Is Windows 11 enterprise ready?

by Rory Monaghan

SHARE

Home » Articles and insights » Is Windows 11 enterprise ready?

Do you remember Microsoft saying Windows 10 would be the last major desktop Operating System release, only to roll out Windows 11 in 2021? Why did they go back on what they had said before? Only they can tell you. All I can do is speculate. So here goes…

Perhaps it was due to enterprises not having an appetite for the more frequent OS update cadence many got with Windows 10. Maybe enterprises preferred a large upheaval once every decade vs. many feature upgrades in a shorter time. Microsoft has already announced its intention to change the feature update cadence for Windows.

Over the last few years, Microsoft has been working on hardening security on the desktop OS. Perhaps it was a smarter strategy to implement some of the security features in a new Operating System entirely to encourage a rip and replace for customers. Implementing a large change like some of those found in Windows 11 would be tricky to complete with an in-place Windows 10 update.

Or maybe the major Windows 11 release is simply branding and marketing? Feature updates on Windows 10 don’t get the same level of attention as a major new version. When competing with other Operating Systems, maybe Windows was losing some shine by being perceived to have stagnated with Windows 10.

CASE STUDY

This Wisconsin manufacturer needed to modernize its IT infrastructure to support rapid business growth.

Discover what they did

It could be for all of these reasons or maybe none of them. One thing is for sure, Windows 11 is NOT Windows 10. It brings with it some substantial changes and is certainly not just a feature update.

A new look for Windows

Windows 11 new interface

The look and feel of Windows 11 are so different that it can be jarring when you first use it. Many creatures of habit freak out when they see the start menu in the middle rather than to the left. The addition of tabs to the Command Window was a nice addition to Windows 10, and it looks like tabs will soon feature in Explorer on Windows 11. The new UI in many of the OS menus and shell are nice improvements but take a little while to get used to.

The changes to the start menu plus the effort made to move more options from the Control Panel to the Settings app give the search bar more prominence than ever for navigating apps and resources. For the most part, these tweaks to navigation and cosmetics shouldn’t be too off-putting to techies, but those less technical might initially find it challenging to get to grips with.

Stronger security

Windows 11 hardware compatibility

As I mentioned earlier, I feel one of the reasons there is a Windows 11 is security hardening, some of which has led to a change in the hardware requirements for running Windows desktops. Namely, the TPM requirement. If you have ever worked with Bitlocker or some other encryption and security tools, you may already be aware of some of the benefits of a TPM chip. At a high level, you can store a token on this chip and associate it with your encrypted disk. If someone steals your laptop and tries to take the drive out, mount it and steal the data, they won’t be able to. If the disk cannot see its associated TPM chip, the data remains encrypted.

TPM 1.1 had a majority security flaw which required firmware updates that could be disruptive to deploy. For Windows 11, TPM 2.0 is required. The rule of thumb is that if your computer is less than four years old, Windows 11 will likely work. Not because it necessarily has a TPM chip, BUT because it has a newer processor, and many newer processors come with fTPM on the processor themselves that allows it to work.

The use of TPM should be a great asset, but I have a friends who bought laptops as recently as two years ago who can’t upgrade to Windows 11 due to incompatibility through lack of the TPM chip. If you would like to check to see if your machines work with Windows 11, you can run the free health check app.

For enterprises, the good news is that most corporate laptops have been shipping with TPM chips for some time. Since they tend to refresh hardware quite often, I would guess it will be less of a problem for companies than retail consumers. If your organization’s hardware refresh cadence was thrown off due to COVID and the chip shortage, this might still present you with a problem.

Secure Boot must also be supported on your devices, but honestly, I’d be surprised if that is going to be a blocker. I know Unified Extensible Firmware Interface (UEFI) was a hill to climb for many 7+ years ago, but I would bet that dragon has been slain. Secure Boot has been supported by hardware vendors for some time too. Most organizations are likely already using UEFI and running hardware that supports Secure Boot.

The base specs for memory, storage, and CPU are in line with Windows 10, so from a fundamental hardware perspective, it is not a huge uplift. TPM is the potential banana skin.

