Planning for Windows 11: best practices for organizations
Last week, we announced Windows 11 to the world. Today, I want to share practical tips that will set you up for success as you plan for Windows 11 in your organization.
Windows 11 includes great new capabilities for end users and commercial organizations; capabilities developed in direct response to your feedback and perfectly suited to support hybrid work. There’s new value for IT, too, from the chip to the cloud. Windows 11 uses modern hardware to deliver the most secure Windows ever, with TPM and virtualization-based security support for everyone. We’ve also added over 1,000 new management controls to make it easier to move away from older management systems like Group Policy.
We know that every organization will need time to transition to Windows 11. You choose the pace at which you want to upgrade. Our goal is to support you so the effort is seamless and strategic. The deep investments you’ve made in Windows 10 will carry forward. Windows 11 is built on the Windows 10 code base so it’s natively compatible with the software and solutions you use today. In addition, Windows 11 and Windows 10 are designed to coexist, backed by a common set of security and management capabilities delivered by the Microsoft cloud.
Here are four key things you can do today to pave the way for a smooth integration of Windows 11 into your device estate:
- Get started today. Join the Windows Insider Program for Business and start reviewing your devices, applications, and deployment processes.
- Assess readiness. Validate your hardware and software. Engage App Assure to help solve application compatibility issues.
- Create a Windows 11 deployment plan. Engage with Microsoft and our partners for guidance and support as needed.
- Take advantage of cloud-based endpoint management capabilities offered in Microsoft Endpoint Manager.
Guidance to support you is now available in our Windows 11 documentation on Docs, but I'd like to highlight some specific best practices below.
Get started today
The easiest way to test the new features in Windows 11, and validate the devices and applications in your environment, is to join the Windows Insider Program for Business. Run Insider Preview Builds on individual devices, virtual machines, or across your organization. Submit and track feedback on any issues you happen to encounter in your environment.
Flighting readies you and early adopters for new features and capabilities. It also provides you with insights that can help you have a more successful broad rollout later on. The first flights of Windows 11 are now available in the Windows Insider Program Dev Channel so you can literally get started today.
Assess readiness
Application compatibility
As mentioned above, applications that work on Windows 10 work on Windows 11. It is still a good idea, however, to validate the applications in your environment, particularly any non-Microsoft security or endpoint management solutions, to ensure that they function as expected on Windows 11.
Windows 11 preserves the application compatibility promise we made with Windows 10. Should you encounter a compatibility issue with a Microsoft application, independent software vendor (ISV) application, or custom in-house line of business (LOB) application, App Assure can help. In addition to supporting Windows 11 and Windows 10, the service can also provide compatibility guidance related to the deployment of Azure Virtual Desktop and Microsoft Edge. Since 2018, App Assure has evaluated almost 800,000 apps. It is available at no additional cost for eligible Microsoft 365 and Windows 10 plans of 150+ licenses.
For software publishers, systems integrators, and IT administrators, Test Base for Microsoft 365 (currently in private preview) is a service that allows you to validate your apps across a variety of Windows feature and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can nominate their software publishers for participation by completing a short form—or software publishers can request enrollment directly.
Hardware readiness and compatibility
Start by reviewing the system requirements for Windows 11. Organizations looking to evaluate device readiness across their environments can expect this capability to be integrated into existing Microsoft solutions, such as Endpoint Analytics and Update Compliance, when Windows 11 reaches general availability later this year.
In general, most accessories and associated drivers that work with Windows 10 are expected to work with Windows 11. Check with your accessory manufacturer for specific details.
Create a plan
You will be able to upgrade eligible devices to Windows 11 at no cost when the upgrade reaches general availability later this year. While you evaluate which of your current devices meet the Windows 11 hardware requirements, you can start planning for other areas of our rollout. Specifically:
- Define early adopters representing a cross-section of users, devices, LOB application users, business units, and other relevant criteria. Prepare early adopters for the new experience. Send out communications that include links to relevant web pages and videos so they know what to expect. Summarize tips to help them take advantage of new features. Offer information on any specific scenarios you'd like them to validate and clearly outline the mechanisms they can use to provide feedback.
