Tag: windows 11

  • Windows 11 – make the move!

    Windows 11 – make the move!

    As I hope ALL of you know, Windows 10 is reaching End of Service (EOS) on the 14th of October 2025. If you haven’t marked your calendars already, do so now! This date is even more important if you haven’t made the move over to Windows 11 yet. This does not affect the Windows 10 LTSC currently in support.

    The path to reaching Windows 11 can vary, and it’s hard to say that “this is how you should do it”. Some decide to combine this with their cloud journey, some simply just upgrades, and some haven’t really thought about it yet. This blogpost is aimed to inspire those of you who haven’t made the move yet for different reasons. And those of you who help others and need inspiration. So, less focus on tech and more focus on the reasoning to make the move.

    Why should you move to Windows 11?

    To be honest, the reason to move to Windows 11 is simple. Windows 10 will no longer receive updates unless you decide to pay for the Extended Security Updates (ESU). This will be a fairly expensive way to tackle staying up to date. Microsoft announced back in April that the first year will cost $61 per device the first year. Given that the Windows 11 upgrade is free, there are few reasons to not move. We also see over 99% application compability between Windows 10 and Windows 11. Looking at customers I’ve helped and talked about this with, the issue is rarely the applications anymore.

    If we disregard from that Windows 11 brings a whole lot of new security related features to the OS. But it also brings more simplicity to the end user. One thing I hear often is that “the start menu is in the middle, our users will never learn this”. It takes about a day to get used to it, so the problem is not really there. This has so far not been an issue with the customers I’ve helped. Howeber, IT has often thought this would be the number one support issue.

    What does Windows 11 bring to the table?

    What Windows 11 brings is, however, innovation. Like it or not, Copilot will be part of our everyday life. In Windows 11, you have it at your fingertips with the native Copilot app. Depending on where you live, the experience will vary. There is a native app, or you will have to get the app from the store. Since AI and Copilot are mentioned in almost every context and situation, giving your end users access to a powerful AI in Windows is a huge improvement.

    What is important with Windows 11 upgrades is communication to end-users so they know whats going on. Un-announced upgrades are rarley a good idea since it can potentially mess with people flows initially, or unexpected reboots. Teaching your users to make use of all the new and improved features of Windows 11. This is a great way to give the feeling that you from IT are proactive and offering them the latest and greatest.

    The downside of moving to Windows 11

    To be fair, downside is the wrong word. There is one potential problem with moving to Windows 11, which is that older hardware is not supported. We are talking about things released prior to 2017, creating a huge amount of e-waste. For many companies, this would not be a problem given that you have proper lifecycle management of your devices. But it creates a huge amount of devices which will not be feasable to use any more.

    However, there are some ways you can still make use of them. Being a Microsoft advocate, my favourite is running Windows 365 on them. If you run a Cloud PC from a Windows 10 machine, the ESU will be free of charge and you can keep using that machine going forward, but that means using it to access a Cloud PC which is running Windows 11. You can ofcourse also convert them to thin clients using something like IGEL and have their OS accessing the Cloud PC.

    But going back to the topic of e-waste. This will be a huge challange, not only from a corporate and logistic perspecitve. But from en environmental perspective. There will be A LOT of devices which needs to be recylced, and we must really hope that they will be recycled and not just thrown away or shreded.

    Get to Windows 11 fast

    So what is the fastest path to Windows 11? A lot of times when we talk about moving to Windows 11, we talk about going cloud native.

    I’m all for going cloud native and I would recomend it to everyone. But going cloud native if you are on-premises or hybrid today is timeconsuming, and not really needed.

    If you listen carefully how Microsoft talked about the journey, it’s rarely stated that you should re-install every device as cloud native. What they are talking about is moving to Intune, and that is a different thing since you can be Intune only but still being hybrid.

    So for most organisations, going hybrid for all exisiting devices is the fastest path to Intune only. But remeber that ALL new devices should be cloud native (since you wont really gain anything from new hybrid devices).

    But looping back to Windows 11 and getting there fast.

    Windows 10 have had a steady release cadence, even if it has shifted a bit over the years. You have moved from Windows 10 20h2, to Windows 10 21h2, to Windows 10 22h2 using either Windows Update or Configuration Manager. When looking to move to Windows 11, you can view this as “yet another update” and deploy it as such.

    You hopefully already have a working process for this in place, and if you are doing custom images this would apply to you imaging lifecycling as well.

    Since we have about a year left, this would be the fastest way to get there and move to Intune after that.

    Take aways

    The main take away from this is that dont make the Windows 11 journey harder than it has to be. Windows 11 is not that scary and it’s a great operating system regardless of what different internet forums says. From a business perspective, this shouldn’t be a discussion. Just a go do!

    We never discuss or get stuck on iOS versions in the same way, not wanting to move to the next version.

    A couple of years ago, in the begining of this blog, I wrote about consumerization of corporate IT and it’s still relevant. We as individuals are driving change. We are no longer in a world where IT can say “no, we wont give you the lastest version of this and that” since things will stop working. If you run an unsupported version of Windows you are not only facing potential security threats. You will also see that a lot of your business applications will stop working, since these has adapted to the Windows as a Service concept introduced with Windows 10.

    What is the biggest take away from this blog? If you haven’t set the plan to migrate to Windows 11, start now! You have less than a year left.

  • Controlling your carbon footprint in Windows

    As many probably know, Microsoft released a bigger update to Windows 11 with the March Patch-Tuesday release. This patch was more than just patches, this included also some new features like the Windows 365 app which reached GA earlier this year, video recording in the Snipping tool and some pretty cool AI features from Bing.

    But one of the better new features is, according to me, the new energy recommendations to help you decrease your carbon footprint. This new feature is just a set of recommended settings to set for your computer to be more energy efficiant.

