Microsoft explains how organizations can use Intune to upgrade from Windows 10 to Windows 11

Microsoft has outlined the steps that IT admins can leverage to upgrade their organization to Windows 11 using Intune in a "cloud-native" management solution.

A picture with Windows 10 and Windows 11 stock wallpapers blending

The timer for Windows 10's end of life is counting down and while organizations can pay for Extended Security Updates (ESU), it might not be financially feasible for them to do so. In cases like these, it is in both the enterprise customer and Microsoft's benefit to upgrade to Windows 11 as seamlessly as possible. To that end, the Redmond tech giant has published a detailed guide explaining how companies can upgrade to Windows 11 through Intune.

Microsoft has emphasized that this guide is primarily intended for domain-joined or co-joined Windows 10 PCs in order to perform a cloud-native migration to a state where the device is running on Windows 11 and is Entra-joined with Intune.

To get started, customers obviously need to confirm that their hardware meets the requirements for Windows 11, which includes the dreaded TPM 2.0. This can be confirmed through Microsoft Configuration Manager or Endpoint Analytics in Intune. In addition, tools like Windows Autopatch, Configuration Manager, and Windows Server Update Services (WSUS) should be employed to update Windows 10 devices to the latest supported version, which is version 22H2.

IT admins should also synchronize identities from Active Directory (AD) to Entra ID, configure and validate a hybrid join, prepare the Intune environment with the required licenses and admin roles, and enable co-management in Intune and Configuration Manager.

Next, Group Policy Objects (GPOs) should be rationalized, redundant policies should be replaced, Intune configuration profiles should be set up, and Intune policies should be configured to deploy the update in phases. Then, Windows Autopatch should be leveraged to deliver the update and monitor the rollout.

Applications should also be migrated from Configuration Manager to Intune for packaging, testing, deploying, and assigning them to the correct device groups. IT admins should also be vigilant in decommissioning the old deployments in Configuration Manager and updating the relevant documentation.

The final step of this process involves transitioning from a domain network-joined setup to Entra ID-joined. This is a multi-step process, so make sure to check out the details here. Microsoft believes that this cloud-native migration approach will ensure centralized and streamlined management, enhanced security, an optimized UX, reduced reliance on legacy infrastructure, and allow IT admins to leverage Copilot in Intune.