Part 1 was rather lengthy, covering the UI changes in Windows 11. We’ll start off part 2 by looking at the changes to the Windows apps. Yes, these are also UI changes. In some cases, these changes add functionality, but in many cases it’s just a new coat of paint.
Maybe this post won’t be quite as long…
I will define “apps” in this context to include anything included in-box, so that includes File Explorer, the old UWP apps that have been around for a while, and other things (e.g. Notepad, Paint, etc.) that have been around for a while.
This one gets a relatively minor refresh, with the biggest change (apart from rounded corners) being the menus at the top, which are now more compact with new icons, and new and more colorful icons throughout the folder view.
Unless you were a heavy user of the menus that were present before on the old ribbon interface, you probably will be able to adjust quite easily to this new OU.
This is probably the most improved of the in-box apps, with a completely reworked UI and support for just about any type of installer: UWP, MSIX, MSI, executables, really anything you want to throw at it.
The app content can even come from third-party ISVs directly (not downloaded from Microsoft as it was before). This is good for developers, since they get full control over the content, but you then have to assume those developers have implemented reasonable protections to make sure their content stays malware-free.
My biggest concern with this new store is that anyone can submit anything. Take Notepad++ as an example:
There are multiple “unofficial” store entries for this Win32 app. Which can you trust? Depending on the type of application, non-admins may or may not be able to install a particular app: UWP, Win32 packaged as MSIX will work fine, but other types may fail. And the failure is not at all obvious, which could easily drive help desk calls:
Additionally, if you had AppLocker rules in place to only trust software installed into Program Files, MSIX apps will install to that location, even for non-admins.
The only controls I see are to turn the store on or off, but not to otherwise restrict the content.
There’s also no more private store, but that was previously announced so it shouldn’t surprise anyone.
I understand why Microsoft wants to increase the usage of Teams. But the implementation in Windows 11 will just annoy IT pros. There is a Teams client installed in Windows 11, along with a simple chat app that uses the Teams infrastructure:
But this is a consumer-only setup. Those apps can only be used with a Microsoft account (MSA), not an Azure AD (work/school) account. In order to use the commercial version of Teams, you have to install the separate commercial version of Teams. This can get even more confusing if you have both installed, as this is what you’ll see in the Start menu:
At least they added the “(work or school)” text to the commercial version, because the only other way to tell the difference is to look at the color of the “T” on the icon: white for consumer, blue for commercial. (You can read more about this here.)
I suspect most organizations will want to uninstall the consumer Teams app as part of their image creation or deployment process.
Power Automate Desktop
So what exactly is Power Automate Desktop? It’s a robotic process automation (RPA) app. OK, so what does that mean? It means it’s an app that can automate other apps or web pages. Remember Visual Studio Test, SMS Installer, and older apps like that (which were more designed for test automation rather than process automation, but IT pros used them for that anyway)? This is the latest incarnation that lets you do click-by-click automation, or even record and playback of UI operations. In my example below, I created an automation “flow” to drive the Calculator app:
It launches the Calc app, types 2+2= and then grabs the result (4) from the UI. Obviously that’s not the most useful automation, but it does give you some idea of the intent of the app. Certainly it has more functionality than that, to integrate other services and even to tie into Power Automate in Azure (the real reason Microsoft wants you to use this free desktop version).
There are a few things that I don’t like about Power Automate Desktop: It adds itself as a startup application (because that’s what Windows needs, more stuff running in the background) and it adds itself as an extension to Edge (although you still have to manually turn it on).
I suspect 99% of an organizations users will never use this app. In my mind, that makes this a very good candidate for removal.
I considered doing a completely separate blog on just the clock app, but at the end of the day talked myself out of it. Why would a clock app need a blog of its own? Because of the absurdity of it. The new version of the app in Windows 11 has all kinds of new features to help you with focus time: schedule some time where all notifications are suppressed and even launch Spotify automatically so you can listen to your favorite music while “focused” on your task. And it integrates with the task list (from the To Do app). As before, you can set alarms, use it as a stopwatch, and see a world clock that shows times in cities that you select from around the world. That all sounds reasonable, right?
But guess what the clock app can’t do? It can’t display a simple clock. Previously you could pin a live tile, but since live tiles are no longer supported, that doesn’t work any more. So if you just want to have a clock on your desktop that you can actually see without putting your glasses on, you can try out one of the 917 different clock apps listed in the Store.
