With the end of life for Windows 10 approaching on October 14, 2025, it’s essential to start planning your upgrade to Windows 11. After this date, Windows 10 will no longer receive security updates, making systems vulnerable to new security threats. Here’s a comprehensive guide to help you transition smoothly using Microsoft Intune. 

Why Upgrade to Windows 11?

  1. End of Support for Windows 10: Post-October 14, 2025, Windows 10 will no longer receive security updates, which can lead to potential vulnerabilities.

  2. Enhanced Features and Security: Windows 11 brings a host of new features and stability improvements. It incorporates many security features developed over the years and adds new ones for better protection.

Planning the Upgrade

  • Hardware Requirements: Windows 11 has specific hardware requirements, including TPM 2.0 and a list of supported CPUs. Devices with older CPUs might need replacement. For Intel CPUs, support starts from the Coffee Lake generation (October 2017), and for AMD, from the Ryzen 2000 series (April 2018). Microsoft provides a PowerShell script to check if devices meet these criteria.
  • Application Compatibility: Ensure that all applications, especially legacy or custom-built line-of-business applications, are compatible with Windows 11. Test these applications on Windows 11 devices and consult with vendors for support.
  • User Experience and Change Management: The new look and feel of Windows 11 may require significant user adaptation, especially in environments with less tech-savvy users. Update internal knowledge base articles and provide user guides to ease this transition.

Leveraging Intune for Windows 11 Upgrade

  • Windows Update for Business: This tool allows machines to pull updates directly from Microsoft, reducing the need for in-network updates. It integrates with Windows Update for Business reporting, providing insights into upgrade progress and issues.
  • Streamlined Delivery: This feature allows devices to pull updates from each other or a centralized cache, reducing bandwidth consumption by avoiding multiple downloads from Microsoft servers.
  • Autopatch: This service automates the update process by breaking up the device fleet into rings for gradual updates. Any issues detected during updates can pause the process until resolved, ensuring a smooth upgrade.
  • Policy Management: Review and update group policies or policies in Intune to configure new features and remove deprecated ones. This ensures policies are effective and relevant.
  • Network Connectivity: Plan for updating devices outside the network. If devices must be on the network for updates, consider strategies for remote users, such as having them come into the office or implementing a device swap-out strategy.

Key New Features in Windows 11

Advanced Phishing Protection: Built into Microsoft Defender SmartScreen, this feature scans for passwords entered on websites and prompts users to change them if compromised.

Web Sign-In: Authenticate into Windows using Google authentication through Entra ID, with conditional access and temporary access pass options.

Passkey Support: Create passkeys for website authentication, protected by Windows Hello biometrics or a PIN, allowing for secure single sign-on without traditional passwords.


Upgrading to Windows 11 is a significant step that requires careful planning and execution. By leveraging Intune and its suite of tools, you can manage this transition smoothly, ensuring that your devices are up-to-date, secure, and ready to take advantage of the new features in Windows 11. Start planning now to avoid the rush as the end-of-support date for Windows 10 approaches. 

Amplifying efficiency and security

The Intune Suite Guide

Learn about features and strategies such as:

  • Endpoint Privilege Management: elevate user access privileges as needed

  • Enterprise App Management: discovery, packaging, deployment and patching of Windows apps

  • Cloud PKI: publish and distribute certificates from Intune without complex PKI

  • Tunnel for MAM: secure access to LOB apps from unmanaged mobile devices

  • Advanced Analytics: predict which machines, applications and users will have issues

  • Remote Help: unlock the seamless interface between the service desk agent and end-user

Andrew Reade