Get Instant Access
to This Blueprint

Infrastructure Operations icon

Prepare for the Upgrade to Windows 11

The upgrade is inevitable, but you have time, and you have options.

  • Windows 10 is going EOL in 2025.That is closer than you think.
  • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft initiated catastrophe?
  • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

Our Advice

Critical Insight

Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system. Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

Impact and Result

Windows 11 hardware requirements will result in devices that are not eligible for the upgrade. Companies will be left to spend money on replacement devices. Following the Info-Tech guidance will help clients properly budget for hardware replacements before Windows 10 is no longer supported by Microsoft. Eligible devices can be upgraded, but Info-Tech guidance can help clients properly plan the upgrade using the upgrade ring approach.

Prepare for the Upgrade to Windows 11 Research & Tools

1. Prepare for the Upgrade to Windows 11 Deck – A look into some of the pros and cons of Microsoft’s latest desktop operating system, along with guidance on moving forward with this inevitable upgrade.

Discover the reason for the release of Windows 11, what you require to be eligible for the upgrade, what features were added or updated, and what features were removed. Our guidance will assist you with a planned and controlled rollout of the Windows 11 upgrade. We also provide guidance on how to approach a device refresh plan if some devices are not eligible for Windows 11. The upgrade is inevitable, but you have time, and you have options.

Prepare for the Upgrade to Windows 11 Storyboard

2. What Are My Options If My Devices Cannot Upgrade to Windows 11? – Build a Windows 11 Device Replacement budget with our Hardware Asset Management Budgeting Tool.

This tool will help you budget for a hardware asset refresh and to adjust the budget as necessary to accommodate any unexpected changes. The tool can easily be modified to assist in developing and justifying the budget for hardware assets for a Windows 11 project. Follow the instructions on each tab and feel free to play with the HAM budgeting tool to fit your needs.

HAM Budgeting Tool

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.0/10

Overall Impact

$142

Average $ Saved

1

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Cork County Council

Guided Implementation

8/10

N/A

1

I think we had most things covered in terms of how we are planning to rollout Windows 11 so it was good to get confirmation on that from John that ... Read More

Prepare for the Upgrade to Windows 11

The upgrade is inevitable, but you have time, and you have options.

Analyst Perspective

Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

“You hear that Mr. Anderson? That is the sound of inevitability.” ("The Matrix Quotes" )

The fictitious Agent Smith uttered those words to Keanu Reeves’ character, Neo, in The Matrix in 1999, and while Agent Smith was using them in a very sinister and figurative context, the words could just as easily be applied to the concept of upgrading to the Windows 11 operating system from Microsoft in 2022.

There have been two common, recurring themes in the media since late 2019. One is the global pandemic and the other is cyber-related crime. Microsoft is not in a position to make an impact on a novel coronavirus, but it does have the global market reach to influence end-user technology and it appears that it has done just that. Windows 11 is a step forward in endpoint security and functionality. It also solidifies the foundation for future innovations in end-user operating systems and how they are delivered. Windows-as-a-Service (WAAS) is the way forward for Microsoft. Windows 10 is living on borrowed time, with a defined end of support date of October 14, 2025. Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

It is inevitable!

P.J. Ryan

Research Director, Infrastructure & Operations

Info-Tech Research Group

Executive Summary

Your Challenge

  • Windows 10 is going EOL in 2025. That is closer than you think.
  • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft-initiated catastrophe?
  • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

Common Obstacles

  • The difference between Windows 10 and Windows 11 is not clear. Windows 11 looks like Windows 10 with some minor changes, mostly cosmetic. Many online users don’t see the need. Why upgrade? What are the benefits?
  • The cost of upgrading devices just to be eligible for Windows 11 is high.
  • Your end users don’t like change. This is not going to go over well!

Info-Tech's Approach

  • Spend wisely. Space out your endpoint replacements and upgrades over several years. You do not have to upgrade everything right away.
  • Be patient. Windows 11 contained some bugs when it was initially released. Microsoft fixed most of the issues through monthly quality updates, but you should ensure that you are comfortable with the current level of functionality before you upgrade.
  • Use the upgrade ring approach. Test your applications with a small group first, and then stage the rollout to increasingly larger groups over time.