This is easily the best app Microsoft has added (installed by default) in Windows 11. It’s a brand-new console shell that can run PowerShell, Command (cmd.exe), and Azure Cloud Shell, all in different tabs, out of the box, with the ability to add in additional shells (e.g. PowerShell 7, Linux shells available from the Windows Subsystem for Linux) if you’d like.
It’s also extremely customizable. You can change the fonts, colors, layout (e.g. split the screen into segments each displaying a different shell), etc. It’s automatically updated from the store, with new functionality added frequently.
The old cmd.exe and PowerShell.exe/PowerShell ISE are still around, but in a future release of Windows 11 this Terminal app will become the default (with those “old” interfaces still available if you insist on sticking with them, also useful for app compatibility). If you’re a scripter, combine this with Visual Studio Code (another great Microsoft app, but not installed by default on Windows 11) and you’re all set.
Yes, this app can still add numbers (e.g. my 2+2=4 example above). But it’s got quite a lot of additional functionality beyond that. It can do conversion between all sorts of units of measurements, and even currency conversion:
New in Windows 11 is a graphing calculator:
Maybe one of these days schools will let you use something like that instead of making you buy an expensive hand-held graphing calculator that is still stuck in the early 2000’s.
In addition to the new functionality, Microsoft has also make the app’s source code (rewritten in C#) available on GitHub, so if you really want to, you can submit a pull request to Microsoft to add even more functionality to the app.
The good: the core functionality of the app remains the same, with a new graphical ribbon for common functionality.
The bad: it doesn’t support dark mode yet (being tested in Insider builds), and the menus have changed to something less than standard. For example, if you want to do a “Save as” you are forced to use a mouse to choose the format you want, rather than having that choice in the save dialog itself. Also, there’s no “Quit” menu item, so you have to click the “X” on the right of the title bar. (Windows used to have a solid set of UI guidelines for apps — that sometimes goes out the window these days.)
While the Photos app might have a “beautifully redesigned,” the functionality does not feel that much different than previous versions.
It’s still an OK app with simple editing capabilities for both photos and videos, but I find myself using OneDrive online rather than using this locally-installed version.
First, there was Snipping Tool, the original Win32 app for capturing images of sections of the display (e.g. an app window). Then there was Snip & Sketch, a new UWP-based version that added some functionality, but didn’t include all of the original Snipping Tool. But Snip & Sketch was the stated direction (there can be only one, and that one is UWP). Then, there was a change in that direction (with native UWP apps no longer being a focus). With Windows 11, the original Snipping Tool is again the primary app, and it will (over time) pick up any missing Snip & Sketch functionality.
Core functionality and infrastructure
Finally, no more UI stuff. Let’s talk about more of the “behind the scenes” stuff.
If you are running any combination of Windows 11 and Windows Server 2022, there is a new feature that can greatly improve file copy performance for certain types of files. That feature is SMB compression, which automatically compresses the file content on the source computer and then decompresses it on the destination, working on the assumption that the computers have plenty of CPU available to do this, with the network throughput being somewhat limited.
This works great for things like VHD files (which are not compressed in any way), but is much less effective for already-compressed files (e.g. WIM files, zip files). With the current releases of Windows 11 and Windows Server 2022, an algorithm will determine if compression should be used. This algorithm will check to see if at least 100MB of the first 500MB of content transferred can be compressed; if it can’t find at least 100MB that is compressible, it will stop using compression for the rest of the file. That behavior is expected to change in the next version of Windows 11, when it will always use compression when it is requested (so you might want to be a little more selective when specifying compression in the future).
You can enable compression at the file share level:
New-SmbShare -Name "Sales" -Path "C:\sales" -CompressData $true
Or when mapping a drive:
New-SmbMapping -LocalPath "Z:" -RemotePath "\\fs1.corp.contoso.com\sales" -CompressNetworkTraffic $true NET USE * \\fs1.corp.contoso.com\sales /REQUESTCOMPRESSION:YES
Or explicitly with XCOPY and ROBOCOPY:
ROBOCOPY \\server\disks$ c:\disks /COMPRESS XCOPY c:\hypervdisks\*.vhdx \\server\disks$\ /COMPRESS
You can also force it on or off via the registry:
Windows 10 was shifting from language packs (LPs) to language experience packs (LXPs). With Windows 11, that has shifted somewhat. For the 38 languages that have full language packs, plus five additional languages that are based off of other full languages, you should use the LP.CAB, and these languages can be included in an image (surviving sysprep).