- Evaluate your infrastructure and tools. Before you deploy Windows 11, assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Do the tools themselves need to be updated? Do you have the right settings and policies defined to support devices once Windows 11 is installed? See Prepare for Windows 11 for helpful guidance to accomplish these tasks.
- Fine-tune your servicing strategy. You'll be running Windows 10 alongside Windows 11. By design, you can approach the Windows 11 upgrade using the same tools and processes you use to manage Windows 10 feature updates today. That said, it's a good time to review those tools and processes and actively optimize or simplify. By seeing the deployment of updates as an ongoing process—instead of a singular project—you can more quickly roll out new features and quality, security, and productivity enhancements. This will also set you up for long-term success by ensuring your Windows 10 and Windows 11 devices stay current and supported. For specific details around Windows 11 servicing and lifecycle, see our Windows lifecycle and servicing update overview.
- Prep your helpdesk. Update scripts and manuals with screenshots to reflect the new user interface, the upgrade experience, the initial experience for new devices.
- Set user expectations with regard to Windows 11 adoption across your organization. Let them know when your rollout phases will occur and offer training and readiness materials well in advance to prepare and excite them for the changes to come.
Embrace cloud-based management
Utilizing cloud-based solutions—and Microsoft Endpoint Manager in particular—will simplify the rollout of Windows 11 and make it easier to keep devices up to date moving forward.
- Windows Autopilot will enable you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies, or to change the edition of Windows (for example, from Pro to Enterprise).
- Microsoft Intune offers full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps.
- Cloud configuration offers a standard, easy-to-manage, device configuration that is cloud-optimized for users with curated apps, cloud-based user storage, Windows Autopilot, and Fresh Start to make worry-free management at scale a reality. Consider Cloud Configuration for appropriate devices with limited legacy needs.
- Endpoint analytics can help identify policies or hardware issues that may be slowing down your Windows 10 devices today and help you proactively make improvements before end users generate a help desk ticket, and before your roll out Windows 11.
To manage how and when your devices will receive the Windows 11 upgrade and future feature updates, take advantage of Windows Update for Business. These policies can be utilized for pre-release versions of Windows as well, such as Windows 11 Insider Preview Builds. See Plan for Windows 11 for more details.
Finally, to reduce bandwidth consumption when downloading and distributing Windows 11, and Windows feature updates in general, try Delivery Optimization. Delivery Optimization is a cloud-managed, self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers.
If a cloud-only approach isn't right for your organization just yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows:
- Create a cloud management gateway (CMG) to manage Configuration Manager clients over the internet.
- Attach your existing Configuration Management estate to the cloud with tenant attach so you can manage all devices from within the Microsoft Endpoint Manager admin center.
- Use co-management to concurrently manage devices using both Configuration Manager and Microsoft Intune. This allows you to take advantage of cloud-powered capabilities like Conditional Access.
For more information on the benefits of these approaches, see Cloud Attach Your Future: The Big 3.
Explore Windows 11
As I mentioned at the start of this post, Windows 11 includes new capabilities designed to support hybrid work and the needs of today's commercial organizations. The new snap experience makes it easy for users to arrange their desktops and group windows together – a long-requested set of information worker features. Smart un-docking and re-docking mean that users can plug in without having to reset their desktop. And the native integration with Teams will bring a prominent part of all our work and personal lives directly into Windows.
Here are some additional resources to help you learn more about the improvements Windows 11 will offer with regard to security, manageability, and the user experience:
We're in this together
You’ve built your business on Windows. Now you can build your future with Windows 11. The keys to a successful transition remain the same as with any OS upgrade or feature update: make data-driven decisions, leverage tools and capabilities to simplify tasks or entire phases of the process, and ensure that end users are safe, secure, and productive.
Understanding and following the guidelines I've outlined above will put you in a strong, strategic position to adopt and deploy Windows 11 regardless of your organization's size, industry, or location. Need more guidance or resources? Leave a comment below and let us know what you need to plan and prepare more effectively.
Last week, we announced Windows 11 to the world. Today, I want to share practical tips that will set you up for success as you plan for Windows 11 in your organization.
