Windows 11 overview
Windows 11 is a client operating system and includes features that organizations should know about. Windows 11 is built on the same foundation as Windows 10. If you use Windows 10, then Windows 11 is a natural transition. It's an update to what you know, and what you're familiar with.
Windows 11 offers innovations focused on enhancing end-user productivity, and is designed to support today's hybrid work environment.
Your investments in updates and device management are carried forward. For example, many of the same apps and tools can be used in Windows 11. Many of the same security settings and policies can be applied to Windows 11 devices, including PCs. You can use Windows Autopilot with a zero touch deployment to enroll your Windows devices in Microsoft Intune. You can also use newer features, such as Azure Virtual Desktop and Windows 365 on your Windows 11 devices.
This article lists what's new, and some of the features & improvements. For more information on what's new for OEMs, see What's new in manufacturing, customization, and design.
Security and scanning
The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. This section describes some of these features. For a more comprehensive view, including zero trust, see Windows security.
The Windows Security app is built into the OS. This app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more.
For more information, see the Windows Security app.
Security baselines includes security settings that already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines.
For more information, see Windows security baselines.
Microsoft Defender Antivirus is built into Windows, and helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint.
For more information, see:
The application security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more.
For more information, see Windows application security.
Windows Hello for Business helps protect users and identities. It replaces passwords, and uses a PIN or biometric that stays locally on the device. Device manufacturers are including more secure hardware features, such as IR cameras and TPM chips. These features are used with Windows Hello for Business to help protect user identities on your organization devices.
As an admin, going passwordless help secures user identities. The Windows OS, Microsoft Entra ID, and Intune work together to remove passwords, create more secure policies, and help enforce compliance.
For more information, see:
For more information on the security features you can configure, manage, and enforce using Intune, see Protect data and devices with Microsoft Intune.
Easier access to new services, and services you already use
Windows 365 is a desktop operating system that's also a cloud service. From another internet-connected device, including Android and macOS devices, you can run Windows 365, just like a virtual machine.
For more information, see What is Windows 365 Enterprise?.
Microsoft 365 Apps can be installed on Windows 11 clients using the device management tools you're already familiar with:
Power Automate for desktop allows your users to create flows in a low-code app to help them with everyday tasks. For example, users can create flows that save a message to OneNote, notify a team when there's a new Forms response, get notified when a file is added to SharePoint, and more.
For more information, see Getting started with Power Automate in Windows 11.
Customize the desktop experience
Snap Layouts, Snap Groups: When you open an app, hover your mouse over the minimize or maximize option. When you do, you can select a different layout for the app:
This feature allows users to customize the sizes of apps on their desktop. And, when you add other apps to the layout, the snapped layout stays in place.
When you add your apps in a Snap Layout, that layout is saved in a Snap Group. In the taskbar, when you hover over an app in an existing snap layout, it shows all the apps in that layout. This feature is the Snap Group. You can select the group, and the apps are opened in the same layout. As you add more Snap Groups, you can switch between them just by selecting the Snap Group.
Users can manage some snap features using the Settings app > System > Multitasking. For more information on the end-user experience, see Snap your windows.
You can also add Snap Layouts to apps your organization creates. For more information, see Support snap layouts for desktop apps on Windows 11.
Starting in Windows 11, version 22H2, you can also activate snap layouts by dragging a window to the top of the screen. The feature is available for both mouse and touch.
For more information on the end-user experience, see Snap your windows.
Start menu: The Start menu includes some apps that are pinned by default. You can customize the Start menu layout by pinning (and unpinning) the apps you want. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
Using policy, you can deploy your customized Start menu layout to devices in your organization. For more information, see Customize the Start menu layout on Windows 11.
Users can manage some Start menu features using the Settings app > Personalization. For more information on the end-user experience, see See what's on the Start menu.
Taskbar: You can also pin (and unpin) apps on the Taskbar. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
Using policy, you can deploy your customized Taskbar to devices in your organization. For more information, see Customize the Taskbar on Windows 11.
Users can manage some Taskbar features using the Settings app > Personalization. For more information on the end-user experience, see:
Widgets: Widgets are available on the Taskbar. It includes a personalized feed that could be weather, calendar, stock prices, news, and more:
You can enable or disable this feature using the following policy:
- Group Policy: Computer Configuration\Administrative Templates\Windows Components\widgets
- MDM: ./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/AllowNewsAndInterests
For information on the end-user experience, see Stay up to date with widgets.
Virtual desktops: On the Taskbar, you can select the Desktops icon to create a new desktop:
Use the desktop to open different apps depending on what you're doing. For example, you can create a Travel desktop that includes web sites and apps that are focused on travel.
