Support for Windows 11 in Configuration Manager

Applies to: Configuration Manager (current branch)

Learn about the Windows 11 versions that Configuration Manager supports as a client.

For more information about support for the Windows Assessment and Deployment Kit (ADK) for Windows 11, see Support for the Windows ADK.

Note

You can continue to use Microsoft Endpoint Manager to manage devices running Windows 11 the same as with Windows 10. If another article doesn't explicitly reference Windows 11, assume that feature support for Windows 10 also includes Windows 11. This article lists some known issues.

Windows 11 versions

Configuration Manager attempts to provide support as a client for each new Windows 11 version soon after it becomes available. Because the products have separate development and release schedules, the support that Configuration Manager provides depends on when each becomes available.

A Configuration Manager version drops from the matrix after support for that version ends. Similarly, Configuration Manager doesn't support Windows 11 versions when their support lifecycle ends.

The following table lists the versions of Windows 11 that you can use as a client with different versions of Configuration Manager.

Windows 11 version ConfigMgr 2103 ConfigMgr 2107 ConfigMgr 2111 ConfigMgr 2203 ConfigMgr 2207
21H2
(10.0.22000)
Not supported Supported Supported Supported Supported

For more information on Windows lifecycle, see the Windows lifecycle fact sheet and Windows release information.

Key
Supported = Supported
Not supported = Not supported

Support notes

  • Support for Windows 11 versions includes the following editions: Enterprise, Pro, Education, Pro Education, and Pro for Workstation.

  • Windows 11 reports the Operating System property as Microsoft Windows NT Workstation 10.0, which is identical to Windows 10. To distinguish devices running Windows 11, use the Operating System Build device property for build number 10.0.22000 or later.

  • OS deployment images and upgrade packages for Windows 11 show the image name as Windows 10. For more information, see Using deployment tools with Windows 11 images.

  • The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. For more information, see Download and install the Windows ADK.

    Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.

Windows 11 on ARM64

Configuration Manager version 2107 with the update rollup supports the client on Windows 11 ARM64 devices.

The All Windows 11 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.

OS deployment isn't supported, except for a feature update task sequence. You can deploy a task sequence with a feature update to a Windows 11 on ARM64 device. For more information, see Upgrade Windows to the latest version.

Support for Windows Insider

You can update and service Windows Insider builds. This ability is provided as a convenience to our customers. While this functionality should work, its support is best effort. Configuration Manager might not issue a hotfix for this functionality if it doesn't work.

To provide feedback on Windows Insider, use the Windows Feedback Hub.

Known issues

Desktop Analytics

Desktop Analytics doesn't support Windows 11. For information about Windows 11 hardware readiness, Microsoft recommends that you enable tenant attach and Endpoint analytics.

Windows servicing dashboard

The Windows Servicing dashboard currently includes Windows 11 devices with the latest version of Windows 10. It doesn't yet distinguish a version for Windows 11. For more information on this dashboard, see Manage Windows as a service using Configuration Manager.

Software Center notifications don't display during quiet period

By default, Windows 11 enables focus assist for the first hour after a user signs on for the first time. For more information, see Reaching the Desktop and the Quiet Period.

Software Center notifications are currently suppressed during this time. For more information, see Turn Focus assist on or off in Windows.

Pre-provisioning BitLocker during task sequence doesn't own TPM

Applies to: Windows ADK for Windows 11

When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:

'TakeOwnership' failed (2147942402)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Process completed with exit code 2147942402
Failed to run the action: Pre-provision BitLocker. Error -2147024894

To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:

reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f

For more information on this registry key, see Change the TPM owner password.

Configuration Manager console with Windows Hello for Business authentication

Applies to: Azure Active Directory (Azure AD)-joined devices

If you configure the authentication level for the site to require Windows Hello for Business authentication, the Configuration Manager console on a Windows 11 device can't connect to the site. The adminui.log file on the devices shows the following errors:

Description = "Current thread is not authenticated with the minimal allowed level.";
ErrorCode = 2185761792;

Use one of the following options to work around this issue:

Offline servicing

Important

This issue is resolved with the March 2022 cumulative update (KB5011493). For any version of Windows 11, you can successfully use offline servicing with the March 2022 cumulative update.

When you apply software updates to an image for Windows 11, the process will fail. You'll see errors similar to the following entries in the offline servicing log file, OfflineServicingMgr.log:

InstallUpdate returned code 0x8007007b
Failed to install update with ID 16787962 on the image. ErrorCode = 123

This issue is because DISM doesn't support the .cab files.

To work around this issue, you can manually service the image:

  1. Download the update directly from the Microsoft Update Catalog. For example, https://www.catalog.update.microsoft.com/Search.aspx?q=KB5007215
  2. Use DISM to manually inject the downloaded .msu update file into the Windows 11 image. For more information, see Add updates to a Windows image.
  3. Manually update the image file in the package source. Then update it on distribution points.

Next steps

Support for the Windows ADK