Observations
Microsoft informed the market of the approaching W10 end-of-support date being October 14, 2025 at the end of 2024 to prompt organisations to discuss their strategic plan to achieve a W11 Enterprise migration. Considering the less attractive option of retaining W10 may be a consideration, but the security risk should be managed on a case-by-case basis.
W10 to W11 Enterprise Migration:
Insights and Considerations
Microsoft offers extensive research and learning to enable organisations to plan for and potentially benefit from migrating to W11 Enterprise.1 However, organisations should consider their own priorities to ensure that the features presented by Microsoft add value to their objectives and minimise the impact on organisational productivity.
Organisations migrating to W11 Enterprise have reported several key benefits according to research and industry observations, but many CIOs may see the upgrade as necessary rather than beneficial. The main benefits include:
- Enhanced security features, particularly the zero trust architecture and hardware-based isolation.
- Improved performance and efficiency for modern hardware.
- Better hybrid work support with improved Teams integration.
- Simplified and streamlined user interface.
- Enhanced productivity through features like Snap Layouts and virtual desktops.
CIOs should focus on additional security features. Compared to W10, W11 significantly enhances the Never Trust, Always Verify zero trust principle by introducing more robust and streamlined security mechanisms. While W10 supports multi-factor authentication, W11 advances this with passwordless authentication through Windows Hello, leveraging biometric data for cryptographic identification, which minimises reliance on traditional passwords. Additionally, W11 integrates Microsoft Azure Attestation for Cloud-based validation, a feature that builds on W10’s device authentication by mandating TPM 2.0 to generate cryptographic tokens, ensuring a higher level of trust and security for device and user access. These improvements provide a stronger, more seamless defence against modern threats compared to W10.
Transition Experience and Key Learnings
IBRS has observed several clients who are planning or commencing their W11 migration programs. Here are some of the factors they have considered helpful, along with guidance from Microsoft support and learning resources.
- Planning is crucial. Companies that performed thorough application compatibility testing before migration reported smoother transitions.
- Hardware limitations have been the biggest challenge, with many needing to refresh devices.
- Phased rollouts were more successful than enterprise-wide migrations. These can be departmental or persona based to ensure key learning can be shared amongst peers to maintain productivity.
- Upfront user training helped mitigate the impact of change resistance while maximising the benefits of new and enhanced functionality associated with user interface (UI) changes.
- Security benefits were immediately noticeable, particularly with TPM 2.0 integration. Utilisation of Microsoft Intune or Configuration Manager can help detect device incompatibility.
Key Enterprise Features in Windows 11
As you progress with your plan, prioritise the features that provide the most significant benefit to your organisation. IT staff should conduct appropriate research and enable the training of IT support roles to be completed before the rollout, ensuring optimisation and support of all features following operational deployment.
- Windows 365 Enterprise Cloud PC Integration: Seamless connection to virtual Cloud PCs.
- Microsoft Endpoint Manager Integration: Improved device management capabilities.
- Universal Print: Cloud printing without print servers.
- Windows Autopilot: Zero-touch device provisioning.
- Microsoft Defender for Endpoint: Advanced threat protection.
- Application Assurance: Compatibility testing for business apps.
- Windows Hello for Business: Passwordless authentication.
- BitLocker Encryption: Enhanced data protection.
- Virtualisation-Based Security: Hardware-isolated security features.
- App Control: Granular control over applications.
- Focus Sessions: Productivity tools for time management.
- Snap Layouts and Groups: Enhanced multitasking.
- Virtual Desktops: Improved organisation for different workflows.
- DirectStorage: Faster storage performance.
- Auto HDR: Enhanced display capabilities.
Microsoft Analytics provides valuable tools and processes to help assess organisational readiness prior to deploying W113.
Minimum Specifications
These minimum hardware configurations should be noted in the W11 migration plan to help the team identify devices for upgrade or replacement, minimising compatibility issues. Some new features of W11 may require even higher configuration to perform effectively.
For Physical Machines
- 1 GHz or faster 64-bit processor with 2+ cores
- 4 GB RAM
- 64 GB storage
- TPM version 2.0
- UEFI firmware with Secure Boot capability
- DirectX 12 compatible graphics
- Display greater than 9″ with HD (720p) resolution
- Internet connection
For Virtual Machines
- 2 virtual processors
- 4 GB RAM minimum (8 GB recommended)
- 64 GB virtual storage
- Virtual TPM (vTPM) enabled
- Secure Boot capable virtual UEFI firmware
- WDDM 2.0 compatible virtual GPU
Disadvantages of Migration
To ensure an informed plan is presented to the organisation, IBRS recommends conducting a strengths, weaknesses, opportunities, and threats (SWOT) analysis or readiness assessment to identify any challenges or disadvantages. These are some that IBRS clients have noticed during their planning:
- Hardware compatibility issues with older devices.
- Learning curve for users accustomed to W10. A key element for change managers to address is additional services desk resources to minimise the impact on the service desk support function as users upskill to W11.
- Some features found in W10 are not available in W11. This may challenge the organisation to reengineer processes to address any deficiencies that have been created.
- Initial application compatibility challenges with legacy software. This may require a separate plan and budget for bespoke applications, which remain incompatible with W11.
- Higher system requirements may require hardware upgrades.
- Some organisations report initial productivity dips during transition.
Licensing Differences
Under an Enterprise Agreement (EA) IBRS has observed the following factors remain applicable for EA:
- Volume licensing with minimum commitments
- Typically 3-year agreements
- Includes Software Assurance benefits
- W11 Enterprise is included in Microsoft 365 E3/E5 plans
- Per-user or per-device licensing available
Service Provider License Agreements for managed service or Cloud providers would need to consider these licensing requirements, which provides the flexibility to scale for Cloud services.
- Monthly subscription model for service providers
- Usage-based reporting
- No upfront commitments
- Allows hosting W11 for third parties
- Requires reporting monthly consumption
W11 License Tracking
W11 Enterprise licenses are tracked through a variety of both Cloud Native and third party management tools. These should be agreed and deployed as needed during the planning and testing phases. All services being decommissioned should be progressively noted and removed from the environment to minimise licensing commitments.
Microsoft 365 Admin Center: For Cloud-Based Deployments
The following are considered Cloud Native products designed to support Cloud deployments across the Azure Cloud Service model:
- Microsoft Endpoint Configuration Manager: For on-premises deployments.
- Azure Active Directory: For user-based licensing.
- Windows Server Update Services (WSUS): For update management.
- Microsoft Endpoint Manager: For comprehensive license reporting.
- Software Asset Management Tools: For larger organisations which have highly complex applications and Cloud orchestration options.
Next Steps
- Convene a team of stakeholders to discuss the need for a W11 migration strategy.
- Conduct a SWOT analysis and readiness assessment to identify high-risk elements.
- Define the high-level and detailed migration plans, including actions and owners, that align with your organisation’s objectives.
- Seek funding approval and executive commitment to the agreed plans.
Footnotes
- ‘Insights You Can Use: Microsoft’s Internal Upgrade to Windows 11’, Microsoft, 2025.
- ‘TPM 2.0 – a necessity for a secure and future-proof Windows 11’, Windows IT Pro Blog, 2024.
- ‘Enable TPM 2.0 on your PC’, Microsoft Support, 2025.