The remaining 67 languages (which used to be available as language interface packs, or LIPs, or as LXPs) are now only available through Settings, where the end user can install them themselves, even if they don’t have admin rights. There’s no supported way to add these languages through any other means.
LXPs overall had plenty of challenges, so I understand this backpedaling. The only challenge is for the end user in those 67 languages, as they would need to be able to navigate through Settings in whatever language is available to then install the language interface pack that they want.
See the Windows IT Pro blog post that originally disclosed this.
With Windows 11, cumulative updates will be smaller, with a size reduction of up to 40% possible compared to Windows 10. This is done through an improved file differential payload algorithm. You can read more about these improvements here, although you might get a headache trying to follow along.
There are also improvements to the packaging of servicing stack updates (SSUs) with cumulative updates (CUs, e.g. what’s released every patch Tuesday). There was some bumpiness when SSUs were first included in CUs, but most of that now appears to be worked out. The same blog above that talks about the size reductions also explains the format changes in the cumulative updates. But there are some consequences of that:
- You can no longer extract the CAB file from within the MSU file. That’s likely to break MDT, as it does that by default when you import an MSU into a deployment share. (As a workaround, just use WUSA.EXE /quiet /noreboot to install the MSU file as a step in your task sequence.)
- You can’t directly uninstall an update using WUSA.EXE in the same way that you did before. Instead, you need to use DISM /online /get-packages to find the name of the (non-SSU) package that you want to remove, then use DISM /remove-package to remove it.
Windows 11 on ARM improvements
Windows 10 running on ARM64 CPUs had some significant performance issues due to the amount of emulated 32-bit x86 code that needed to be executed. With Windows 11, there is now full support for emulated 32-bit x86 and 64-bit x64 code. That enables just about any application to run on top of Windows 11. That by itself doesn’t improve the performance any though. For that, ISVs can leverage ARM64EC which enables partial native code (e.g. just the compute-intensive parts of a video-editing app) in a single binary that supports both x64 and ARM64 execution. This helps the operating system itself as well, as many of the built-in DLLs now support this ARM64EC packaging for native execution of much more “stuff.”
Since 64-bit x64 apps are now supported, you can also run 64-bit Office and have full support for x64 plug-ins.
At the same time, there is now ARM64 support for Electron apps, so Visual Studio Code, Microsoft Teams, and similar apps packaged with Electron (basically, a Chromium engine) will perform much better.
See this blog for more details on ARM64EC.
I am still a fan of ARM64 devices, at least for lightweight consumer-ish consumption scenarios (e.g. something better than a low-end Chromebook). Maybe in the future there will be faster ARM64 processors that will result in computers that target power users, but for now, these are more useful for people who value very long battery life, lightweight, and usually fan-less operation with respectable (if not great) performance.
I still do wish that these ARM64-based devices would be treated the same as x64-based devices (e.g. Microsoft should provide ARM64 media so you can create and deploy your own custom images with MDT or similar tools).
New MDM settings
The list of new MDM settings in Windows 11 was published in the official documentation, and it is surprisingly small for a new operating system version. This is the complete list:
Basically, there are a few new policies for the new Start menu and task bar, and a few security-related settings tied to existing security features, but that’s it.
Additional ADMX-backed MDM policies
From the original announcement:
We enabled over 1400 new mobile device management (MDM) policies. With them, you can configure policies that Group Policies also support. These new MDM policies include administrative template (ADMX) policies, such as App Compat, Event Forwarding, Servicing, and Task Scheduler.
That’s not really Windows 11-specific, as the same changes were made to Windows 10 releases (2004, 20H2, and 21H1, so therefore in 21H2 too) via a cumulative update released prior to the Windows 11 release. But it is still a welcomed change.
What exactly does this mean? It means that GPO settings that were in ADMX files that weren’t on the “allowed” list in Windows are now all allowed — no more artificial limitations from Microsoft that block you from using existing settings for MDM-managed devices. This is effectively a full retreat from the original MDM positioning (which was effectively “fewer, bigger knobs”).
