Endpoint Services, MECM, Managing Windows 11

Overview

This article covers the available MECM features for evaluating Windows 11 compatibility, as well as deploying Windows 11 to new and existing devices.

Systems

Microsoft Endpoint Configuration Manager (MECM)

Intended Audience

University of Illinois IT Pros leveraging MECM, hosted by Technology Services' Endpoint Services team

Evaluating Windows 11 compatibility for an existing device

Deploy one of the 'Audit Windows 11 Readiness' configuration baselines to the respective collection - located at \Assets and Compliance\Overview\Compliance Settings\Configuration Baselines in the console
- The configuration baselines leverage Microsoft's Windows 11 Hardware Readiness script. Non-compliant devices will fail one or more of the following requirements: Memory, Processor, SecureBoot, Storage, TPM
  - Refer to the 'Understanding the Hardware Readiness script output' section at the link above to evaluate the output of the baseline
  - This will check that an endpoint meets the Windows 11 minimum system requirements and mark any endpoints that don't meet them as non-compliant
- The 'Audit Windows 11 Readiness - Granular' baseline checks all of the requirements: Memory, Processor, TPM, SecureBoot, Storage
- If you would like to create a non-compliant collection for a specific requirement, deploy the respective 'Audit Windows 11 Readiness - x' baseline.
  - For example, if you want a collection of devices that do not meet TPM requirements so you can query models and potentially deploy newer TPM firmware, deploy the 'Audit Windows 11 Readiness - TPM' baseline
- Collections based on compliance can be created by right-clicking the deployment of the configuration baseline, selecting ‘Create New Collection’, then selecting the desired compliance status
- View the details of the baseline results at \Monitoring\Overview\Deployments in the console
  - Search for the baseline name and double-click to view the status
  - For details of non-compliance, select the Non-Compliant tab, expand the columns, then view the assets under each CI name.
- Please note that additional compatibility considerations for internal and external peripherals may be required
For devices that do not meet TPM requirements, determine if the device can be upgraded from TPM 1.2 to TPM 2.0
- Refer to this page to upgrade eligible Dell devices: https://www.dell.com/support/kbdoc/en-us/000132583/dell-systems-that-can-upgrade-from-tpm-version-1-2-to-2-0
- Refer to this page to upgrade eligible HP devices: https://support.hp.com/us-en/document/c05792935
- If a TPM upgrade is possible, upgrade the device to the latest BIOS version first. Note that very outdated BIOS versions may need to upgrade to a middle version first before upgrading to the latest version; refer to the vendor's documentation in the BIOS update.

Deploy and manage Windows 11

For new Windows 11 installations:
- Copy an existing OS deployment task sequence to use for Windows 11 deployments
- Update the 'Apply Operating System Image' step to use the latest Windows 11 operating system upgrade package
- Update the 'Apply Driver Package' steps to use the latest Windows 11 drivers for each model
- If there is a 'Pre-provision BitLocker' step, follow the guidance at this link to resolve a known issue: Resolve error with Pre-provision BitLocker step
- Deploy the task sequence to the respective OSD collection
Upgrade devices with an existing Windows 10 installation:
- Follow the guidance in this article to create an upgrade task sequence: https://learn.microsoft.com/en-us/mem/configmgr/osd/deploy-use/create-a-task-sequence-to-upgrade-an-operating-system
- Update the 'Upgrade Operating System' step to use the latest Windows 11 operating system upgrade package
- Deploy the task sequence to the respective collection
Track your environment's overall count of Windows 11 devices
- Follow this guide to create collections based on a device's OS version: https://answers.uillinois.edu/illinois/90428
In order to manage Windows 11 updates with MECM, visit https://go.illinois.edu/epshelp, select the 'MECM' service, select 'Microsoft/Office/Windows Updates' under 'Request Type', then fill out the rest of the form

Contact the EPS team

Keywords	EPS MECM SCCM "windows 11" readiness TechS-EPS-SCCM Suggest keywords	Doc ID	131339
Owner	EPS Distribution List .	Group	University of Illinois Technology Services
Created	2023-09-10 18:56 CST	Updated	2023-12-04 14:11 CST
Sites	University of Illinois Technology Services
Feedback	0 0 Comment Suggest a new document Subscribe to changes