Info-Tech Insight

There is a lot of talk about Windows 11, but this is only an operating system upgrade, and it is not a major one. Understand what is new, what is added, and what is missing. Check your devices to determine how many are eligible and ineligible. Many organizations will have to spend capital on endpoint upgrades. Solid asset management practices will help.

Insight summary

Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system.

Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

Many organizations will have to spend capital on endpoint upgrades.

Microsoft now insists that modern hardware is required for Windows 11 for not only security but also for improved stability. That same hardware requirement will mean that many devices that are only three or four years old (as well as older ones) may not be eligible for Windows 11.

Windows 11 is a virtualization challenge for some providers.

The hardware requirements for physical devices are also required for virtual devices. The TPM module appears to be the biggest challenge. Oracle VirtualBox and Citrix Hypervisor as well as AWS and Google are unable to support Windows 11 virtual devices as of the time of writing.

Windows 10 will be supported by Microsoft until October 2025.

That will remove some of the pressure felt due to the ineligibility of many devices and the need to refresh them. Take your time and plan it out, keeping within budget constraints. Use the upgrade ring approach for systems that are eligible for the Windows 11 upgrade.

New look and feel, and a center screen taskbar.

Corners are rounded, some controls look a little different, but overall Windows 11 is not a dramatic shift from Windows 10. It is easier to navigate and find features. Oh, and yes, the taskbar (and start button) is shifted to the center of the screen, but you can move them back to the left if desired.

The education industry gets extra attention with the release of Windows 11.

Windows 11 comes with multiple subscription-based education offerings, but it also now includes a new lightweight SE edition that is intended for the K-8 age group. Microsoft also released a Windows 11 Education SE specific laptop, at a very attractive price point. Other manufacturers also offer Windows 11 SE focused devices.

Why Windows 11?

Windows 10 was supposed to be the final desktop OS from Microsoft, wasn’t it?

Maybe. It depends who you ask.

Jerry Nixon, a Microsoft developer evangelist, gained notoriety when he uttered these words while at a Microsoft presentation as part of Microsoft Ignite in 2015: “Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10,” (Hachman). Microsoft never officially made that statement. Interestingly enough, it never denied the comments made by Jerry Nixon either.

Perhaps Microsoft released a new operating system as a financial grab, a way to make significant revenue?

Nope.

Windows 11 is a free upgrade or is included with any new computer purchase.

Market share challenges?

Doubtful.

It’s true that Microsoft's market share of desktop operating systems is dropping while Apple OS X and Google Chrome OS are rising.

In fact, Microsoft has relinquished over 13% of the market share since 2012 and Apple has almost doubled its market share. BUT:

Microsoft is still holding 75.12% of the market while Apple is in the number 2 spot with 14.93% (gs.statcounter.com).

The market share is worth noting for Microsoft but it hardly warrants a new operating system.

New look and feel?

Unlikely

New start button and taskbar orientation, new search window, rounded corners, new visual look on some controls like the volume bar, new startup sound, new Windows logo, – all minor changes. Updates could achieve the same result.

Security?

Likely the main reason.

Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

The features are available on all Windows 11 physical devices, due to the common hardware requirements.

Windows 11 hardware-based security

These hardware options and features were available in Windows 10 but not enforced. With Windows 11, they are no longer optional. Below is a description and explanation of the main features.

