Busting the Myth: Windows 11 Hardware Requirements

If you were to ask me to pinpoint the exact moment of IBM’s downfall and the great rise of Microsoft, it would be in the room in Armonk, New York where the IBM developers and the Microsoft developers were trying to create a new operating system for the new IBM-AT (based on the 16-bit 80286 microprocessor). The Microsoft developers wanted to use the entirety of the 16-bit capabilities of the new CPU. The IBM developers wanted to keep the company’s old promise that they would support their computers for at least seven years, and so insisted on developing it for 8-bit Intel 8088 microprocessors that their IBM-PC relied on. IBM would not budge, and so the team worked together to develop what would eventually be called OS/2, while Microsoft’s best and brightest went back to New Mexico (I do not believe they were in Redmond yet) and developed what would eventually be called Microsoft Windows. Pop quiz to see who won: Which one are you running on your PC today?

Windows 11 (2)Let me start by saying that I love the new hardware requirements of Windows 11. According to Microsoft, the requirements for Windows 11 (as outlined here) are a 64-bit CPU, 4gb RAM, UEFI (with Secure Boot), a Trusted Platform Module (TPM) 2.0 chip, as well as modern graphics. This means that for many of us with older (but still robust) PCs, we will be stuck on Windows 10… and when Windows 10 falls out of support, we will be forced to buy new hardware.

Following the release of Windows XP, Microsoft changed its model, with a stronger emphasis on security. Had I mentioned that the Microsoft ecosystem was secure the first time I stepped behind the podium at a Microsoft event in 2005 I would have been laughed off the stage. Things started to get better with Windows Vista (Yes, I know… but that most panned of operating systems was actually the proof of concept for tremendous advancements to Windows that are both loved and taken for granted in the modern Windows). With Windows 10 (released in July, 2015) there were tremendous security features… some of which relied on optional hardware, which meant that Windows could be the most secure operating system around… as long as you had TPM and UEFI and Secure Boot-capable hardware. A lot of the security features relied on a Hyper-V sandbox, which meant that if your hardware was not Hyper-V compatible, your security was second-best.

With the release of Windows 11 Microsoft decided that we would no longer have the choice. They decided to develop Windows 11 for the modern security capabilities that are only available in reasonably new hardware. This would have been a difficult decision indeed, considering the fact that Microsoft is also a hardware vendor, and that the Surface Pro 4 (released three months after Windows 10) will not support Windows 11.

My primary device is a Microsoft Surface Laptop 3. Released two years ago, it supports Windows 11 just fine. My secondary device, which I use primarily for teaching, is an HP EliteBook 8570w, which I purchased in 2013. It is a powerful and loaded machine with an Intel i7 CPU, 32-gigabytes of RAM, and 750gb of storage (in a 250gb SSD and a 500gb secondary drive). This machine is the reason I decided to settle on the 8gb RAM model when I bought my Surface Laptop earlier this year. It is a monster… and it does not support Windows 11.

SpyrusMy long-time readers are well aware that I have been a fan of Windows to Go (WTG) since it was first announced in Windows 8. My first article on the now deprecated feature dates to June, 2012. When Microsoft announced that they would no longer support WTG I was saddened, but then I realized that just because Microsoft won’t support it does not mean I have to stop using it. My primary WTG device has, for the past several years, been a Spyrus** Worksafe Pro. For the first few years I used the 64gb model, but a couple of years ago I upgraded to the 128gb device that I use to this day. Spyrus has always required the use of its own proprietary Spyrus Creator Tool to provision its devices, which means that it does not rely on the Windows tool.

I have been preoccupied with other matters the last few weeks, but this week I finally sat down and provisioned my first Windows 11 WTG key. I created it on the Surface Laptop, and then to test it I popped it into the HP EliteBook. I forgot that the older machine does not support Windows 11.

Imagine my surprise when the WTG device booted perfectly on the HP! It seems that the hardware limitations of Windows 11 are built into the installer and into the Windows Update path, but if it is installed on another machine it will work. Just like that, Spyrus has extended the life of my older laptop, proving once again that old and reliable is sometimes as good as new and shiny.

I want to be clear: I do not recommend using this as a way to permanently get around security requirements. I will continue to do my business-critical work on my primary (and completely compliant) device, and will use the Windows to Go ‘workaround’ as a way to extend the life of a laptop that may be old, but has not yet run its last race. It will never store critical data, it will not be used for banking, and I will not be logging onto any highly secure or sensitive sites on it. For teaching, for watching movies, for running demos and PowerPoint, and even for writing… this old workhorse (which has been to Japan twice, Australia, Cuba, 30+ states and 8 provinces) will not be put out to pasture just yet.

I recently reinstalled Windows 10 on the internal hard drive of the HP, and I will continue to use that for some things (can you imagine? It has been out for three weeks and not all of my customers have upgraded to Windows 11 yet??) while using the Windows to Go for others.

Conclusion

Getting around security requirements is seldom a good idea. With that in mind, I have said in many a lecture that good enough is always good enough, and perfect is never worth the cost. When evaluating the cost of replacing older but reliable and functional hardware with newer devices we should keep in mind that yes, it is a good idea to cycle our business-critical hardware on a frequent cycle (anywhere from every 3-5 years on laptops is recommended) but being forced to do so immediately to keep up with the modern OS release cadence can be costly. Using Windows to Go to evaluate software on older hardware is a good interim step to test the new OS before taking the leap to the newest operating system and investing in new hardware. It can also give us breathing room to wait a few months for budgeting and financing to come through if necessary.

Windows To Go is also a great way to allow IT Professionals, developers, and software testers to run the newest operating system and the legacy (but still modern) Windows 10 on the same device.

MDM Caveat

For the IT Professionals, be aware that Mobile Device Management solutions (such as Microsoft Endpoint Manager/Intune) take hardware hashes that of a managed device that are independent of the hard drive. As such, a device that is managed by MDM on the internal hard drive cannot be separately managed by the same MDM on the Windows to Go device. As such, joining your WTG device to Microsoft Azure AD to be managed by Intune will cause some confusion. Results may vary, but it is recommended that only one or the other be MDM managed.

**NOTE: As of very recently, Spyrus was acquired by Route1. As of this writing I am unable to find a link to purchase the Worksafe Pro. I have reached out to my contact at the company to see if they are still available.

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s