New GPO settings
In theory you can download this spreadsheet to tell you what policies have been added or changed in Windows 11. But it’s not nearly as simple as it should be:
- Settings that had changes to the text descriptions but are otherwise unchanged are still flagged as changed, so don’t panic too much when you se all the changes.
- Settings are tagged as “21H2” which is somewhat ambiguous as there are both Windows 10 21H2 and Windows 11 21H2 releases. Since there is a separate spreadsheet for Windows 10 21H2, it should be safe to assume that the Windows 11 one only has Windows 11 stuff (for 21H2 at least, even though there are still Windows 10 headings in the sheet).
Scanning through the Windows 11 spreadsheet, I didn’t see too many “new” or modified settings that were of interest. These two probably are worth some additional investigation:
- Allow widgets
- Configure the inclusion of Microsoft Edge tabs into Alt-Tab
Windows as a Service changes
Up until the release of Windows 11, the Windows as a Service rules were:
- New feature updates twice per year
- 18 months support for each feature update for Home and Pro SKUs
- 18 months support for spring (H1) releases of Enterprise and Education SKUs
- 30 months support for fall (H2) releases of Enterprise and Education SKUs
When Windows 11 was announced, that changed:
- New Windows 11 feature updates once per year, in the fall (H2)
- Windows 11 Home and Pro will get 24 months of support with each feature update release
- Windows 11 Enterprise and Education will get 36 months of support with each feature update release
That’s a welcome improvement, especially due to the one-release-per-year schedule. And with 36 months, organizations could potentially deploy a release every other year.
Later, similar changes were announced for Windows 10, with one significant difference: The Enterprise and Education SKUs would only get 30 months of support, not 36. For those considering skipping a Windows 10 release, that doesn’t work quite as well as you could be too squeezed for time. The extra six months with Windows 11 would be more useful. See my previous blog for more details.
Also note that new LTSC releases of Windows 10 (e.g. the one that just came out) and Windows 11 (none of which have been released yet) will only be supported for five years, not ten. Yet another reason to not use LTSC.
Windows Update for Business changes
If you have devices that talk to Windows Update directly that support the Windows 11 hardware requirements, those devices will be offered the Windows 11 upgrade if the user has admin rights. To prevent that from happening, you would need to apply Windows Update for Business settings (or point your devices to WSUS).
If you already have your devices configured for WU for Business or WSUS, you don’t need to do anything to prevent the devices from upgrading to Windows 11 — you are in total control. With WSUS, you would explicitly approve the feature update. With WU for Business, you need to set a “Select target feature update version” policy (available after installing the September cumulative update for Windows 10) to specify the product version (“Windows 11”) and target version (“21H2”) that you want to deploy. If that product version isn’t set, the device will only be offered Windows 10 releases.
Overall, this is a reasonable behavior. See the official documentation for more details.
Official announcements for Windows 11 claim better performance for the foreground application because it will run with even higher priority than it did in the past. (Gamers had configured a Win32PrioritySeparation policy in the past for the same reason, to give the foreground game as much CPU as possible, at the expense of background processing.) While those announcements were made, I can’t find any proof of this or notice any changes in behavior. Your mileage may vary.
Devices running Windows 11 are also supposed to resumer faster from sleep, as the RAM in the computer can remain powered, eliminating any disk I/O required to do the resume. (Presumably this requires some hardware support for the specific sleep state required to do this.)
The biggest change is support for Intel’s 12th generation Alder Lake processors, as mentioned in part 1. You will probably want to run Windows 11 on these CPUs to get the most performance out of them.
(We already discussed the performance-related improvements on ARM64, so no need to repeat them here.)
Some other random items that are worth mentioning:
- Windows 11 has better support for voice typing and commands throughout the OS, to let you use your voice to do more than just simple text input.
- There are new sets of sounds in Windows 11.
- The Windows Subsystem for Linux in Windows 11 now support GUI (X Windows) apps.
- Windows 11 supports USB 4 and Wi-Fi 6E (with appropriate hardware).
