can give a detailed list of all of the hardware on managed devices such as the Asset Intelligence – Hardware 01A – Summary of computers in a specific collection report. And a report such as this gives a lot of the fundamentals across the physical machine resources to see how they tally up against the hardware requirements for Windows 11.
And this type of information can be extended further if you were to perhaps create a custom query or a device collection with a query membership rule which then contained the hardware requirements of Windows 11. This way you can then have a definitive list which then contained all of the devices which did meet the requirement levels.
In addition another way could then to construct a configuration baseline that would then be pushed out to your estate and that could then perform a regular interval check to assess the level of readiness of those machines. A native report and a collection with a query rule is great, but thinking of the the amount of traffic which could generate from a collection that had an incremental check or depending on the clean-up of your overall estate could be then a baseline could be a better fit if wanting a more dynamic as well as straight forward approach. Essentially using the WQL within the example above and using a setting type of WQL for the baseline can indeed speed things up if not wanting to create a similar setting using something such as PowerShell to build a similar WMI type of script.
Whilst we have a good grip of what we can perform in the SCCM world, we also need to look into what we can achieve in the Intune world! Now assuming that you are managing all devices in modern management only or you have configured co-management between SCCM and Intune with the tenant attach feature made available from SCCM 2111, you can utilize the Endpoint Analytics.
Not only can you get a great understanding of all the devices performance, but you also have a section where you can see the Windows 11 readiness within the Work From Anywhere – Windows section. Devices there will be marked as “Capable”. This is perhaps the most straight forward way, but it’s also great to actually know how your devices are performing as that will help with understanding more the stability of devices, rather than it just meeting the requirements to be upgraded.
Software Requirements
This is perhaps a very interesting section and maybe a strange one considering an upgrade or a clean install wouldn’t require such things 🙂
However when I mention software requirements, I refer more to the compatibility and capability of line of business applications which may have a dependency on libraries which are specific to Windows 10, or even more specific down to the actual build versions.
Whilst on the surface there may not be that much of a stretch between Windows 10 and Windows 11, validating these applications are quite important. From down to official commercial software that require the Windows 11 version or bespoke applications which are specifically built to work on specific versions of .dll files. All helps to be prepared in these situations.
Compatibility Machine
Will admit this is one I have literally thought of! However we have actually done these types of things in the past but they may have also been forgotten about at the same time!
We can of course use the same methods as listed above regarding native reporting from Endpoint Manager, but perhaps the most effective way is to actually have a Windows 11 machine to test these applications on. This will cut out a lot of the surprises which may occur from performing a migration from Windows 10 to Windows 11 which may use specific dependencies which the user or IT staff may not be aware of.
Checkpoints to mark off exactly which applications have been tested is also a great way to understand the validation of compatibility. Where we might use Task Sequences which have a hybrid build of these exact applications we want to know they will work as soon as the machine is built to ensure the flow of productivity.
This is based around from some of the strategies used when we were preparing a gold image in where you would have a reference machine which was absolutely clean. And then we start to build it to the standard we require it to be alongside vigorous testing to see how everything works and reacts. Once we are happy with the state then we proceed to capture that machine, and its the same concept for software testing in this scenario also. Validating the compatibility in theory is great yes but the practical testing will solidify this even further.
Checking Windows 11 Versions
A lot of software may already have a Windows 11 compatible version, so it is indeed worth checking this out as this will help to upgrade any deployments, packages, task sequences or anything of that nature which will move along with the transition of moving to Windows 11.
Build Versions of Windows 10 Devices
Build versions of Windows 10 can play a part in readiness where we look at the end of life for those devices. If there is already a requirement to upgrade to Windows 11 then devices which are on an unsupported build version can indeed be great candidates. But that shouldn’t necessarily be a driving factor, but it helps overall to understand the baseline standard of Windows 10 build versions that’s out there. And taking into consideration that system requirements can play a part in why they may have not been upgraded, so an assessment on this level is indeed warranted.
Native Reporting and Dashboards in Endpoint Manager
There are a couple of options around this front again being more native reports. You have the Operating System – Windows Servicing details for a specific collection report which can provide a list of all the Windows 10 machines and their build versions.
As well as some of the native dashboards in the Software Library area in the Windows 10 Servicing section
These areas provide charts which show a statistical count of all the build versions that you have within your managed estate.
Methods of Migration
The most important part about the migration side is to know exactly all of the methods which are available to you, and then to understand which is going to be the most appropriate one.
Each method can come with its own pros and cons, and not to mention its own unique realm of troubleshooting 🙂
In-Place upgrades or Clean
This is indeed a decision to think about. The most convenient way is always going to be an in-place upgrade for the sake of maintaining all configurations, user profiles and settings. But it is also good to understand the element of a clean install, where this could be part of a hardware refresh to ensure everything is efficient for moving into Windows 11 with devices which will be able to support productivity and performance much better.
For clean installations this will be heavily dependent on how your infrastructure is configured especially around the users experience and user information such as
- Users Profiles
- OneDrive Configuration
These are all going to aid into the decision making as to how easy that transition will be. Now for those methods around a clean installation, if these devices are indeed all managed in Intune, and assuming they are already added to the Autopilot portal this would be of course a great step forward. However in this case this would be more for devices that are already on Windows 11 or new devices are provided from a vendor beforehand which will then be put through modern management enrolment to receive all of the necessary policies defined.
With that aspect areas such as Feature Upgrades of course can be the best option, where you can upgrade to Windows 11 from a windows update method which can be done from the Windows Servicing area in SCCM, or from your feature update rings from Intune. But this does come with its little hurdles as bearing in mind there is a check which is performed to see if the machine is indeed compatible and if this fails then you will get an unsupported message as seen below.
The article here details this and to what registry key to look for. Now this registry path is a great candidate for a Proactive Remediation script, or Configuration Baseline to assess if machines do require this to be set or not as this can of course slow the process down if looking to do batches of upgrades across your environment.
And lastly to accommodate those who may still be in the phase of co-managed hybrid environments, or may not even be in Intune at all and still utilise a gold image standard deployment there is always the Task Sequence deployment methods. I find that with these methods you can effectively kill two birds with one stone where your goals are to get to a point of modern management and you can take advantage of the enrolment into Intune through this window of opportunity. On the other hand if you are using a pilot group for devices to use co-management you may find these already in Intune as well as the endpoint analytics.
Next On Part 3
The third part will cover managing Windows 11 devices mainly through configuration manager and the benefits of how handling and leveraging Windows 11 works in the present and more in the future.
Click here to read the first part.
For further information, please click HERE to contact our support team.
