Windows 11 get started

Source Microsoft https://c.s-microsoft.com/da-dk/CMSImages/Windows-11_1083_Hero_Latest.jpg?version=eab61d0a-2d4e-0e54-4094-8cd3885f553d

 

Introduction

Everyone thought Windows 10 would be the last operating system from Microsoft. Personally, I thought that could not be true. Guess what, Microsoft is presenting the new Windows 11 on October 5^th. I am super happy about the announcement as I think Windows 11 bring value to the table. Some would say it is a service pack to Windows 10, but it is not. Windows 11 is designed to support today’s hybrid work environment and intended to be the most secure and connected Windows platform so far.

Windows 11 shares the foundation of Windows 10 so you will have application compatibility from Windows 10 and if you invested in device management systems that will most likely be able to manage your Windows 11. One thing is sure. Configuration Manager and Microsoft Intune from the Microsoft Endpoint Manager suite are ready to do the job.

In this article we will cover the ways you get started with Windows 11.

 

Windows 11 device requirements

Before you can even think of installing Windows 11 there are some system requirements that needs to be met. 

Note that Windows 11 does only come as x64 bit system.

Hardware	Requirement
Processor	1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).
RAM	4 GB
Storage	64 GB or larger storage device
System firmware	UEFI, Secure Boot capable
TPM	Trusted Platform Module (TPM) version 2.0
Graphics card	Compatible with DirectX 12 or later with WDDM 2.0 driver.
Display	High definition (720p) display that is greater than 9” diagonally, 8 bits per color channel.

Windows 11 requirements - What's new in Windows | Microsoft Docs

 

Windows 11 license requirements

Nothing new here. Same requirements as for Windows 10.

 

Windows 11 Servicing

Windows 11 will receive monthly updates and bug fixes like Windows 10. Nothing new here.

Windows 11 will only receive feature updates one per year where Windows 10 receive twice a year.

Get your environment ready

Depending on your current environment, there are some actions to take before being supported on Windows 11.

 

Configuration Manager

• Configuration Manager 2107 What's new in version 2107 - Configuration Manager | Microsoft Docs
• ADK for Windows 11 Download and install the Windows ADK | Microsoft Docs
• To deploy Windows 11 updates – remember to tick the new Windows 11 in products

 

Readiness report

If you use tenant attach you can easily make use of insight in Endpoint Analytics which will give you a nice overview of which devices are capable and not capable of upgrading.

If you cannot use tenant attach and Endpoint analytics there is also a Hardware readiness PowerShell script that you can run in the link.

Understanding readiness for Windows 11 with Microsoft Endpoint Manager - Microsoft Tech Community

 

Upgrade Windows 10 -> Windows 11

• Servicing
• Upgrade Task sequence
• Bare-metal Task sequence

 

Microsoft Intune

You don’t have to do anything. It is already supporting Windows 11.

 

Readiness report

If you are licensed to Endpoint Analytics you easily get insight on your environment if devices are capable or non-capable to upgrade to Windows 11.

Understanding readiness for Windows 11 with Microsoft Endpoint Manager - Microsoft Tech Community

 

If you need even deeper insight, you can collect custom inventory.

How to collect custom inventory from Azure AD Joined devices - Microsoft Tech Community

Upgrade Windows 10 -> Windows 11

You are most likely using Windows update for business. If you have Windows 10 or later ring enabled, it will not upgrade your devices to Windows 11. It will stay on Windows 10 and add the feature update that become available for Windows 10 and that only.

To upgrade to Windows 11, you will have to use the Feature update deployment to move the device from Windows 10 to Windows 11.

 

As Windows 11 is released 5th October, you should not try to use this feature before after the launch.

Summary

Exciting new Windows 11. I have been running it in preview builds and it looks and works very nice.

I hope this post helped you to get started on your Windows 11 journey.

Happy deployment!