Using policy, you can deploy a customized Taskbar to devices in your organization. For more information, see Customize the Taskbar on Windows 11.
Users can manage some desktop features using Settings app > System > Multitasking. For more information on the end-user experience, see Multiple desktops in Windows.
Use your same apps, and new apps, improved
Starting with Windows 11, users in the Windows Insider program can download and install Android™️ apps from the Microsoft Store. This feature is called the Windows Subsystem for Android, and allows users to use Android apps on their Windows devices, similar to other apps installed from the Microsoft Store.
Users open the Microsoft Store, install the Amazon Appstore app, and sign in with their Amazon account. When they sign in, they can search, download, and install Android apps.
For more information, see:
Your Windows 10 apps also work on Windows 11. App Assure is also available if there are some issues.
You can continue to use MSIX packages for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use Windows Package Manager to install Windows apps. You can create Azure virtual desktops that run Windows 11. Use Azure Virtual desktop with MSIX app attach to virtualize desktops and apps. For more information on these features, see Overview of apps on Windows client devices.
In the Settings app > Apps, users can manage some of the app settings. For example, they can get apps anywhere, but let the user know if there's a comparable app in the Microsoft Store. They can also choose which apps start when they sign in.
Using an MDM provider, like Intune, you can create policies that also manage some app settings. For a list of settings, see App Store in Intune.
If you manage devices using Intune, then you might be familiar with the Company Portal app. Starting with Windows 11, the Company Portal is your private app repository for your organization apps. For more information, see Private app repository in Windows 11.
For public and retail apps, continue using the Microsoft Store.
Windows Terminal app: This app is included with the OS. On previous Windows versions, it's a separate download in the Microsoft Store. For more information, see What is Windows Terminal?.
This app combines Windows PowerShell, a command prompt, and Azure Cloud Shell all within the same terminal window. You don't need to open separate apps to use these command-line applications. It has tabs. When you open a new tab, you can choose your command-line application:
Users can also search for the Terminal app, right-select the app, and pin the app to the Start menu and taskbar.
The Microsoft Store has a new look, and includes more public and retail apps. For more information on the end-user experience, see:
The Microsoft Edge browser is included with the OS. Internet Explorer (IE) isn't available in Windows 11. In Microsoft Edge, you can use IE Mode if a website needs Internet Explorer. Open Microsoft Edge, and enter
edge://settings/defaultBrowserin the URL.
To save system resources, Microsoft Edge uses sleeping tabs. Users can configure these settings, and more, in
Using Group Policy or an MDM provider, such as Intune, you can configure some Microsoft Edge settings. For more information, see Microsoft Edge - Policies and Configure Microsoft Edge policy settings.
Deployment and servicing
Install Windows 11: The same methods you use to install Windows 10 can also be used to install Windows 11. For example, you can deploy Windows to your devices using Windows Autopilot, Configuration Manager, and other methods. Windows 11 is delivered as an upgrade to eligible devices running Windows 10.
For more information on getting started, see Windows client deployment resources and documentation and Plan for Windows 11.
For more information on the end-user experience, see Ways to install Windows 11.
Windows Autopilot: If you're purchasing new devices, you can use Windows Autopilot to set up and preconfigure the devices. When users get the device, they sign in with their organization account (
firstname.lastname@example.org). In the background, Autopilot gets them ready for use, and deploys any apps or policies you set. You can also use Windows Autopilot to reset, repurpose, and recover devices. Autopilot offers zero touch deployment for admins.
If you have a global or remote workforce, then Autopilot might be the right option to install the OS, and get it ready for use. For more information, see Overview of Windows Autopilot.
Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.
If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are administrative templates and the settings catalog that include many of the same policies. Group Policy analytics analyze your on-premises group policy objects.
Windows Updates and Delivery optimization helps manage updates, and manage features on your devices. Starting with Windows 11, the OS feature updates are installed annually. For more information on servicing channels, and what they are, see Servicing channels.
Like Windows 10, Windows 11 receives monthly quality updates.
You have options to install updates on your Windows devices, including Intune, Group Policy, Windows Server Update Services (WSUS), and more. For more information, see Assign devices to servicing channels.
Some updates are large, and use bandwidth. Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more.
For more information, see Delivery Optimization for Windows updates.
For more information on the end-user experience, see:
Education and apps
Windows 11 SE is a new edition of Windows designed for education. It runs on low-cost devices, and runs essential apps, including Microsoft 365. For more information, see Windows 11 SE for Education.