Still to come
There were some features announced for Windows 11 that ended up not being ready by the time Windows 11 released. Some of these could be delivered on top of the existing Windows 11 release via cumulative updates, but many (most?) will likely wait until the Windows 11 22H2 release:
- Windows Subsystem for Android, allowing you to run Android apps (either sideloaded or from the Amazon App Store) on Windows 11. This is currently only in preview. Whether this turns out to be useful for those that aren’t developers remains to be seen. This also has some hefty memory requirements (e.g. 8GB RAM recommended) since you’re running a full Android VM.
- Global mute. The idea was simple, to be able to mute everything (input, output) from the task bar, but that’s not yet there. And it sounds like it might not be something automatic either — apps would need to explicitly implement support for this. So whether this ever becomes truly useful remains to be seen.
- Variable refresh support for displays and video cards that support it. This can reduce battery consumption by reducing the refresh rate when you don’t need it (e.g. slow when just staring at a static page, but fast when running a game or seeing an animation). It appears the OS support is there for this, but drivers need to support it as well and those aren’t yet ready. So stay tuned.
- New Mail & Calendar app. With any luck, we’ll have the new Project Monarch version of Outlook in the Windows 11 22H2 release of Windows. But since that app hasn’t yet been seen outside of Microsoft (meaning that it’s probably not ready for public preview yet), that might be a little in doubt.
Each Windows release typically removes something; Windows 11 is no exception. Nothing too major has been removed this time:
- Wallpaper settings no longer roam (via MSA or AAD accounts).
- Multi-app kiosk support is missing, although it will be back at some point in the future (maybe 22H2).
- Tablet mode is gone (as mentioned previously).
- S Mode is gone, except on the Home SKU (for reasons unknown).
- Internet Explorer is gone, although the IE engine is still there (just no IE icon/executable).
- The Timeline feature is no more. Features that people don’t use have a very short lifespan.
- The Wallet app/feature is no more. Even though it wasn’t used, it survived longer than most expected.
- The simple mechanism for configuring default apps (web browser, mail, etc.) has been removed, replaced with a UI that requires configuring each file type/extension and protocol separately (similar to what you would do via DISM). As there’s been a lot of negative feedback around this, improvements have been made in Insider builds, so this one might be at least partially fixed in the near term.
- WDS no longer supports deploying OSes. It can PXE boot Windows PE boot images, but those images can’t pull OS images of Windows 11 from the WDS server as the support for doing this has been removed from SETUP.EXE. That means you would now need to use MDT or something else to provide that logic.
- The private (enterprise) store has been removed from the store app.
- Some in-box apps have been removed: 3D Viewer, OneNote for Windows 10 (no more UWP version, just the Win32 version remains), Paint 3D, Skype
I did a whole blog post on the Windows 11 hardware requirements, but I’ll summarize here:
- Processor: 1GHz or faster, 64-bit only, 2 or more cores, 8th generation or above (with two 7th gen exceptions)
- RAM: 4GB or greater
- Storage: 64GB or greater
- Firmware: UEFI, Secure Boot
- TPM 2.0
- Display: 720p or greater, 9” or larger
- Internet: required for Home and some features
These requirements aren’t really performance-oriented (and you can buy some really awful CPUs, e.g. an Intel Celeron J4125, that fully support Windows 11). Even Microsoft’s own explanation focused on security, reliability, and compatibility — not performance.
I believe the #1 reason is security. Microsoft wants you to use existing Windows 10-era security features that have specific hardware requirements (e.g. HVCI/VBS, TPM, Secure Boot), and those features don’t have sufficient adoption on Windows 10.
(Note again that Windows 11 doesn’t have any new security features.). The “reliability and compatibility” items are more like “side effects” of the security requirements (e.g. drivers that support HVCI/VBS are inherently more reliable).
UEFI and Secure Boot shouldn’t be a concern because you need protection before the OS can protect itself. TPM 2.0 shouldn’t really be a concern because all machines made in the past several years include TPM 2.0 support (you might need to turn it on).
Certainly the CPU and RAM requirements are reasonable, and 32-bit OSes should have probably died years ago (kept alive by low-end netbooks and tablets). The disk requirements should probably be more stringent, with better performance requirements (e.g. SSD, not eMMC or spinning drives), instead of just a minimum (and really at 64GB, bare minimum) size.
So much for being shorter than the previous one 🙂
Categories: Windows 11