Feature What it is How it works
TPM 2.0 (Trusted Platform Module) Chip TPM is a chip on the motherboard of the computer. It is used to store encryption keys, certificates, and passwords. TPM does this securely with tamper-proof prevention. It can also generate encryption keys and it includes its own unique encryption key that cannot be altered (helpdeskgeek.com). You do not need to enter your password once you setup Windows Hello, so the password is no longer easy to capture and steal. It is set up on a device per device basis, meaning if you go to a different device to sign in, your Windows Hello authentication will not follow you and you must set up your Hello pin or facial recognition again on that particular device. TPM (Trusted Platform Module) can store the credentials used by Windows Hello and encrypt them on the module.
Windows Hello Windows Hello is an alternative to using a password for authentication. Users can use a pin, a fingerprint, or facial recognition to authenticate.
Device Encryption Device encryption is only on when your device is off. It scrambles the data on your disk to make it unreadable unless you have the key to unscramble it. If your endpoint is stolen, the contents of the hard drive will remain encrypted and cannot be accessed by anyone unless they can properly authenticate on the device and allow the system to unscramble the encrypted data.
UEFI Secure Boot Capable UEFI is an acronym for Unified Extensible Firmware Interface. It is an interface between the operating system and the computer firmware. Secure Boot, as part of the firmware interface, ensures that only unchangeable and approved software and drivers are loaded at startup and not any malware that may have infiltrated the system (Lumunge). UEFI, with Secure Boot, references a database containing keys and signatures of drivers and runtime code that is approved as well as forbidden. It will not let the system boot up unless the signature of the driver or run-time code that is trying to execute is approved. This UEFI Secure boot recognition process continues until control is handed over to the operating system.
Virtualization Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) VBS is security based on virtualization capabilities. It uses the virtualization features of the Windows operating system, specifically the Hyper-V hypervisor, to create and isolate a small chunk of memory that is isolated from the operating system. HVCI checks the integrity of code for violations. The Code Integrity check happens in the isolated virtual area of memory protected by the hypervisor, hence the acronym HVCI (Hypervisor Protected Code Integrity) (Murtaza). In the secure, isolated region of memory created by VBS with the hypervisor, Windows will run checks on the integrity of the code that runs various processes. The isolation protects the stored item from tampering by malware and similar threats. If they run incident free, they are released to the operating system and can run in the standard memory space. If issues are detected, the code will not be released, nor will it run in the standard memory space of the operating system, and damage or compromise will be prevented.

How do all the hardware-based security features work?

This scenario explains how a standard boot up and login should happen.

You turn on your computer. Secure Boot authorizes the processes and UEFI hands over control to the operating system. Windows Hello works with TPM and uses a pin to authenticate the user and the operating systems gives you access to the Windows environment.

Now imagine the same process with various compromised scenarios.

You turn on your computer. Secure Boot does not recognize the signature presented to it by the second process in the boot sequence. You will be presented with a “Secure Boot Violation” message and an option to reboot. Your computer remains protected.

You boot up and get past the secure boot process and UEFI passes control over to the Windows 11 operating system. Windows Hello asks for your pin, but you cannot remember the pin and incorrectly enter it three times before admitting temporary defeat. Windows Hello did not find a matching pin on the TPM and will not let you proceed. You cannot log in but in the eyes of the operating system, it has prevented an unauthorized login attempt.

You power up your computer, log in without issue, and go about your morning routine of checking email, etc. You are not aware that malware has infiltrated your system and modified a page in system memory to run code and access the operating system kernel. VBS and HVCI check the integrity of that code and detect that it is malicious. The code remains isolated and prevented from running, protecting your system.

TPM, Hello, UEFI with Secure Boot, VBS and HVCI all work together like a well-oiled machine.

“Microsoft's rationale for Windows 11's strict official support requirements – including Secure Boot, a TPM 2.0 module, and virtualization support – has always been centered on security rather than raw performance.” – Andrew Cunningham, arstechnica.com

“Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot. These features in combination have been shown to reduce malware by 60% on tested devices.” – Steven J. Vaughan-Nichols, Computerworld

Can any device upgrade to Windows 11?

In addition to the security-related hardware requirements listed previously, which may exclude some devices from Windows 11 eligibility, Windows 11 also has a minimum requirement for other hardware components.

Windows 7 and Windows 10 were publicized as being backward compatible and almost any hardware would be able to run those operating systems. That changed with Windows 11. Microsoft now insists that modern hardware is required for Windows 11 for not only security but also improved stability.