It is a very good idea to assess your organization to see how much of your hardware estate is Windows 11 compatible, as you may need to devise a long-term strategy to replace incompatible devices before beginning your migration.

Applications and software migration

Let’s shift gears to software. If you migrated from Windows XP to Windows Vista, Windows 7, or Windows 8 and then went from, say, Windows 7 or Windows 8 to Windows 10, you should have noticed that the latter migration was much more straightforward from a software perspective.

While Microsoft strived to ensure greater app compatibility with the newer desktop OSes, with ongoing Windows 10 development, updates and security hardening caused compatibility issues to creep in again. We now see the likes of Rimo3 and AppReadiness plus other evergreen platforms returning to the fold as these compatibility problems raise their ugly head again. It should NOT be as widespread and complex as migrating from Windows XP but may not be as straightforward as the early days of Windows 10 migrations.

Microsoft, for its part, has set up an App Assurance program that will help customers overcome compatibility problems. You can see from the metrics Microsoft has shared, organizations are certainly still hitting compatibility issues.

32-bit rears its head

Windows 11 metrics

Some potentially bad news for some of you. If you put off upgrading all of your devices to a 64-bit version of Windows with your previous migrations to Windows 7, Windows 8, or Windows 10, you may feel a compatibility pinch as Windows 11 is 64-bit only. The good news is that most vendors have 64-bit compatible versions of their apps ready for you to use, BUT if you have some older 32-bit or even 16-bit software (perhaps internally developed apps) that you have no choice but to bring forward, then the clock is ticking for you to get those applications migrated to a 64-bit OS.

Redundant peripheral ports

The change to a 64-bit OS can cause compatibility problems not only on the software side, but some organizations have kept really old hardware around that works with adapters and dongles that require legacy drivers. You may need to face up to the reality that those peripherals may be end-of-life.

That could be quite challenging. I know one organization I worked for in the past kept a single isolated workstation on 32-bit to support an old unique printer and some software that ran 16-bit components. It may be an exceptional case, but my experience in enterprise IT suggests that hanging onto old hardware and software is not a one-off case. It seems inevitable that the 64-bit move will cause headaches for some, but it is a necessary pain and one that should have been felt a long time ago. Even if just to be able to use the additional RAM possible with a 64-bit OS because today’s apps are more memory hungry.

Conclusion

In a few years’ time, Windows 11 could be very different from the present-day Windows 11. Clearly, Microsoft is committed to security hardening and standardization of things like only supporting 64-bit, TPM, requiring Secure Boot, and more. That won’t change. Security is of the utmost importance to enterprises around the world. We should all be on board with these types of changes, even if it causes some initial pain in our migration journeys.

What I feel may change is the look and feel, the application delivery, the policy management, and factors related to user experience. We are at a strange time where work styles are transitioning to 100% work from home or a blended variation. I feel the layout of Windows 11 is designed to provide a consistent experience across various client devices, including those with touch screens. However, that is an assumption that likely plays better to consumers rather than enterprises where productivity is king.

People wrote off laptops years ago, thinking sales would hit the floor in favor of larger smartphones and tablets, but demand for laptops has grown in recent years. We see manufacturers selling 2-in-1 devices with touchscreens, but so far, in my experience, these don’t have a large presence in the enterprise.

I would like bold changes like a greater adaption of touchscreens as a daily driver for most employees. If that did happen, then Windows 11 layout makes more sense than the layout of Windows 10, BUT right now, it seems for optimal productivity, employees are still choosing laptops with touchpads and/or a mouse and keyboard. This may mean enterprises bucking some of the changes in favor of a traditional start menu positioning and possibly demanding some other changes to the OS.

Microsoft has clearly listened to enterprise customers regarding the OS update frequency, so it wouldn’t surprise me if Windows 11 sees some enterprise-friendly navigation changes in the future too.

Rory Monaghan

Rory Monaghan

A man of many talents, Rory is a Microsoft Windows IT Pro MVP, and international speaker and contributes to the online App-V community via his blog rorymon.com.

Tired of wasting time and money on frustrating IT issues and vendors?