We live in an increasingly cloud-connected world. Once a novel concept, hybrid work is now the norm and today's commercial organizations look to you, the IT professional, to support business continuity and to keep users (and their devices) protected and productive. Your coworkers look to you as well—to help them connect, create, and collaborate easily, quickly, and without interruption.
Now that Windows 11 is available, I want to take this opportunity to share why Windows 11 is ready to support commercial organizations today. If you're attending Microsoft Ignite this week, or planning to catch up later, check out Windows 11: The 11 things every organization should know, where my engineering colleagues and I take you on a fast-paced walk through many of the topics discussed in this post. Now let's get started.
If you're ready to deploy Windows 11, on a laptop, in the cloud via a Windows 365 Cloud PC, or at the edge through Azure Virtual Desktop, we're ready to support you.
The familiar management experiences you have in place today—like Microsoft Endpoint Manager, cloud configuration, Windows Update for Business, and Windows Autopilot—are there to help you integrate Windows 11 seamlessly into your estate. And, with changes like an annual servicing cadence and a reduction in cumulative update size, end users perceive less interruption to their daily work.
Seventy-five percent of software decision-makers feel that the move to hybrid work leaves their organization more vulnerable to security threats. Windows 11 rises to the challenge, offering security and productivity in one—with multiple components working together in the background to help keep users safe without sacrificing quality, performance, or experience.
Windows 11 continues Microsoft’s strong commitment to app compatibility. Our goal is to ensure that apps and devices will simply work during an upgrade to Windows 11, with no changes required.
Finally, for your end users, Windows 11 enables them to focus on what matters with an improved yet familiar Windows user experience so they can instantly get to work.
Windows 11 is a Zero Trust-ready operating system designed to protect your devices, data, applications, and identities from anywhere. The new hardware system requirements that come with Windows 11 are designed to build a foundation that is even stronger and more resistant to attacks on certified devices. We know this approach works—secured-core PCs are twice as resistant to malware infection— and that's why, in Windows 11, hardware and software work together for protection from the CPU all the way to the cloud. To explore this multi-layered security approach in detail, and our commitment to security by design, hardware-based isolation, virtualized-based security, code integrity, a passwordless future, and a secure supply chain, download the Windows 11 Security Book.
As a commercial organization managing a few or many devices, you decide when and how to roll out Windows 11 across your ecosystem. Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless you explicitly configure a Target Version using the TargetReleaseVersion setting using a Windows CSP, a feature update profile in Intune, or the Select target feature update version setting in Group Policy. Still managing devices on-premises? See Prepare for Windows 11 for details on using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager to manage your upgrade, but also consider checking out our session, Cloud attach today, cloud manage tomorrow to discover the added value and capabilities of cloud attaching both the endpoint and server side.
Not only do the new scheduling and protections features available in Windows Update for Business make it easier than ever before to keep Windows devices up to date, but they also make it safer and easier to upgrade to Windows 11. The Windows Update for Business deployment service can automatically optimize scheduling and rollout across your organization. When an update is scheduled with the deployment service to deploy over time, all devices configured to send diagnostic data are analyzed, and devices are automatically ordered within the deployment to have the effect of built-in piloting. When you upgrade to Windows 11, the deployment service also extends existing safeguard hold technology to further protect devices. Microsoft uses machine learning algorithms to monitor the Windows ecosystem during the rollout of Windows 11, and when potential issues are identified, the deployment service protects any devices that may be affected by applying early safeguard holds while the issue is investigated and confirmed. Find out what you need to know about getting to Windows 11 with Windows Update for Business, then read all about the new additions to the deployment service.
In addition to annual feature updates, we'll continue to provide monthly quality updates for Windows 11 on the second Tuesday of each month, commonly referred to as Patch Tuesday, and enable you to preview and validate the next month's updates with optional preview, non-security updates, referred to as "C" releases, typically released in the third or fourth week of the month. Release notes—easily accessible from the Windows 11 update history—continue to document the improvements and fixes found in each monthly update, while the Windows release health hub offers information on rollout status, the Windows 11 release history, and insight into current and resolved known issues for Windows 11 and all supported versions of the Windows operating system. Based on your feedback, the Windows release health experience is now available in 10 languages, and we'll continue to enhance the experience moving forward to provide you timely, relevant, actionable information to help you better deploy and service Windows devices.
Windows 365 introduces a new way for businesses of all sizes to experience Windows 11, securely streaming the full Windows experience—apps, data, and settings—from the Microsoft cloud to any personal or corporate device. With Windows 365, Windows evolves from a device-based OS to a hybrid personal computing platform that’s flexible for people and scalable for business. It draws on the power of the cloud and the capabilities of the device to provide a powerful, simple, and secure full Windows 11 experience that can empower your workforce to do the work they need to do, regardless of location or device. Ready to experience Windows 11 in the cloud with Windows 365? Learn how to get started with Windows 365 Enterprise (and, as announced today, Windows 365 Business) then check out all the Windows 365 sessions and announcements at Microsoft Ignite.
