Recently, you may have noticed prompts to upgrade your Windows 10 machine to Windows 11. More eligible devices could be offered an upgrade soon. Does it make sense for your organization to upgrade to Windows 11 now? I know new things are appealing, but the short answer is no – it’s probably not time to upgrade to Windows 11 yet. In this blog, I’ll share more about the Windows 11 Operating System (OS), what makes it unique, and what to consider before rolling it out to your business.
What’s new in Windows 11?
Windows 11 officially launched on October 5, 2021. Microsoft is releasing the upgrade in a “staged rollout,” anticipating offering it to all eligible devices by the end of 2022. This rollout will begin with new devices, adding more gradually depending on the current OS and age of the device.
Improved User Experience
Microsoft recognizes that people are using more and bigger monitors, so they have designed new features that “snap to frame” better. This improved “snap ability” was designed with multitasking in mind and aims to offer a better user experience, allowing you to make the most of your machine. The task bar has also been redesigned and moved to the middle, which is better for external monitors. The user interface, or UI, was designed to be more responsive and agile than previous versions.
Increased Security
Windows 11 is supposedly the most secure version of Windows yet. But what does that really mean?
A Trusted Platform Module (TPM) 2.0 chipset – security by design in a chip built into the hardware – is built into the processor. This TPM chip locks the software down internally, which can prevent successful attacks by hackers. There are a lot of exploits available for the Windows software that the TPM 2.0 chipset helps secure. For example, TPM must be enabled to encrypt the hard drive using standard BitLocker encryption.
Windows 11 also utilizes Secure Boot, a technology that most new devices are capable of running. By design, Secure Boot disables a whole class of Malware by booting your device securely and stopping malicious code and Malware from loading when it starts up.
Another added security feature is the ability to do virtualization-based installation of software. This “containerizes” applications, which can keep things more secure. With virtualization-based installation there is potential for additional overhead costs since it takes more resources to run, but the added layer of protection is a huge benefit.
Microsoft has stated that technically you can get around the validation requirements of TPM 2.0 and Secure Boot to install Windows 11. However, they have also explicitly stated “your PC will no longer be supported and won’t be entitled to receive updates.” (Courtesy of Microsoft) Microsoft will not support you if you “hack” the installation. ADNET doesn’t recommend or support this approach either. It’s not a matter of whether you can run Windows 11 on older hardware, it’s a matter of getting it to run securely. Circumventing the proper technical requirements is not worth making your organization vulnerable to a potential breach.
Should I upgrade to Windows 11 now?
The short answer is “no.” Unless your organization is an early adopter, you shouldn’t upgrade to Windows 11 until you have a strategy in place. What’s the cost to your business if you start the process and decide to roll back to Windows 10 because it doesn’t work?
A major reason for delaying is application support. As with any new OS (operating system) there will be kinks to work out. If you start having issues after the upgrade, your organization is not only supporting 1 OS, but you could also be supporting 2. As the release progresses, it’s also likely there will be additional user interface changes.
Some favorite shortcuts, programs and features may not be available for Windows 11. Tools, software, applications and plug-ins you rely on may not work seamlessly with Windows 11 yet. Not every manufacturer has updated their software, which may cause issues for you. Organizations run software to run their business. Anything that could cause production related issues shouldn’t be run until it has been tested in your environment.
Another consideration is the required security chip set. Any supported processer: Intel, AMD, etc., needs to support Trusted Platform Module (TPM) 2.0. Certain machines may not have the proper settings or capabilities to support TPM 2.0. Computers must be validated to ensure they can run this, or they could be vulnerable. Installing Windows 11 without the proper prerequisites leaves you wide open to exploits. Upgrading while lacking this critical piece will create risk and make you less secure in the long run.
Creating an Upgrade Strategy
Windows 10 will still be supported for several years, so there’s no need to upgrade immediately. Eventually, Windows 11 will replace Windows 10 completely, but for now both versions are considered current. As with any new operating system, you should only implement Windows 11 as part of a strategic plan. You should have a comprehensive rollout strategy, including plans to train your staff and support users. “Start using it and let us know if you have any questions” is not a viable strategy.
Don’t just evaluate the technical aspects – think about what else is going on at your organization. Are you working on important projects or production? What would be the impact to your business if an upgrade were to fail? These questions need to be answered before implementation to help you make an informed decision.
If you plan to upgrade to Windows 11…
- Ensure users can’t deploy the update on their own.
- Review business-critical systems and applications and determine when they will support Windows 11. Use that timeline as a framework to guide your implementation.
- Develop a roadmap and gain buy-in at all necessary levels.
- Safely test the OS in your environment.
- Communicate next steps to your team.
- Proceed with a planned rollout and training plan.
Initially, I recommend choosing one user or a subset of users to test the OS before rolling it out at an organizational level. This will give you the chance to see any major issues and determine whether upgrading on a larger scale is feasible. This can act as your proof of concept, letting you decide if Windows 11 will work for you as intended. Do you have support for the update at all levels necessary at your organization? Is everyone prepared for the potential impact of update or downtime? Answering these questions before rolling it out to everyone can save valuable time and resources.
If you haven’t done this already, ensure users can’t deploy the update on their own by disabling the upgrade functionality on work devices. Otherwise, thanks to Windows being so “user friendly,” popup upgrade prompts may appear on screen to your employees before you’re ready to make the move. Users clicking these and installing Windows 11 without knowing the consequences is a huge risk to your business. That’s why it’s so important to make sure you’re adopting Windows 11 at an organizational level, rather than on a user-by-user basis. Making proactive changes to the settings and communicating the implementation plan to your team helps ensure that.
What’s the timing like to implement?
The timeframe for getting your business to Windows 11 will be different for each organization. Depending on the size of your company and your IT environment, expect anywhere from weeks to months to fully implement the new OS.
Making Windows 11 Work for Your Business
At first glance, Windows 11 looks to be a solid operating system. From what I’ve seen after installing it on a personal device, there are a lot of pros and I’m looking forward to seeing how it develops over time. But as usual, it’s not a perfect fit for everyone right out of the box.
Wizard-based installations make a lot of assumptions. The basic settings it defaults to aren’t typically the most secure, or the best fit for your users. Review the default installation settings for Windows 11 and ensure they’re configured in a way that makes sense for your business. If they’re not in line with your risk tolerance, now is the time to change that. Customizing these settings can improve performance and security, helping protect your business. Work with a Microsoft partner (like ADNET) to ensure that your new OS is implemented properly, secure, and aligned with your business goals.
How ADNET can Help
ADNET can help you decide if Windows 11 is beneficial for your organization and when it makes sense to deploy. Reach out to us – as a Microsoft Gold Partner, we can help you transition to Windows 11 when the time is right.