Wow, this is an overdue article. Because it is related to something that happened while I was contracted to Microsoft, I decided to add my old (but modified) disclosure.
**DISCLOSURE: While I have previously been contracted to Microsoft Corporation, I have never been an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee, contractor, spokesman, or representative of any sort for the company. As has always been the case, all articles on this website represent me and nobody else.
In the spring of 2015 Microsoft announced they were going to release Windows 10, which would be the last desktop operating system they would release. The intent of this, as memory serves, was to shift people from purchasing a single version of the operating system and moving to a subscription model… essentially Windows as a Service model. So whereas previously if you had purchased Windows 7, you would then need to purchase Windows 8; even if you were offered a free upgrade (which was not uncommon), you would need to install the new version by either upgrading in place, or else re-installing. Both of these needed to be done from the original source media.
Windows 10 would be different. You would install it once, and then all future OS versions would be deployed directly as a software patch, just as monthly security updates have been for years.
A careful reading of the previous paragraphs exposes an inconsistency, doesn’t it? In the one, it says that Microsoft claimed that Windows 10 would be the last desktop OS, but in the other, it says that future operating systems would be deployed as a patch. The two cannot be entirely correct, can they?
In fact, they are both truthful… from different perspectives. The intention was for Windows 10 to be the OS that people used and talked about, but twice yearly they would release new feature updates, which would really be new operating systems… but they would still be called Windows 10, and the end user would not have to worry about reinstalling or upgrading… it would just happen naturally. For end-users that meant that the new version would be installed through Windows Update without any effort or even awareness on their part. For corporate devices it would be deployed through the centralized update tools that they used – whether that was one of Microsoft’s offerings (such as Windows Server Update Services (WSUS), Microsoft Configuration Manager (currently called MCM but that name has changed at least four times since I first became aware of it), or Microsoft Intune), or any of a number of third-party offerings.
The Windows 10 operating system was first released in July, 2015, and the version number was 1507 – so designated because of the year (2015) and month (July – 07) of release. That numbering system would last until later in our saga. Keep reading and you’ll get there!
And so 1507 was upgraded to 1509, and then 1603… and continued on through 1609, 1703, 1709, 1803, 1809, 1903, 1909, 2003, 20H2, 21H1, 21H2, and finally the last version was 22H2.
Why the change from 2003 to 20H2? There were a couple of reasons. The first was that Microsoft had a previous operating system called Windows 2003. While this was true, the more likely reason was that they had missed almost every single release target… for example, the 1903 release, which according to their system should have been released in March of 2019, was not released until May. They took a lot of public ribbing for these missed targets, and while they absolutely did the right thing by not releasing a flawed and buggy version for the sake of hitting a deadline, the critics were unrelenting. In the end they changed the version numbering to more accurately reflect the spring release (First half of the year, or H1) and the autumn release (Second half of the year, or H2).
As such, there would eventually be fifteen (15) versions of Windows 10. From the marketing (and purchasing) side, they were all a single operating system. From the technical side, Microsoft continued to release new features twice yearly, and so the fifteen versions were really fifteen different operating systems. As a former desktop deployment specialist, I thank them for not making us deal with them as we used to!
While Microsoft never formally announced it, a Microsoft developer evangelist announced in a technical session prior to the release of their new OS that: “…Windows 10 is the last version of Windows.”
My first exposure to Microsoft Evangelists was in 2005. Over the next several years I would work closely with the Canadian Evangelism team, and for nearly two years I was on the team for Microsoft Canada. Whatever public statements the company may release, people listen to the Evangelists like (pun intended) gospel. That is why when I started working with them, and especially when I was given the title and started criss-crossing the country, it was always made very clear that we needed to follow the company message very closely. The tongue-in-cheek comment made by Jerry Nixon was widely reported, and to this day people remember it. Even I have made fun of the ‘last operating system… you know, until then next operating system!’ when Windows 11 was announced.
Still and all, what was the purpose of the change from Windows 10 to Windows 11? Who cares?
The answer is simple: Consistency and Security.
If you purchased a computer in 2015 with Windows 10 on it, then whatever changes Microsoft might make to Windows 10 over the course of the years, you should still be able to run it on your original Windows 10 computer. Many of us remember needing to purchase new computers to run Windows Vista because of the massive increase in resource requirements over Windows XP, and that shift caused massive blowback for Microsoft. While people like me (and probably the majority of my readers) may upgrade our computers every couple of years, the average user does not see the need. Most of them believe that if the reasons they bought their computer in 2002 have not changed, then the computer that did the job for them then should still do the job for them now. Why should they need to buy a new computer every time Microsoft releases a new operating system? Microsoft knew that while they might add features to the OS, whatever they might call it behind the scenes it would need to continue to work on the same computer that it originally worked on. That is the Consistency side of the equation.
On the other side, there was the Security side. The security embedded in our devices have advanced tremendously over the past fifteen or twenty years. I remember the disappointment I had when I discovered that my first computer specifically purchased to run Windows Vista did not have a Trusted Platform Module (TPM) chip, and that to take advantage of the new Bitlocker full drive encryption that I had been looking forward to I would need to carry around a USB key that I would need to insert into my computer every time I wanted to turn it on.
