Queue the orchestra, the “Circle of life” is sometimes an interesting journey for operating systems like any awesome tool that was once shiny and new. 10 years have passed since it’s birth back in 2015, it’s been a heck of a ride. growing up there were its moments of weirdness in its teenage years, with some strained faces and head scratching, but after many patches and security updates in general I’d say it has paved the way for lots of smiles of joy.
Its stability and lack of blue screens of death compared with some of its older siblings alas this is not a obituary for Windows 10 rather as in its elderly stage of life (support) and seeing in the age of AI IT teams have been forced to make plans to get their devices onto Windows 11.
Officially Windows 10 approaches its end of support (October 2025), many IT teams are faced with the challenge of upgrading their systems. Rolling out a new operating system used to be a daunting task, but with the right tools, it doesn't have to be. This article will explore some considerations and touch on how Microsoft Intune can simplify the upgrade process and ensure your devices are compliant and supportable.
Upgrading an entire fleet of devices can be overwhelming, especially when considering the different needs of a BYOD (Bring Your Own Device) fleet versus a company-managed fleet. Ageing hardware and compatibility with Windows 11's AI toolset are also significant concerns. One example is that teams are telling me they are seeing the need for 16GB RAM being the base and 32GB setting up for decent device longevity. Lets take a look at some ideas as to how your team can plan for reducing the impact on users whilst still being able to achieve that compliance tick-box.
Microsoft Intune can identify which devices need an upgrade and if conditions are met, deploy Windows 11 like any other Windows update. Depending on your org’s endpoint management automation tools maturity level, it can help manage compliance status, ensuring that your fleet meets the necessary security standards. Endpoint policy’s user controls, hardware specs, network and battery status can all be configured / reported on via (Intune Fundamentals).
For example, a recent project for a client who required better understanding of compliance red flags. By utilising prebuilt security baselines in SureDeploy, our team was able to push policies into Intune and apply them to the fleet within a couple of weeks, enabling the internal IT service desk to take action and also automate upgrades where possible.
We see it day in day out, Intune saves countless hours by enabling automating device config’s, rapid management and in this context windows upgrades. It should be something on your list to research on managing deploying Windows 11.
The level of granularity required to achieve security compliance often depends on the security framework your organisation aligns with. Intune can help define and manage compliance status for your fleet, making it easier to adhere to frameworks like Essential Eight, NIST, or ISO 27001.
Having a system like Intune configured in alignment with your chosen standard ensures that your IT team know about and can respond to keep devices secure and compliant with your industry standards. Recommend talking to your IT team or partner about accessing baseline policy sets, these are huge timesavers.
A recent project for a school highlighted the effectiveness of Intune and SureDeploy. The school needed to remediate compliance red flags, and within a week, the team was able to push prebuilt security baselines into their Intune tenant. A rapid POC process to peel back and tweak some edge cases. Enabled their IT service desk to take action and automate upgrades, ensuring the fleet was compliant and secure.
“Running unsupported Windows versions can make our systems more vulnerable to cyberattacks and harder for the team to troubleshoot user issues. Really glad we got ahead of this change and everyone is onto Windows 11” Uncharacteristically Happy IT manager
If your fleet includes special hardware or applications that aren’t supported by Windows 11, there maybe something for you that could be worth considering.
Organisations can consider using Windows 10 Long-Term Servicing Channel (LTSC) or Long-Term Servicing Branch (LTSB) versions for extended support. Some clients have these as portable VM or Citrix/AVD virtual workloads that allow devs and ops teams to still access the resource until an upgrade or re-write.
Hardware vendors have also released a new batch of PCs and notebooks that can give users a better experience on Windows 11, compared to upgrading their existing hardware. These decisions often come down to budget and depending on the scale availability could be an issue if left too close to October.
As Windows 10 reaches its end of support, there’s still time, but it's crucial to have a plan in place for upgrading your devices. If you're working on a Windows 10 upgrade, we'd love to hear how your project is going. If you have any questions or need assistance with your upgrade, feel free to reach out the team love running planning workshops.
[Microsoft Intune Fundamentals]
Microsoft’s glue between device management, security compliance and supporting end users (https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune )
[SureDeploy]
CNS’s product offering to the IT market, a multi tenanted capable endpoint security platform, with libraries of baselines and packaged applications (https://suredeploy.co )
[Windows 10 End of Support Notices]
Windows 10's end of life (EOL) is on October 14, 2025. This means that after this date, Microsoft will no longer provide security updates, feature updates, or technical support for the operating system.
(https://www.microsoft.com/en-us/windows/learning-center/complete-guide-to-windows-end-of-support )(https://learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro)
[Security and Governance]
Essential Eight Explained
(https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-explained )
NIST explained (https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework )
ISO 27001 Basics PDF (https://www.iso.org/publication/PUB200484.html )
This bundle provides a holistic approach to managing information security, cybersecurity, and privacy protection. ISO/IEC 27001:2022 (https://www.iso.org/standard/27001 )