Welcome to MEM tips and tricks

 

This is the first video on the brand new MEM tips and tricks YouTube site created by Mindcore’s Mattias Melkersen. The place to see and learn practical endpoint management skills in the real world.

 

How to setup OneDrive using Settings Catalog

Introduction

OneDrive has gained a foothold in most companies. It makes sense to use because of the 1TB available storage (based on the right licenses) and the ability to have a sort of “Backup” for your desktop, documents, and pictures.

In a given Microsoft Intune setup it is also standard to create policies to setup known folder redirection which now changed name to PC folder backup - read more here.

When it comes to setup these policies we used to go to the “Administrative templates” which looks like the ADMX (GPO structure) we used to use in our on-prem environment. Now the good news and what this blog post is about is how to set up OneDrive settings using Settings Catalog which is the better choice for reporting.

 

Requirements

• Microsoft Intune

 

Setup the most common OneDrive settings

Go to endpoint manager

Press devices and windows

 

Press Configuration profiles and create profile

 

Choose Windows 10 and later, Settings catalog (preview) and press create

 

Give it a name and press next

 

Press add settings

 

To be sure we get the settings for the platform we like to manage, you first filter for that.

Next write “Onedrive”

Press search

 

Choose setting accordingly.

You need to find out with your organization if your users are allowed to add other organizations. If not, then configure this setting. (value will be shown later in this post)

 

We were recently given the possibility to exclude certain file types from synchronizing to OneDrive. I like to stop synchronizing shortcut files as they fill up my desktop.

 

Who want to allow personal OneDrive on a company owned device? Not me, so I configure this setting as well among others (see screenshot)

 

1. I prevent OneDrive to be setup with any other tenant than my company tenant.
2. I exclude *.lnk which is link files (Shortcuts) so they do not upload and sync to my other devices.
3. I prevent OneDrive from syncing with personally owned OneDrive accounts.
4. Setup a update ring for updating OneDrive on the clients.

 

5. I want OneDrive to automatically move desktop, documents, and pictures to OneDrive for backup reasons. Fits better into my strategy to quickly be able to work on a new device.

6. I want to silently sign in users to the OneDrive with their Windows credentials. If you enable this setting, users who are signed in on the PC with the primary Windows account can set up the sync app without entering the credentials for the account.

7. Sync Admin report let me see OneDrive healthy status on the OneDrive Sync health center.

8. On-demand to save bandwidth in case your users has a lot data in OneDrive, then only meta data is downloaded, and finally fully downloaded once the user click on the file.

 

Assign the profile. I do that to all users. You might need to differentiate who get it, then use a groups or filters.

 

Next

 

Create the policy

 

If you head back to the Configuration Profile and click the new OneDrive policy you will immediate see the difference from Administrative templates to the settings catalog reporting.

If you click the “Per setting status”

 

You can see a per setting status, and it is called “Compliant” instead of the usual “Succeeded”

 

Summary

Using settings catalog is a great thing as we get more and more policies enabled. Does it make sense to migrate your old settings? It depends. What would you like to benefit out of it? The settings from “Administrative templates” does the job, but if you like the smooth reporting, go ahead and create those settings for OneDrive now available in the Settings Catalog.

Another cool thing is to keep an eye on your OneDrive health sync portal, to give critical information to your users, in a situation where they shift device or other scenarios where files are stuck.

OneDrive health center can be found here

Happy testing!

 

For more content on the health portal, see this video:

Cutting Edge Microsoft OneDrive Insight Capabilities explained - YouTube

Test base – test you most critical apps automatically against insider builds

Borrowed from Microsoft

 

Introduction

Test Base for Microsoft 365 is a validation service made for Software Vendors and System Integrators.

Why should that be interesting for you as a Configuration Manager or Intune admin?

Because most businesses does have critical applications that they like to test properly and to make sure the applications work on the next Windows feature level.

Test Base is a service in Azure that will help you test your applications against a subset of OS versions after your choice. That could be the insider of the next Windows 10 build or even Windows 11, to make sure you are all set for next version of Windows feature rollout.