Windows 11 includes great new capabilities for end users and commercial organizations; capabilities developed in direct response to your feedback and perfectly suited to support hybrid work. There’s new value for IT, too, from the chip to the cloud. Windows 11 uses modern hardware to deliver the most secure Windows ever, with TPM and virtualization-based security support for everyone. We’ve also added over 1,000 new management controls to make it easier to move away from older management systems like Group Policy.
We know that every organization will need time to transition to Windows 11. You choose the pace at which you want to upgrade. Our goal is to support you so the effort is seamless and strategic. The deep investments you’ve made in Windows 10 will carry forward. Windows 11 is built on the Windows 10 code base so it’s natively compatible with the software and solutions you use today. In addition, Windows 11 and Windows 10 are designed to coexist, backed by a common set of security and management capabilities delivered by the Microsoft cloud.
Here are four key things you can do today to pave the way for a smooth integration of Windows 11 into your device estate:
- Get started today. Join the Windows Insider Program for Business and start reviewing your devices, applications, and deployment processes.
- Assess readiness. Validate your hardware and software. Engage App Assure to help solve application compatibility issues.
- Create a Windows 11 deployment plan. Engage with Microsoft and our partners for guidance and support as needed.
- Take advantage of cloud-based endpoint management capabilities offered in Microsoft Endpoint Manager.
Guidance to support you is now available in our Windows 11 documentation on Docs, but I'd like to highlight some specific best practices below.
Get started today
The easiest way to test the new features in Windows 11, and validate the devices and applications in your environment, is to join the Windows Insider Program for Business. Run Insider Preview Builds on individual devices, virtual machines, or across your organization. Submit and track feedback on any issues you happen to encounter in your environment.
Flighting readies you and early adopters for new features and capabilities. It also provides you with insights that can help you have a more successful broad rollout later on. The first flights of Windows 11 are now available in the Windows Insider Program Dev Channel so you can literally get started today.
Assess readiness
Application compatibility
As mentioned above, applications that work on Windows 10 work on Windows 11. It is still a good idea, however, to validate the applications in your environment, particularly any non-Microsoft security or endpoint management solutions, to ensure that they function as expected on Windows 11.
Windows 11 preserves the application compatibility promise we made with Windows 10. Should you encounter a compatibility issue with a Microsoft application, independent software vendor (ISV) application, or custom in-house line of business (LOB) application, App Assure can help. In addition to supporting Windows 11 and Windows 10, the service can also provide compatibility guidance related to the deployment of Azure Virtual Desktop and Microsoft Edge. Since 2018, App Assure has evaluated almost 800,000 apps. It is available at no additional cost for eligible Microsoft 365 and Windows 10 plans of 150+ licenses.
For software publishers, systems integrators, and IT administrators, Test Base for Microsoft 365 (currently in private preview) is a service that allows you to validate your apps across a variety of Windows feature and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can nominate their software publishers for participation by completing a short form—or software publishers can request enrollment directly.
Hardware readiness and compatibility
Start by reviewing the system requirements for Windows 11. Organizations looking to evaluate device readiness across their environments can expect this capability to be integrated into existing Microsoft solutions, such as Endpoint Analytics and Update Compliance, when Windows 11 reaches general availability later this year.
In general, most accessories and associated drivers that work with Windows 10 are expected to work with Windows 11. Check with your accessory manufacturer for specific details.
Create a plan
You will be able to upgrade eligible devices to Windows 11 at no cost when the upgrade reaches general availability later this year. While you evaluate which of your current devices meet the Windows 11 hardware requirements, you can start planning for other areas of our rollout. Specifically:
- Define early adopters representing a cross-section of users, devices, LOB application users, business units, and other relevant criteria. Prepare early adopters for the new experience. Send out communications that include links to relevant web pages and videos so they know what to expect. Summarize tips to help them take advantage of new features. Offer information on any specific scenarios you'd like them to validate and clearly outline the mechanisms they can use to provide feedback.
- Evaluate your infrastructure and tools. Before you deploy Windows 11, assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Do the tools themselves need to be updated? Do you have the right settings and policies defined to support devices once Windows 11 is installed? See Prepare for Windows 11 for helpful guidance to accomplish these tasks.
