Windows 11 has been out a while now and I’m sure most of you have been testing and are nearing the point of looking at deploying to your userbase.
As we all know, however, the requirements are a lot stricter than they were for Windows 10 (or even 7) so you may find yourselves needing to do some hardware refreshes. But, how do you know which to replace??
Before looking at that, let’s refresh the requirements first:
- TPM 2.0
- Compatible Processor (roughly 7th Gen and up)
- 64Gb storage
- 4Gb RAM
Whilst most recent machines tick the boxes, the 7th Gen requirement is going to rule out some perfectly capable machines unfortunately and you *can* technically install W11 on these, but it’s totally unsupported.
Detection
Anyway, to find out which, you need to navigate to Report – Endpoint Analytics and then Work from Anywhere
You then want to click on the Windows Tab at the top
This then gives a list of your devices with a heading for Windows 11 Readiness State and another for the reason
As you can see, mine is a VM so not compatible with Win11
You can also sort on the Readiness State or export to CSV to better filter within Excel (and maybe do a nice pie chart to present to whoever holds the budget)
Deployment
First up, create an Azure AD group and populate with the devices exported and marked as compatible:
In Intune, navigate to Devices – Windows Devices
Click the Columns button at the top and select Azure AD Device ID
Now export the list of devices into CSV format.
Once you have the two device lists, get the Device IDs for the compatible devices with some Excel magic (or a VLOOKUP)
Now navigate to Azure AD and create a new AAD Group (Statically Assigned)
Navigate to the new group and select Bulk Actions – Import Members:
Download the Template
Edit the CSV and enter the AAD Device IDs we exported earlier.
Next, in Intune, navigate to Devices – Feature Updates for Windows 10 and Later
Create a new Profile and select Windows 11
If you want to get it done quickly select Make update available as soon as possible, otherwise go for the gradual approach:
Assign this to your Windows 11 group and the machines will start to receive the update
Nice, but you need an extra cost Intune add-on to do this advanced analytics..
https://learn.microsoft.com/en-us/mem/analytics/advanced-endpoint-analytics
You don’t need advanced analytics for this one, just the standard included in your M365 E3/E5 licensing
This was pretty helpful, thanks Andrew. Interesting to see how SCCM and Intune datasets are so different. Not by much though.
Glad you found it useful 🙂
Helpful information, what I needed. The only problem is when doing the export, I don’t see the same columns when I open the export sheet. The Windows 11 readiness status and readiness reason are not showing on the export sheet.
Do you know why?
When exporting, are you selecting “Include all data in the exported file”?
When I export the data I have ran into the same problem. The UpgradeEligibility column has a number against each machine ranging from 1 to 3 which I assume relates to TPM, SecureBoot, CPU etc .
Nice read, thanks for the information.
Do you know if Intune runs the script every week or if it’s possible to re-run it so the information in the reports is up to date?
I don’t think this is one you can manually run, sometimes you can directly in Graph, but I haven’t tested it myself. It should run fairly regularly though