In the end this will give you a good indication of how your app stack will behave, save you a lot of time and make you sleep better!

Important question: How much does it cost?

At least while in preview it is free. Customers will be charged once it go GA

Requirements

• Azure Subscription

How to set it up

Browse to https://portal.azure.com/

Search for “test base” and click on “Test Base for Microsoft 365”

Press Create

Tick “I confirm I have read and acknowledged the terms of use above”

Choose your subscription

And choose “Create new” on the resource group

Give it a name and press ok

Choose Resource Group Location and create a Test Base Account Name

Validation passed and we can press Create

Test Base was deployed and ready to be used.

NOTE: Before you proceed from here you should already know what applications you would like this service to test.

Click “Go to resource”

Press “Upload new package” and let’s start adding details to the work we would like Test Base to go through.

I’ve used 7-zip in this example:

Add package name

Add package version

Choose the test type

NOTE: the Out-of-Box (OOB) test performs install, launch, closed and uninstall of your package. After the install, the service will launch and close the application 30 times before continuing to uninstall the application. Scripts will run for 80 minutes at the most.

OS update type I’ve selected Security updates and feature updates.

NOTE: The Security updates enables your package to be tested against Windows pre-release monthly security updates
The Feature updates enables your package to be tested against Windows pre-release bi-annual feature updates builds from the Windows Insider Program.

Mark the Windows builds that you like to test against

Select “Insider Beta Channel”

Select “Windows 10 21H1”

Press “Next”

Before we can proceed with this step, we need to create a ZIP file with a certain format.

TIP: There is no limited number of ZIP files you can uploade, but the size is limited to 2GB per ZIP.

Go to your application(s) you want Test Base to go through.

Inside the application folder we need certain binaries to be present.

First of all, we need the application. This is because the test base will install the product inside a virtual machine.

Second of all, we need a script that can open the applications executable for test base to open op the program.

Third of all, we need a script to close the process that the second script opens. This is because test base performs the “launch action” 30 times and then the “close action” 30 times.

And finally, we need a script to uninstall the application, to make sure the machine can be cleaned up.

All the scripts are very basic and does not contain error handling:

TIP: If your script exists with other than 0 the operation will fail, and the sequence stops.

Script	Argument
Install.ps1	Start-Process -FilePath ".\7z1805-x64.msi" -ArgumentList "/QB ALLUSERS=1"
Open.ps1	Start-Process -FilePath "C:\Program Files\7-Zip\7zFM.exe"
Close.ps1	Stop-Process -Name "7zFM" -Force
Uninstall.ps1	Msiexec /x 7z1805-x64.msi /QB

Once the scripts have been made and saved inside the application folder - ZIP the folder.

Back to the instructions of test base

Browse for the newly created ZIP.

Open it

Uploaded successfully

Click Next

Insert all of the scripts that will do the jobs. If you need the virtual machine to be rebooted after the application install, tick the “Reboot after execution”

NOTE: The script path should be like this app/script, so when having the scripts in the root of your ZIP, then the name for the folder + the script e.g., 7-zip/install.ps1

Once you added all the information, click Next

We did not add “Functional test”, so nothing to do here

NOTE: Functional test is a more a custom test method for Software Vendors. If you need more than the Out of box test can deliver you can use this feature and describe your flow Functional testing on Test Base | Microsoft Docs

Press Review

Press Create

Now be patient. The test process will take some time. But once it completed you will be able to see the result on the “Test Summary” page

You get a lot of data that you can pull out for documentation purposes.

NOTE: you can download a video of the test process, but you cannot get access to the actual virtual machine.

Summary

This was Test base and how you set it up to test your most critical applications towards the newest Windows builds before security patches and feature updates apply to your production environment. I thrilled about the idea and makes me sleep better when Windows evergreen is doing its thing.

Happy testing!

Source: Test Base for M365 documentation | Microsoft Docs