Windows 11 – How the OS upgrade journey has changed

How to introduce Windows 11 is a key question for IT leaders. Although the overall method of getting from Windows 10 to Windows 11 hasn’t changed, you’ll need to test the new OS – first with IT, then with pilot users. Once the infrastructure is in place for deployment, support and patching, you can roll it out to your user base.

The key points to consider are:

• Deployment – both for initial migration and subsequent rebuilds, using re-imaging methods (such as Ivanti Management Suite) or rebuild methods (such as Microsoft WDS/MDT).
• Patching methods – for regular patching and build uplifts.
• Policies – do any of my policies (e.g. Group Policy Objects) require upgrades and/or changes.
• Security – does all my security software support the new OS? Will my security policies (written and technical) need updating?
• Applications – do they all work under the new OS? Does the vendor support them? What (if any) upgrades or changes will be needed?

These key points have not changed. IT may wish to consider issues like profile management, end-point backup, specific peripheral compatibility, encryption requirements, printing and so on. These tend to be very industry and/or compliance specific. Many firms already have solutions that can easily fall into the ‘Applications’ category above. The other big consideration is user training, which is vital in bringing the user base on board with any new software!

So what HAS changed?

With previous OS changes, right up to Windows 10, the journey was simple to describe but complex to implement.

IT Testing

• Initial testing would be through dedicated devices, typically in the IT department. These would usually be manually built and placed in a very controlled environment to ensure basic security compatibility.
• We’d use virtual or secondary machines, or sometimes even primary machines, for pilot IT testing. This would help us prove our key application functions and understand the interface. Again, these would probably be manual upgrades or rebuilds.

Readiness

• Deployment testing – update the build process to enable initial migration/deployment of the new OS and support any issues.
• Policy updates – create new OUs, logon scripts and Windows Security Baseline policies, and deploy settings such as firewalls, certificates and authentication limits.
• Test automated application deployment onto the new OS, including any customisations required for specific apps, such as registry keys or specific files.

User pilot testing

• With ALL the above proved out in IT, user testing can begin with IT ‘friendlies’ and key stakeholders using the OS with VIP style support. The project manager would maintain snagging lists, with the IT department typically providing ‘enhanced’ support.

Mass rollout

• Each desktop or laptop in the organisation would be cycled through the office physically. This would complete the upgrade across the corporate network while enabling users to carry on working. It could involve a pool set of devices, depending on budget, device lifecycle timing, and whether users could stop working during their device build. This could take from 30mins to four hours according to the rollout technology used.

Long story short: the process has always been really quite painful and drawn out. In fact, most businesses skipped Windows 8 and 8.1 entirely and went straight from Windows 7 to Windows 10 precisely because of it!

What we have now

You could, of course, choose to roll out Windows 11 using the methods above. But why would you when, as you’ve probably heard, there’s a new and better way!

The Microsoft 365 ecosystem includes tools that make the whole process massively simpler. The Windows OS has been streamlined to enable it, but there are some hoops to jump through to really make it sing.

• InTune for Windows provides MDM-like capabilities on the Windows OS. This is a big step forward because the settings you deploy are NOT version-specific. This removes the pain of checking that everything works when moving between Windows versions.
• With Windows AutoPilot, we can deploy machines (both fresh deployments and resets) from ANYWHERE with an internet connection. That includes hybrid join i.e. both Azure AD and legacy AD join (requires a compatible VPN client).

Microsoft has also released the upgrade from Windows 10 to Windows 11 using the same techniques and interface that underpin the Windows feature releases (from example “20H1 to 20H2”). This is a compelling argument to overhaul your approach to the whole process.

To sum up

The migration to using Intune and Autopilot is typically a reasonable-sized project to deliver. It’s not something you can do overnight. Crucially, though, it’s no bigger than a desktop OS migration – plus, you only need to do it once! If you’d like to find out more about what we’re doing and how it could help your organisation, please get in touch here.