To paraphrase a quote from my friend Namrata Bachwani, "If you presently support a Windows 10 environment, you already know how to manage Windows 11." Windows 11 and Windows 10 are designed to coexist, backed by a common set of security and management capabilities delivered by the cloud. The investments you have made in processes, tools, and programs to support Windows 10 carry forward—and Windows 11 is natively compatible with the solutions you use to manage your Windows 10 devices today. If you aren’t already taking advantage of cloud-based management capabilities, like those available in Microsoft Endpoint Manager, it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios—and enable you manage both physical PCs and Cloud PCs in one space. It can also enable you to track progress against compliance and business objectives, while protecting user privacy. Microsoft Ignite is a great time to learn more about the latest endpoint management capabilities and this guide has all the details.
Speaking of familiar tools, when it comes to assessing the devices in your environment for the Windows 11 upgrade—and monitoring the status of your upgrade efforts—there are some familiar options—as well as some new ones. For all Intune-managed and co-managed devices in Endpoint analytics, as well as devices enrolled via tenant attach with Configuration Manager, version 2107 or newer, the Work from anywhere report in Endpoint analytics allows you to easily determine Windows 11 hardware readiness across your organization. If you haven't yet onboarded to Endpoint analytics, you can leverage the Windows 11 Readiness Status report in Update Compliance. This new report provides a breakdown of capable and not capable devices enrolled in the service and lists the reason(s) for not capable assignments. And, finally, if you’re not yet using Endpoint analytics, or you’re using an older version of Configuration Manager, we've published a Hardware Readiness PowerShell script as an interim solution that can help you determine if your devices meet the Windows 11 minimum system requirements. While all three options can help you assess device readiness, Endpoint analytics offers additional Windows insights on startup performance and application reliability, and the ability to proactively monitor Cloud PCs.
With Windows 11, we upgraded the user experience with printers in several ways. First, we updated the look and flow of the general print experience to go along with the updated user experience in Windows 11. Second, we've added the ability to add a PIN to a print job. In addition to increased security and privacy, this functionality can reduce paper and toner waste. Third, for those looking to customize the print experience, the new support for Print Support App (PSA) eliminates the need for users to install additional software or custom drivers to connect and print to Mopria-certified printers. The Universal Print driver on Windows 11 can be extended by printer manufacturers and/or Managed Print Software (MPS) solutions with additional custom features and workflows by publishing a PSA to Microsoft Store. For a look at what’s new and what is coming shortly to Universal Print, see There is "more" to Universal Print and the two new Universal Print sessions in the Video Hub.
The cumulative update size in Windows 11 is approximately 40% smaller than the same set of quality and security updates would have been for Windows 10. How? Through more efficient packaging and removal of reverse differentials, we've enabled the client to request only those files that have changed, thus making Windows 11 cumulative updates easier and faster to install. In addition, all Windows 11 devices include Unified Update Platform (UUP) technology. This gives us more flexibility to make changes "under the hood" while reducing the likelihood of breaking changes and impact to overall ecosystem. For more details, see Windows 11 cumulative improvements: an overview and/or watch the companion session we recorded for Microsoft Ignite.
We want you to have confidence that your apps will work on the latest version of our products, and we’re extending our application compatibility promise to Windows 11. You can expect that applications that worked on Windows 10 will work on Windows 11 whether it's a line of business app or a common enterprise solution such as antivirus, VPN, or virtualization. For additional reassurance, Test Base for Microsoft 365—which, I'm pleased to say, is now generally available—helps you test your applications for compatibility with Windows 11, monthly quality updates, and future feature updates without the hassle, time commitment, and expenditure of setting up and maintaining complex test environments. And, if you do encounter a compatibility issue, App Assure is there to help troubleshoot, identify the root cause, provide remediation guidance, and either work with Microsoft product engineering teams or independent software vendors on your behalf. App Assure supports Windows 10 and Windows 11, including ARM64 devices, Microsoft 365 Apps, Microsoft Edge, Azure Virtual Desktop, and Windows 365. If these services are unfamiliar to you, make sure to watch our session, Windows 11 application confidence with Test Base and App Assure.
From the chip to the cloud, Windows 11 is the heartbeat of hybrid work. To go deeper into all the topics outlined in this post, we've assembled some great breakout sessions, deep dives, Ask the Experts, and product roundtables for you this week at Microsoft Ignite—and most will be (or already are) available on demand so you can catch up when it best suits your schedule. Check out our guide to Windows at Microsoft Ignite: November 2021 for the full list and join us every third Thursday here on the Tech Community for Windows Office Hours when you have questions or need tips to help you move forward with your deployment plans.
Starting your Windows 11 deployment today is a great way to help your users get the most from their Windows devices, whether at home, in the office, or on the road. We're excited to deliver features and capabilities based on your feedback and we look forward to continuing to build the future of Windows with you, the IT professional, in mind.
Continue the conversation. Find best practices. Visit the Windows Tech Community.
Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.
 Source: Microsoft Security Blog, Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work (October 4, 2021)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.