Software Requirement

You must be running Windows 10 version 2004 or greater to be eligible for a Windows 11 upgrade (“Windows 11 Requirements”).

Complete hardware requirements for Windows 11

  • 1 GHz (or faster) compatible 64-bit processor with two or more cores
  • 4 GB RAM
  • 64 GB or more of storage space
  • Compatible with DirectX 12 or later with WDDM 2.0 driver
    • DirectX connects the hardware in your computer with Windows. It allows software to display graphics using the video card or play audio, as long as that software is DirectX compatible. Windows 11 requires version 12 (“What are DirectX 12 compatible graphics”).
    • WDDM is an acronym for Windows Display Driver Model. WDDM is the architecture for the graphics driver for Windows (“Windows Display Driver Model”).
    • Version 2.0 of WDDM is required for Windows 11.
  • 720p display greater than 9" diagonally with 8 bits per color channel
  • UEFI Secure Boot capable
  • TPM 2.0 chip

    • (“Windows 11 Requirements”)

Windows 11 may challenge your virtual environment

When Windows 11 was initially released, some IT administrators experienced issues when trying to install or upgrade to Windows 11 in the virtual world.

The Challenge

The issues appeared to be centered around the Windows 11 hardware requirements, which must be detected by the Windows 11 pre-install check before the operating system will install.

The TPM 2.0 chip requirement was indeed a challenge and not offered as a configuration option with Citrix Hypervisor, the free VMware Workstation Player or Oracle VM VirtualBox when Windows 11 was released in October 2021, although it is on the roadmap for Oracle and Citrix Hypervisor. VMware provides alternative products to the free Workstation Player that do support a virtual TPM. Oracle and Citrix reported that the feature would be available in the future and Windows 11 would work on their platforms.

Short-Term Solutions

VMware and Microsoft users can add a vTPM hardware type when configuring a virtual Windows 11 machine. Microsoft Azure does offer Windows 11 as an option as a virtual desktop. Citrix Desktop-As-A-Service (DAAS) will connect to Azure, AWS, or Google Cloud and is only limited by the features of the hosting cloud service provider.

Additional Insight

According to Microsoft, any VM running Windows 11 must meet the following requirements (“Virtual Machine Support”):

  • It must be a generation 2 VM, and upgrading a generation 1 VM to Windows 11 (in-place) is not possible
  • 64 GB of storage or greater
  • Secure Boot capable with the virtual TPM enabled
  • 4 GB of memory or greater
  • 2 or more virtual processors
  • The CPU of the physical computer that is hosting the VM must meet the Windows 11 (“Windows Processor Requirements”)

What’s new or updated in Windows 11?

The following two slides highlight some of the new and updated features in Windows 11.

Security

The most important change with Windows 11 is what you cannot see – the security. Windows 11 adds requirements and controls to make the user and device more secure, as described in previous slides.

Taskbar

The most prominent change in relation to the look and feel of Windows 11 is the shifting of the taskbar (and Start button) to the center of the screen. Some users may find this more convenient but if you do not and prefer the taskbar and start button back on the left of your screen, you can change it in taskbar settings.

Updated Apps

Paint, Photos, Notepad, Media Player, Mail, and other standard Windows apps have been updated with a new look and in some cases minor enhancements.

User Interface

The first change users will notice after logging in to Windows 11 is the new user interface – the look and feel. You may not notice the additional colors added to the Windows palette, but you may have thought that the startup sound was different, and the logo also looks different. You would be correct. Other look-and-feel items that changed include the rounded corners on windows, slightly different icons, new wallpapers, and controls for volume and brightness are now a slide bar. File explorer and the settings app also have a new look.

Microsoft Teams

Microsoft Teams is now installed on the taskbar by default. Note that this is for a personal Microsoft account only. Teams for Work or School will have to be installed separately if you are using a work or school account.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

8.0/10
Overall Impact

$142
Average $ Saved

1
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

P.J. Ryan

Related Content: End-User Computing Devices

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy