Infrastructure

How ready is your infrastructure for Windows 11 deployment? Determine that by following these recommended steps:

Define infrastructure readiness criteria

Your infrastructure is ready if it meets the requirements of the Windows 11 feature update. These requirements fall into these categories:

• Management systems (to manage Windows upgrade)
• Provisioning tools (to set up devices)
• Reporting/compliance (to monitor and report on estate health and upgrade status)
• Security measures (to protect the environment)

Evaluate deployment management tools and infrastructure required

Our recommended way forward is cloud-native, which means Microsoft Entra ID-joined and managed by Microsoft Intune. Cloud-native management can largely simplify all steps of your planning, preparation, deployment, and management of Windows 11 with Microsoft Intune and Windows Autopatch.

Here are some helpful tools that you can use. Which ones do you already have?

Check the prerequisites and plan for the tools that you’ll need to acquire still:

• Microsoft Intune:
  • Definition & use: This cloud-based endpoint management solution is designed to simplify management of devices, identities, and apps. It integrates with other Microsoft services and apps ensuring security and advanced management capabilities of hybrid workplaces.
  • Prerequisites: Check supported operating systems and browsers as well as network configuration requirements and bandwidth. If you meet these prerequisites, just sign in to your work or school account and add Intune to your subscription. If you don’t already have an account, you can sign up for a free trial account to use Intune for your organization.
• Microsoft Entra ID:
  • Definition & use: This cloud-based identity and access management service allows people at your organization access external and internal sources securely.
  • Prerequisites: You might already have access to Microsoft Entra ID with one of your Microsoft Online business services, such as Microsoft Azure, Microsoft Intune, Microsoft Dynamics 365, or others. If not, review all available plans and licensing options.
• Windows Autopatch:
  • Definition & use: This cloud service automates updates for Windows, drivers, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. It’s designed to improve your organizational security and productivity while simplifying IT management.
  • Prerequisites: Check licensing terms and conditions for available sets of features. Additionally, you need Microsoft Intune and Microsoft Entra ID with special connectivity, device management, and data and privacy considerations.
• Windows Autopilot:
  • Definition & use: Windows Autopilot is a collection of technologies used to set up and preconfigure new devices, getting them ready for productive use. Additionally, you can use it to reset, repurpose, and recover devices without extensive infrastructure.
  • Prerequisites: You need a supported version of Windows General Availability channel to use Windows Autopilot. Extra software, networking, licensing, and configuration requirements apply.
• Windows Update for Business reports:
  • Definition & use: This cloud-based solution provides information about your Microsoft Entra joined devices’ compliance with Windows updates. You can use it to monitor, analyze, and report on compliance issues across your Windows 11 and Windows 10 devices.
  • Prerequisites: You’ll need an Azure subscription with Microsoft Entra ID, where devices are Microsoft Entra joined or Microsoft Entra hybrid joined. Check additional requirements and permissions you’ll need, including access to endpoints, diagnostic data, and regional coverage.
• Endpoint analytics:
  • Definition & use: This collection of scores, baselines, and insights reflects the quality of user experience as your organization undergoes digital transformation. You can better detect regressions and proactively support your users throughout configuration changes or disruptions due to legacy hardware.
  • Prerequisites: Enroll devices via Microsoft Intune or Configuration Manager with a valid Microsoft Intune license. Visit additional permissions, roles, and access requirements for your scenario.
• Windows Hello for Business:
  • Definition & use: This identity protection technology provides security and management capabilities, including device attestation, certificate-based authentication, and conditional access policies. It uses a two-factor authentication method for Microsoft Entra ID and other accounts, combining a device-specific credential with a biometric or PIN gesture.
  • Prerequisites: You’ll need one of the following license entitlements: Windows Pro/Pro Education/SE, Windows Enterprise E3/E5, or Windows Education A3/A5. Additionally, review hardware requirements, including biometric sensors.
• Microsoft Configuration Manager:
  • Definition & use: This system management solution, as part of the Microsoft Intune family of products, is designed for on-premises and hybrid environments while integrating with Microsoft cloud. It helps simplify deployment of apps, software updates, and operating systems. You can use it to manage servers, desktops, and laptops, as well as compliance settings, with increased IT productivity.
  • Prerequisites: Configuration Manager is included in the following plans: Intune user subscription license (USL), EMS E3/E5, Microsoft 365 E3/E5, and Microsoft 365 F3. You can also get a co-management license to manage devices with Microsoft Intune and Configuration Manager. Check out additional considerations.
• Delivery Optimization:
  • Definition & use: This HTTP downloader with a cloud-managed solution allows Windows devices to download update packages from alternate sources. This reduces bandwidth consumption and is done through either a peer-to-peer distribution or Microsoft Connected Cache.
  • Prerequisites: Ensure that devices are on a supported version of Windows and have access to the Internet and Delivery Optimization cloud services. Learn about Delivery Optimization and determine the most appropriate configuration for your environment.

Evaluate current device provisioning processes and tools

Provisioning means configuring devices without imaging. You can easily specify the desired configuration and settings required to enroll the devices into management. For cloud provisioning, we recommend Windows Autopilot. For on-premises contexts, plan to use Microsoft Configuration Manager.

It’s likely that you have a mixed environment. So, for a quick evaluation of cloud provisioning across your organization, use the “Work from anywhere” report in Endpoint analytics. Get there from Microsoft Intune admin center > Reports > Endpoint analytics > Work from anywhere. Navigate to the Cloud provisioning tab to see which Windows 365 Cloud PCs or Intune-managed Windows devices are set to be provisioned via Autopilot. For devices that are enrolled in Endpoint analytics but don’t appear in this list, plan to register them and create a deployment profile in Windows Autopilot.

Identify gaps

Having decided which infrastructure and tools will be required, identify any infrastructure updates that might be needed, or new infrastructure that needs to be commissioned. For example, if you're using Microsoft Configuration Manager to deploy Windows 11, you might need to update it to a later version. Or if you're planning to use Windows Hello for Business for the first time, there are supporting components that you might need to consider, such as infrastructure (or services) to provide certificates.

Do you notice any gaps in infrastructure at this point?