So something happened this week, Microsoft pulled a rabbit out of his hat and launched Windows 11 on the 5th of October. Because of this release endpoint admins are about to hit something, where we they have a good look at the status of their endpoints. Are these endpoint still able to get the update to Windows 11. Because of the higher specs needed to run Windows 11 and fulfilling all the security needs, Microsoft created a special Endpoint Analytics for Windows 11 readiness

What are the minimal specs and system requirements for Windows 11!

Microsoft is about to change these requirement.

Processor1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).
RAM4 gigabyte (GB).
Storage64 GB or larger storage device Note: See below under “More information on storage space to keep Windows 11 up-to-date” for more details.
System firmwareUEFI, Secure Boot capable. Check here for information on how your PC might be able to meet this requirement.
TPMTrusted Platform Module (TPM) version 2.0. Check here for instructions on how your PC might be enabled to meet this requirement.
Graphics cardCompatible with DirectX 12 or later with WDDM 2.0 driver.
DisplayHigh definition (720p) display that is greater than 9” diagonally, 8 bits per color channel.

Especially the TPM version 2.0 and the Secure Boot requirements are the big ones Microsoft is keen Zero Trust security. See below the youtube video about Windows 11 Security

How to find devices which are capable of upgrading to Windows 11.

In Endpoint Manager (Intune) under reports Microsoft made Endpoint Analytics available, where endpoint admins can get insights how the organization is working with there hardware. This is the place where its possible to find if there are any hardware failures who are slowing down the performance of a device. Now Microsoft created a new piece of analytics just to get more insight of the hardware fleet of a organization therefore you need to have a look at Work from anywhere (preview).

First things first now we need to enable endpoint analytics.

If the Endpoint Analytics is already enabled you can skip this chapter. Go to https://endpoint.microsoft.com/ and click on Reports on the left side

Click on Endpoint analytics. To get started and collect data we have to choose which devices we want to collect the data from, default is all cloud managed devices. Now we need to start the analytics reporting, Click on Start.

Now we have to check whether there is already a Windows health monitoring profile created under the configuration policies. If not we have to create it by hand so Endpoint management is able to collect the data needed, this can take up to 24 hours.

Create a Windows health monitoring profile

Go to Windows device configuration profiles (link), click on + Create Profile

Choose:

  • Windows 10 and later
  • Templates
  • Windows Health Monitoring

Click on Create

Fill in a name for the policy in any name convention you like and click next

Choose:

  • Enabled
  • Windows Updates
  • Endpoint Analytics

Click Next , Choose an assignment and click Next

Now it’s possible to specify how to apply this profile within an assigned group. Intune will only apply the profile to devices that meet the combined criteria of these rules. this step can be skipped if you like.

Click Next, Create. Now it can take up to 24 hours to collect all the data and show up in Endpoint Analytics

Now we are ready to read the Endpoint analytics to analyze the hardware fleet

If we go back to Endpoint analytics it’s now possible to check the collected data, where its now more easy for endpoint admins to check whether devices are ready to receive Windows 11. If not you will see why (TPM, Processor …)

Go to Endpoint analytics and click on Work from anywhere (preview), Click through the options available to read you’re environment.

Click on Windows.

Leave a Reply

Your email address will not be published.