On January 15, 2002 Bill Gates released the Trustworthy Computing Memo. In it he claimed that security would now become Microsoft’s top priority, and they would shift from the agile release of new features and products to reliability, security, and privacy. For the first time since the company’s founding, security and reliability would be fundamental design principles, and not afterthoughts. He said that ‘…Microsoft must transform its entire development approach to ensure products are secure from the ground up, and that they must lead the industry to a whole new level of trustworthiness.’
The initiative was prompted by rising criticism from major customers (governments, financial institutions) and the impact of major worms and attacks (e.g., Code Red, Nimda). Gates cites that unless Microsoft addresses systemic security issues, customers will not adopt the company’s future innovations.
For those of us who were following the industry at the time, it sounded like a pipe dream. I remember studying Windows 2000 and seeing glaring security vulnerabilities in it… but on the desktop side of things, any security that might have been in Windows 98 was an accident.
It took a few years, but Microsoft made good on Mr. Gates’ promise. Their first new desktop release – Windows Vista – had been rewritten from the ground up, and while it had many failings, the truth was that it was much more secure than Windows XP. Windows 7 and then 8 and finally Windows 10 had the ability to be extremely secure… as long as the users or admins did what they needed to ensure that security. There were still a lot of glaring holes in that security though… and it was no longer Microsoft’s fault.
The advancements in security at the hardware level were tremendous. I will not go into details, nor would I ever claim to be an expert in them, but by 2020 it was clear that to truly secure a computer from the hardware up, one could employ the features of the later generations of CPUs (Intel 8th-gen or AMD Zen 2+), the newer version of the Trusted Platform Module (TPM 2.0), and a Unified Extensible Firmware Interface (UEFI) that had the Secure Boot feature.
While UEFI and Secure Boot had been available since 2006, and the TPM 2.0 was released in 2014 (less than a year before the release of Windows 10), the more secure generations of the CPUs did not begin to appear until 2017… two years after the launch of Windows 10.
Microsoft was left with a difficult decision. Should they continue to support Windows 10, on which security was only an option on modern hardware but you could continue to run it without modern security on older hardware? Or should they change their long-standing policy of consistency by telling users that their older hardware would no longer support what many people thought was the same operating system they had been running for years? Or should they pull the trigger… which is what they did.
They announced publicly that they were pulling the trigger on June 24, 2021. They told the world that while their existing Windows 10 operating system would be supported through at least the next three years, but that they were releasing the new Windows 11 later that year… which is what they did. They announced the new minimum hardware requirements, including the newer CPU, the newer TPM, and the UEFI (which was not so new).
On October 5, 2021 Windows 11 was released. A month later they would release Windows 10 21H2, and a year later they released Windows 10 22H2… the 2022 Update would be the last release of the operating system once touted as the last desktop operating system.
The reception of Windows 11 was mixed. Most people looked at it and saw the Start Menu was no longer in the bottom-left corner of the screen, and the actual menu was completely different from what was introduced in Windows 8.1. The complaints that Microsoft released a new operating system with cosmetic changes just as a cash grab were as loud and plentiful as they were completely ridiculous. For one thing, you did not have to pay for it. If your computer met the minimum hardware requirements, Windows 11 was distributed through the same Windows Update process as every previous version of Windows 10.
The reason most people did not see beyond the cosmetic changes is obvious. Most users are hardly aware of the security features in their computers. When you buy a car most people do not ask about or even give a second glance at the seatbelts, and the airbags and other safety features are completely irrelevant to them… unless they are in an accident. Their computer is no different.
Any computer that did not meet those minimum requirements mentioned would the following month receive the new release of Windows 10, and would continue to receive them through October 14, 2025… four years and nine days after the launch of Windows 11. In lifecycle terms, the average service life of a laptop in corporate environments is 3-5 years, with desktop PCs usually at 4-5 years. While personal devices have much longer lifecycles (as long as ten years in some cases), most devices that had been purchased four years prior to the Windows 11 announcement would still be eligible for the upgrade.
I remember my disappointment when I realized that neither my Microsoft Surface Pro 4 (released in October 2015, purchased in January 2016) nor my HP EliteBook 8570w (purchased in late 2012 or early 2013) were eligible for the upgrade. It would run smoothly on my newly purchased Microsoft Surface Laptop 3. The Surface Pro was on its last legs… the battery was swelling which meant it was now less of a computer and more an explosive device. The HP? It is still sitting on my other desk next to where I am sitting now. It was running Windows 10 happily until last summer when I reprovisioned it to run Windows Server.
There are plenty of how-to blogs and videos on the Internet that will show you how to bypass the security requirements and run Windows 11 on your older hardware, but I am not about that. I did go through the motions to make sure that these hacks worked on the ten-year-old EliteBook, but only as a proof of concept. You cannot be a cybersecurity professional and use non-secure devices. Yes, it works; no, I definitely do not recommend doing it.
Conclusion
I have said many times that had I gotten on stage the first time I presented a Microsoft session to a professional audience and claimed that the Microsoft ecosystem was inherently secure, the reaction would have been bad. It was simply not true. When I speak of the security of Microsoft technologies today, I am comfortable in claiming that from the desktop operating system beneath your fingers through the corporate and cloud ecosystem that it connects to, there is true security. That does not mean that we IT Pros do not need to lock several components down – we do. However, in the modern age with a modern system the largest security risk to your computer is summarized in an acronym we call PICNIC… Problem In Chair, Not in Computer.
Yes, dear reader, that is you. Follow the recommendations and do not fall for social media scams and you should be pretty safe.
The World According to Mitch 
Leave a comment