We’re now six months into the release of Windows 11. You’ve probably asked yourself at least once, “Should I consider upgrading my devices yet?”
Maybe you’re somewhat skeptical of new OS updates, especially of entirely new builds. Oftentimes new OS builds are buggy, and the kinks haven’t quite been worked out just yet. Plus, you’re considering if the investment is worth the payout – Windows upgrades at scale can be costly, both in time and capital. We’ve helped plenty of our clients to do them, so we know this is a reality.
And so here you are, wondering whether to dive into this new OS.
In this post we’re going to give you our take on this question as of March 2022. We’re going to specifically consider three relevant topics related to the new Windows 11 build, particularly:
- Security Features
- User Experience (User Interface)
- Required Specifications*
Then we’ll reflect on who we think should consider upgrading to Windows 11 at this point and who can ride the Windows 10 train for another year or two.
*Note: There are many factors to consider when considering an upgrade, and we have not covered all of them in this post. Instead, we’ve focused our analysis on those that we think are relevant to endpoint management professionals who are making a decision to upgrade or not. We encourage anyone to consider this post along with other assessments that they may read elsewhere and not restrict their decision to just the three categories covered in this post.
With the rapid move into cloud-based and remote work, security is more top-of-mind than ever. Several recent high-profile data breaches have increased national awareness of the importance of cybersecurity, and it’s easy to see that the COVID-driven shift to remote work has helped shape Windows 11 both in features and in marketing.
According to Microsoft, Windows 11 is “the most secure version of Windows ever.” Windows 11 provides “chip-to-cloud” enhanced security to keep up with the rapid growth or remote work in the modern workplace. According to Microsoft, “Every component of the Windows 11 technology stack, from chip-to-cloud, is purposefully designed to help ensure ultimate security.”
One particularly notable set of features is related to hardware-based security. Microsoft writes, “we have worked with our chip and device manufacturing partners to integrate advanced security capabilities across software, firmware, and hardware to create tight integration that protects from the chip to the cloud.”
Some of these notable features are:
- Trusted Platform Module (TPM) 2.0: Trusted Platform Module is a firmware root-of-trust that enables security and privacy improvements for system hardware. The 2.0 version, according to Microsoft, includes ” important enhancements” that “enables stronger crypto algorithms and the ability for customers to use preferred alternative algorithms.”
- Virtualization-Based Security (VBS): VBS manages OS kernel-based attacks by isolating a secure region of memory and inhibiting malware from executing code or accessing information inside this secure environment.
- Hypervisor-protected code integrity (HVCI): HVCI runs Kernel Mode Code Integrity inside the secure VBS region rather than the main Windows Kernel. This prevents malicious kernel-mode code from being injected even when drivers and other kernel-mode software have been compromised.
- Pluton Security Processor Support: Support for a security-oriented processor series. It allows for a “a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft.” Updates are delivered through Windows Updates rather than a third-party alternative.
- Secured-Core PCs Support: Supports the Secured-core PC series shipped for high-risk industries with additional protection enabled at the firmware layer. These PCs include features such as memory protection, firmware protection, and Dynamic Root of Trust for Measurement (DRTM).
But are these hardware-based security features worth the cost to upgrade your devices?
When you look closely at these highlighted features, what you’ll notice is that many of them are already available in Windows 10.
For example, TPM 1.2 and 2.0 were optional in Windows 10. TPM 2.0 in Windows 11 is now required, and TPM 1.2 is no longer available. This is an improvement to security as the feature is now standardized. However, unless your organization has implemented SecureBIO or Auotpilot in a self-deploying mode , simply standardizing a feature lacks the kind significant improvement that would warrant an upgrade for most teams from Windows 10 this early in the game.
The same is the case with other security features including VBS, HVCI, Secure Boot, and Container Isolation in Microsoft Office and Edge. Each of these features is optional in Windows 10 and comes enabled out-of-the-box in Windows 11.
This is also true of some of the Cloud Security features. While integration with Microsoft Azure AD and Modern Endpoint Management in Endpoint Manager has been improved, most companies who use Microsoft Intune and Endpoint Manager already have access to many of their features using Windows 10.
All this considered, Windows 11 is more-secure out of the gate because of the standardization of many security features. However, they may not be significant enough to warrant most IT professionals to upgrade this early in the life cycle of the OS. If, on the other hand, you’re looking to increase the “default” or “baseline” security posture, Windows 11 would be a way to do that.
User Experience / User Interface
User interface (UX) is also important to IT pros. One of your goals is to enable productivity of your end users, and Microsoft wrote that their goal is to “empower every person and every organization on the planet to achieve more.” UX design is a part of this.
As such, the interface has been significantly updated in Windows 11 to optimize productivity and user experience. In place of the Windows 10 interface, Microsoft has opted for a new UX that prioritizes simplicity and ease of use.
Here’s just a few of the features that have been changed:
- Start Menu: Redesigned to be centered, app-centric, and easily customized to access your most-used apps. Customized start menu layouts can also be deployed to endpoints using policies.
- Taskbar & Active Applications: The taskbar has undergone a significant redesign, apps and widgets can now be pinned, and it can also be customized and deployed using policies as well.
- Virtual desktops: A feature available in Windows 10, it’s now standard on the Windows 11 taskbar, and they can be easily deployed with a single click.
- Windows File Explorer: The first significant update since Windows 8, the file explorer has a simplified, modern makeover.
