Leveraging Windows 11 Management Part 3 – Microsoft Endpoint Manager Management


From the continuation of the previous part where we had covered all around Windows 11 readiness, this included an interesting overview on how we can look at the readiness across all the areas of Microsoft Endpoint Manager.

Now in this part we want to expand this subject a little bit further but this time with primary focus around the overview of management and leveraging of Windows 11 devices solely within your Microsoft Endpoint Manager environment.

At this point we look at the required levels which we need to reach to be able to accommodate Windows 11 devices into our environment. This part will be the closer for the series as we collate both parts of Microsoft Endpoint Manager as a unified look at how management of Windows 11 devices will be.

Configuration Manager Prerequisite Levels

Of course before you start your transition into managing Windows 11 with SCCM, you of course need to be made aware of the prerequisites which your site needs to have before you can start managing these devices.

Current Branch Levels

You will need to have a minimum level of SCCM 2107 in order for you to be properly managing Windows 11 devices. Now you may be able to get away with installing a client version which is not the same level but it wouldn’t be recommended as chances are this will cause a ton of issues with reliability of the managed device.

You may also run into an error code within the ccmsetup.log in C:\Windows\ccmsetup\logs which would evolve around the same information as stated above.

Further information on these levels can be found here

Windows ADK Levels

You would ideally need to be running the Windows 11 ADK going forward in order to fully support your Windows 11 estate.

You can do this with ADK 2004 as well, but depending on what stage you are at in terms of phasing out Windows 10 devices then you may want to look into this for the future, especially where using Task Sequences are concerned if you are indeed utilising gold image or hybrid image builds.

Further information on the ADK levels can be found here

Step Closer to Modern Management

With your Windows 10 devices being at a minimum of 1607 (1909 preferred) you are in a good position to consider modern management.

That is assuming of course these are your ONLY type of devices which are being managed within configuration manager at present. Meeting this requirement is fine, but of course your estate then incorporating Windows 11 devices or if only managing Windows 11 devices you are in a great position to transition to Modern Management.

A lot of organisations tend to use co-management topology because of the convenience of not having to be fully committed to one centralized area, especially considering when you have legacy clients to take into account where you could be put in a position to be monitoring two areas.

Utilising endpoint analytics

Endpoint analytics is the replacement for desktop analytics, more applicable for Windows 11 devices.

With this you can utilise the endpoint analytics especially when you are in a co-management environment where we can take advantage of using the tenant attach options within our CoMgmtSettingsProd properties.

Below in Figure 1.1 we can see the Configure Upload tab where we can import the devices from Configuration Manager right into the admin center and also enable endpoint analytics for these devices.

Figure 1.1 – Tenant Attach Options in SCCM


In conclusion, there are a lot of things to consider when it comes to moving to Windows 11, as there is not just the preparations for the devices themselves but you also have to consider whether the centralized solutions which you have in place are also able to accommodate them as well.

Improper planning can cause much bigger issues along the way, which is why its important to plan ahead. Even if this is a time where you may not even be remotely thinking of a migration towards Windows 11, other factors will also play a part such as the support of your overall configuration manager environment.

The further forward the current branch versions will go the more you will see the legacy devices or unsupported devices that you have will phase out of support much more.

The series presented here in parts 1-3 give a introduction on how to look forward and assess the scalability of your environment.



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.