Back in early 2023, I argued in a blog post that 2023 would be a good year to evaluate Windows 11 so that you could start deploying it with the release of Windows 11 23H2 around October of this year. That made the assumption that Windows 11 23H2 would be another full feature upgrade (in-place upgrade), so you would minimize your effort getting to Windows 11 (no need for multiple Windows 11 upgrades), avoid the potential challenges of a Windows 12 release in 2024 (bigger changes expected in the 24H2 release, regardless of what it’s going to be called), and get Windows 11 fully deployed before the October 2025 end of servicing for Windows 10.
But now that Microsoft has confirmed that the Windows 11 23H2 release will be made available as an enablement package, there’s really no need to wait: start deploying Windows 11 22H2 whenever you can get around to it, knowing that the move to Windows 11 23H2 will be trivial (with the enablement package needing to be deployed prior to the 22H2 end of servicing date in October 2025).
So you can start deploying Windows 11 22H2 now and continue for up to two years, which should be an achievable pace. As discussed previously, Windows 11 is essential for ARM64 machines, and a good idea for any 12th and 13th generation Intel CPUs (those with performance and efficiency cores), so start with those.
The biggest issue I would still like to see resolved: a good way to remove the in-box consumer Teams app. You can live with it being there (hiding the chat icon from the task bar), but it’s a pain to remove, at least in a supported, persistent way.
Beyond that, the biggest obstacle would be Windows 11 hardware requirements:
- Machines with too-old CPUs (prior to 8th generation) need to be replaced.
- Machines with new-enough CPUs but that report no TPM 2.0 support need to have TPM enabled in the firmware.
- Machines that aren’t using UEFI need to either be reimaged (after enabling UEFI in the firmware), or (carefully) done in place (talk to a consultant for how to do that).
- Machines that aren’t using Secure Boot should have that enabled.
Share this:
Categories: Windows 11
Out of Office Hours 
Hi michael, good afternoon! I know this post is off topic, but I removed Microsoft UEFI CA 2011 from my db secure boot, can I put it back again just using basic powershell “Set-SecureBootUEFI” without modifying my PK, KEK? Everything is in place except for this certificate = ( Thank you and your blog is amazing!
LikeLike
I’ve never tried to do that, so I don’t know what it would take. The doc at https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11 seems to be a good start.
LikeLike
I’m surprised you haven’t learned:
1
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Communications /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f
LikeLike
I did a post about this sometime back, but it hasn’t been reliable — I’ve seen it come back again in two different instances, one after a monthly patch and one after a feature upgrade (21H2 to 22H2). Hence why I said “a reliable method.”
LikeLike