Some of the additional features that were updated are:
- Alert boxes
- Settings menu (Windows Key +A)
- Widgets Panel (updated News feed)
- Task view/Snap assist updated features
The overall feel of the new UX is that it’s warmer and friendlier. It’s obvious that Microsoft has taken a hint from Mac UXUI in style and simplicity.
And in our opinion, it works. As one reviewer summarized, the design is “a breath of fresh air for Windows that attempts to throw out much of the old UX in favor of a more modern, fluid, and simplistic interface. I think it does a good job at achieving this goal.”
That said, is it worth an upgrade?
Our ability to enable productivity is central to our responsibilities as IT professionals. Microsoft has obviously taken this responsibility seriously with the new Windows 11 design, attempting (in many cases successfully) to simplify and streamline operation for the end user while going about their daily tasks.
For certain companies, these changes might warrant an upgrade. For companies who have significant stock in their end users’ ability to complete complicated tasks and navigate their OS in the least amount of time – industries like healthcare – the improved design and ease of use might be enough to warrant the significant investment of time and budget to upgrade to Windows 11.
That said, maybe not. Windows 10 isn’t unbearable. Most end users can navigate and be productive using Windows 10, making the improvements in user experience a welcome change to the Windows OS, but not necessary enough to warrant upgrading. For most companies, they can probably afford to wait awhile.
The required hardware is more substantial for Windows 11 than Windows 10, which is another factor to consider.
|1 GHz or faster (>2 cores on a 64-bit processor)
|1 GHz or faster
|1GB (32-bit OS) and 2GB (64-bit OS)
|64GB or larger (Only 64
|16GB (32-bit OS) and 32Gb (64-bit OS)
|Compatible with DirectX 12 or later with WDDM 2.0 driver
|DirectX 9 or later with WDDM 1.0 driver
The required RAM for a Windows 11 build is 2x – 4x that of Windows 10, and Windows 11 requires more than 2 cores on a 64-bit processor. These requirements are significant considering many machines had a hard time meeting even the requirements for Windows 10 when it came out.
For many lower-powered machines, these requirements will be too great, necessitating companies not only update their OS but also the hardware to support it. This additional budgetary hurtle will, for many companies, make this upgrade currently out of reach.
So, Should I Upgrade?
Windows 11 is, to me, Windows 10 in a nicer skin. While it does come out-of-the-box more secure because of quite a bit of feature standardization, there’s few truly new features unavailable to a savvy IT team that can’t be enabled in Windows 10. Plus, the new build is resource-heavy enough to significantly increase the required specs, disqualifying many endpoints unless you upgrade hardware concurrently.
That said, considering the effort and cost often required by an upgrade, we think that most companies might want to wait awhile before pulling out their corporate credit cards.
Also, most companies aren’t at the maturity of endpoint management where upgrading your OS will improve your security and productivity to a large degree. Why? Because new software isn’t the best way to secure or improve your environment. Instead, it’s adept management and use of the software that you have.
If you’re concerned with things like security and user experience, in our opinion your budget would be better spent on benchmarking your IT maturity and making process improvements rather than being an early adopter of a new OS. That’s where you’re going to see significant improvements to your security, efficiency, productivity, and the time and capital investment of your team.
A shiny new pair of shoes won’t prevent an injury if your running stride is poor. If you’re having knee pain, instead of heading down your local Foot Locker and dropping 90 bucks on “corrective” shoes, you should ask someone experienced to help you to improve your stride. That’s where the biggest improvements will come, and it probably will cost less too.
All that said, there might be a few cases where your company might consider upgrading to Windows 11 now. For example:
- If you’re in an industry where security and end user productivity failures are catastrophic. Industries like financial services or government could make a compelling case for the standardized out-of-the-box security features of Windows 11 being worth the cost. Also, healthcare companies who need their OS to work 100% of the time and as quick as possible could also see benefit from the new UX in the form of improved end-user efficiency.
- If your company has a high infrastructure maturity rating because of proficient endpoint management. If you’ve already optimized your processes, the improvements you could see from Windows 11 might be the cherry on top, improving your security and end user experience and keeping your already optimized infrastructure top of the line.
- If you fit into the other two points and can afford the hardware required for this upgrade. Windows 11 hardware requirements will exceed many endpoints’ ability to run it, and these endpoints will need to be updated if they’re going to run the new OS. However, if your company has the budget for hardware upgrades, and security and end user experience are a priority, Windows 11 might be within your reach.
The Model Maturity Assessment
If you’re reading this, it’s highly likely that you’re thinking about improving endpoint security and efficiency. If so, we think one of the best investments you can make at this point is to benchmark your IT health and improve from there.
Here at Model Technology Solutions, we’ve assembled some of the best endpoint management engineers to help to assess and improve infrastructures like yours. We love the process of getting to know IT teams all over the world and partnering with them to improve their infrastructure health. It’s what we do.
Through our Maturity Assessment, our top-tier engineers will measure the health of your infrastructure and identify the most cost-efficient projects you could undertake to improve your security, efficiency, and reduce your costs. Upgrading to Windows 11 might be a part of that, or maybe not. Whatever those projects are, you can be sure they’ll be tailored to your particular industry and designed to give you the most significant returns for the least amount of resources.
If you’re interested in learning more about this maturity health check, click here or use the call to action below this post. You can learn about our proprietary maturity model that we use to frame the assessment and download a questionnaire that will show you exactly what kind of information that we’ll gather as a part of it.
Until next time!