Support for Windows 11 in Configuration Manager
Applies to: Configuration Manager (current branch)
Learn about the Windows 11 versions that Configuration Manager supports as a client.
For more information about support for the Windows Assessment and Deployment Kit (ADK) for Windows 11, see Support for the Windows ADK.
You can continue to use Microsoft Endpoint Manager to manage devices running Windows 11 the same as with Windows 10. If another article doesn't explicitly reference Windows 11, assume that feature support for Windows 10 also includes Windows 11. This article lists some known issues.
Windows 11 versions
Configuration Manager attempts to provide support as a client for each new Windows 11 version soon after it becomes available. Because the products have separate development and release schedules, the support that Configuration Manager provides depends on when each becomes available.
A Configuration Manager version drops from the matrix after support for that version ends. Similarly, Configuration Manager doesn't support Windows 11 versions when their support lifecycle ends.
The latest version of Configuration Manager current branch receives both security and critical updates, which can include fixes for Windows 11-specific features. When Microsoft releases a new version of Configuration Manager current branch, prior versions only receive security updates. For more information, see Support for Configuration Manager current branch versions.
The best way to stay current with Windows 11 is to stay current with Configuration Manager. For more information, see Configuration Manager and Windows as a Service.
This information supplements Supported operating systems for clients and devices.
The following table lists the versions of Windows 11 that you can use as a client with different versions of Configuration Manager.
|Windows 11 version||ConfigMgr 2103||ConfigMgr 2107||ConfigMgr 2111||ConfigMgr 2203||ConfigMgr 2207|
|= Not supported|
Support for Windows 11 versions includes the following editions: Enterprise, Pro, Education, Pro Education, and Pro for Workstation.
Windows 11 reports the Operating System property as
Microsoft Windows NT Workstation 10.0, which is identical to Windows 10. To distinguish devices running Windows 11, use the Operating System Build device property for build number
OS deployment images and upgrade packages for Windows 11 show the image name as Windows 10. For more information, see Using deployment tools with Windows 11 images.
The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. For more information, see Download and install the Windows ADK.
Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.
Windows 11 on ARM64
Configuration Manager version 2107 with the update rollup supports the client on Windows 11 ARM64 devices.
The All Windows 11 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
OS deployment isn't supported, except for a feature update task sequence. You can deploy a task sequence with a feature update to a Windows 11 on ARM64 device. For more information, see Upgrade Windows to the latest version.
Support for Windows Insider
You can update and service Windows Insider builds. This ability is provided as a convenience to our customers. While this functionality should work, its support is best effort. Configuration Manager might not issue a hotfix for this functionality if it doesn't work.
To provide feedback on Windows Insider, use the Windows Feedback Hub.
Windows servicing dashboard
The Windows Servicing dashboard currently includes Windows 11 devices with the latest version of Windows 10. It doesn't yet distinguish a version for Windows 11. For more information on this dashboard, see Manage Windows as a service using Configuration Manager.
Software Center notifications don't display during quiet period
By default, Windows 11 enables focus assist for the first hour after a user signs on for the first time. For more information, see Reaching the Desktop and the Quiet Period.
Software Center notifications are currently suppressed during this time. For more information, see Turn Focus assist on or off in Windows.
Pre-provisioning BitLocker during task sequence doesn't own TPM
Applies to: Windows ADK for Windows 11
When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:
'TakeOwnership' failed (2147942402) pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002 Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured The system cannot find the file specified. (Error: 80070002; Source: Windows) Process completed with exit code 2147942402 Failed to run the action: Pre-provision BitLocker. Error -2147024894
To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
For more information on this registry key, see Change the TPM owner password.
Configuration Manager console with Windows Hello for Business authentication
Applies to: Azure Active Directory (Azure AD)-joined devices
If you configure the authentication level for the site to require Windows Hello for Business authentication, the Configuration Manager console on a Windows 11 device can't connect to the site. The adminui.log file on the devices shows the following errors:
Description = "Current thread is not authenticated with the minimal allowed level."; ErrorCode = 2185761792;
Use one of the following options to work around this issue:
Update the device to Windows 11 OS build 22000.282. For more information, see October 21, 2021—KB5006746 (OS Build 22000.282) Preview.
Install the console on a device running another version of Windows.
Add users to the authentication exclusion list. For more information, see Configure SMS Provider authentication.
This issue is resolved with the March 2022 cumulative update (KB5011493). For any version of Windows 11, you can successfully use offline servicing with the March 2022 cumulative update.
When you apply software updates to an image for Windows 11, the process will fail. You'll see errors similar to the following entries in the offline servicing log file,
InstallUpdate returned code 0x8007007b Failed to install update with ID 16787962 on the image. ErrorCode = 123
This issue is because DISM doesn't support the
To work around this issue, you can manually service the image:
- Download the update directly from the Microsoft Update Catalog. For example,
- Use DISM to manually inject the downloaded
.msuupdate file into the Windows 11 image. For more information, see Add updates to a Windows image.
- Manually update the image file in the package source. Then update it on distribution points.
Submit and view feedback for