- Fine-tune your servicing strategy. You'll be running Windows 10 alongside Windows 11. By design, you can approach the Windows 11 upgrade using the same tools and processes you use to manage Windows 10 feature updates today. That said, it's a good time to review those tools and processes and actively optimize or simplify. By seeing the deployment of updates as an ongoing process—instead of a singular project—you can more quickly roll out new features and quality, security, and productivity enhancements. This will also set you up for long-term success by ensuring your Windows 10 and Windows 11 devices stay current and supported. For specific details around Windows 11 servicing and lifecycle, see our Windows lifecycle and servicing update overview.
- Prep your helpdesk. Update scripts and manuals with screenshots to reflect the new user interface, the upgrade experience, the initial experience for new devices.
- Set user expectations with regard to Windows 11 adoption across your organization. Let them know when your rollout phases will occur and offer training and readiness materials well in advance to prepare and excite them for the changes to come.
Embrace cloud-based management
Utilizing cloud-based solutions—and Microsoft Endpoint Manager in particular—will simplify the rollout of Windows 11 and make it easier to keep devices up to date moving forward.
- Windows Autopilot will enable you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies, or to change the edition of Windows (for example, from Pro to Enterprise).
- Microsoft Intune offers full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps.
- Cloud configuration offers a standard, easy-to-manage, device configuration that is cloud-optimized for users with curated apps, cloud-based user storage, Windows Autopilot, and Fresh Start to make worry-free management at scale a reality. Consider Cloud Configuration for appropriate devices with limited legacy needs.
- Endpoint analytics can help identify policies or hardware issues that may be slowing down your Windows 10 devices today and help you proactively make improvements before end users generate a help desk ticket, and before your roll out Windows 11.
To manage how and when your devices will receive the Windows 11 upgrade and future feature updates, take advantage of Windows Update for Business. These policies can be utilized for pre-release versions of Windows as well, such as Windows 11 Insider Preview Builds. See Plan for Windows 11 for more details.
Finally, to reduce bandwidth consumption when downloading and distributing Windows 11, and Windows feature updates in general, try Delivery Optimization. Delivery Optimization is a cloud-managed, self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers.
If a cloud-only approach isn't right for your organization just yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows:
- Create a cloud management gateway (CMG) to manage Configuration Manager clients over the internet.
- Attach your existing Configuration Management estate to the cloud with tenant attach so you can manage all devices from within the Microsoft Endpoint Manager admin center.
- Use co-management to concurrently manage devices using both Configuration Manager and Microsoft Intune. This allows you to take advantage of cloud-powered capabilities like Conditional Access.
For more information on the benefits of these approaches, see Cloud Attach Your Future: The Big 3.
Explore Windows 11
As I mentioned at the start of this post, Windows 11 includes new capabilities designed to support hybrid work and the needs of today's commercial organizations. The new snap experience makes it easy for users to arrange their desktops and group windows together – a long-requested set of information worker features. Smart un-docking and re-docking mean that users can plug in without having to reset their desktop. And the native integration with Teams will bring a prominent part of all our work and personal lives directly into Windows.
Here are some additional resources to help you learn more about the improvements Windows 11 will offer with regard to security, manageability, and the user experience:
We're in this together
You’ve built your business on Windows. Now you can build your future with Windows 11. The keys to a successful transition remain the same as with any OS upgrade or feature update: make data-driven decisions, leverage tools and capabilities to simplify tasks or entire phases of the process, and ensure that end users are safe, secure, and productive.
Understanding and following the guidelines I've outlined above will put you in a strong, strategic position to adopt and deploy Windows 11 regardless of your organization's size, industry, or location. Need more guidance or resources? Leave a comment below and let us know what you need to plan and prepare more effectively.
Congratulations!
Helpful article - but I wonder if at this stage, organizations will get involved in this project!
It won't be a simple task – convince company boards to test insider!
Surely only the most innovative companies will get involved!
- Microsoft Intune offers full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps.
Do we mean CA and not app protection policies?