    The end-user could implement these settings themselves, but let’s face it, no one outside the IT department would look for that in the settings.

    Since Windows does not enforce the policies to be changed, someone needs to make an active decision here.

    This is what my device looked like when just jumping into the settings. What options you see might vary depending on what device you are using, and you can even get recommendations on a Cloud PC. In this example, I’m using a desktop PC. As you can see I have two settings which are not in line with Microsoft recommendations, and one which is managed by Intune. If I had a laptop, there would have been more options for me such as screen brightness and battery optimization.

    Here I can select if I want to apply all or just a subset of actions. If I click on apply all, all settings will be updated to the recommended value.

    I can also now see, if I step back in the settings menu, that I have enabled all available settings.

    Conclusion

    Even if this is a small update, I think it’s a good and important one to adopt. You can of course look into having these defined within your environment, which will mean that users cannot change these settings themself if they would like for some reason.

    This is a balance between enforcement and spreading awareness amongst users. There might be reasons for users needing increased brightness on their screen as an example. But looking at this from a sustainability perspective, this is a great place to start working with your computers around this even more.

    If you want to know more about the settings which is a part of this, have a look at this Microsoft support page: Learn more about energy recommendations – Microsoft Support

  • Deploying Cloud PCs in different regions

    Deploying Cloud PCs in different regions

    Windows 365 and Cloud PCs are as you know PCs running in Azure somewhere. But what if you want to control this “somewhere” and pinpoint the region they are running in? You might have noticed that spinning up a Cloud PC in e.g., Western Europe gives you Google and all web-based things in Dutch. This isn’t too convenient for the end-users who doesn’t speak Dutch. So, let’s try to address that and give a more “local” experience.

    I’m thinking of putting users in a Windows 365 region as close as possible to them, hopefully even within the same country. And to top it off, let’s provide them with a Windows experience in their local language, just for the sake of it.

    How can we achieve this?

    Well, we need two things, we need a provisioning profile per country and an Azure AD group which has been populated with users for each country. The region selected in the network for Windows 365 decides in which region the Cloud PC is hosted.

    Setting up Azure AD groups

    There are as many ways to do this as there are IT pros, but I decided to make this easy and just look at three things for my groups, attributes that I know all my users have.

    What I decided to look at is that:

    • The account is enabled
    • Usage location for the user is set to Sweden
    • And the country for the user is set to Sweden

    That got me the following query for my dynamic group.

    (user.accountEnabled -eq True) and (user.usageLocation -eq "SE") and (user. Country -eq "Sweden")

    To create a new group, head to Groups in the Intune portal and create a new group by pressing “New group“.

    Give your group a name, in my case I’ve called it “All users Sweden” since we will gather all Swedish users in this group. Also make sure to set “Membership type” to Dynamic User so that we can create a query to automatically populate the group based on user attributes.

    Add your query to your group by pressing “Add dynamic query” and enter your rule. You can take my example and modify it if you like, copy the rule syntax above and press “Edit” on the rule syntax windows and paste it there. This will populate the fields for you, and you can modify them to suit your needs. Or create your own! Keep in mind that the usage location uses the two-letter country code e.g., Sweden is SE, Norway is NO, Netherlands is NL, USA is US.

    Press Save when you have created, and validated, your rule and press Create.

    We have now successfully created a dynamic group which will be populated with all active accounts which has their country and usage location set to Sweden.

    Creating provisioning policies

    Now that we have our groups, we want to put them to effective use. Let’s head into the Windows 365 pane in Microsoft Intune by navigating to Devices > Windows 365 and selecting the “Provisioning policies” tab. To create a new policy, click the “+ Create policy” button on the ribbon.

    First off, as always, we will give our policy a name, in my case I’m giving it a name indicating that this is a Windows 11 image, Azure AD joined and running on Microsoft hosted network. And this is for my Swedish users.

    The next step is to select what kind of join type you will use and which network. In this example, I will use Azure AD join and using the Microsoft hosted network. The dreadful thing about using Sweden as an example here is that we don’t have Windows 365 in Sweden Central, so we will use the next best thing. Norway East!

    You can do this for Azure v-nets, but then you need to set the region stuff when setting up the Azure v-net. There is a limit to the amount of how many Azure Network Connections (ANC) you can define per tenant, you can find out more here. If you know that you have multiple locations and want to put the service as close as possible to the end-user, it’s much easier to use the Microsoft hosted network.

    The next step is to select an image, I will go with a gallery Windows 11 image since this will reduce the amount of maintenance I need to do since Microsoft is curating the image. Press next when you have selected your image.

    Next, we will configure language and region settings. Like I said, the ambition here is to provide the Windows 365 experience in the user’s local language. So, for this I will select Swedish for this policy.

    In this section, you can also choose to opt-in to Windows Autopatch straight away if you have this enabled in your tenant. If you do not wish to do so, just leave it to the default value. But since I have it activated in my tenant, I will add this as well and then press next.

    The next step is to assign this policy to our group created in the first part. If you wish, you can add multiple groups to the same provisioning profile. But I only have one which will be used for this one, so I will select my group with all Swedish users and press next.

    Final step is to review the settings we have selected and then press “Create“.

    Conclusion

    Now when a Windows 365 license is assigned to a user, their Cloud PC will be provisioned in the region based on which provisioning policy they are assigned to using our dynamic Azure AD group.

    The groups don’t need to be dynamic and you could just as easily accomplish this using assigned groups. Also, you could utilize this setup to also include e.g., your developers who need access to a specific Azure v-net for example. In this case you would have provisioning profiles connected to those networks instead of the Microsoft hosted network, giving those users access to that network.