Support for Windows 11 in Configuration Manager
Applies to: Configuration Manager (current branch)
Learn about the Windows 11 versions that Configuration Manager supports as a client.
For more information about support for the Windows Assessment and Deployment Kit (ADK) for Windows 11, see Support for the Windows ADK.
Note
You can continue to use Microsoft Endpoint Manager to manage devices running Windows 11 the same as with Windows 10. If another article doesn't explicitly reference Windows 11, assume that feature support for Windows 10 also includes Windows 11. This article lists some known issues.
Windows 11 versions
Configuration Manager attempts to provide support as a client for each new Windows 11 version soon after it becomes available. Because the products have separate development and release schedules, the support that Configuration Manager provides depends on when each becomes available.
A Configuration Manager version drops from the matrix after support for that version ends. Similarly, Configuration Manager doesn't support Windows 11 versions when their support lifecycle ends.
The latest version of Configuration Manager current branch receives both security and critical updates, which can include fixes for Windows 11-specific features. When Microsoft releases a new version of Configuration Manager current branch, prior versions only receive security updates. For more information, see Support for Configuration Manager current branch versions.
Note
The best way to stay current with Windows 11 is to stay current with Configuration Manager. For more information, see Configuration Manager and Windows as a Service.
This information supplements Supported operating systems for clients and devices.
The following table lists the versions of Windows 11 that you can use as a client with different versions of Configuration Manager.
Windows 11 version | ConfigMgr 2309 | ConfigMgr 2403 | ConfigMgr 2409 |
---|---|---|---|
24H2 (10.0.26100) |
|||
23H2 (10.0.22631) |
|||
22H2 (10.0.22621) |
For more information on Windows lifecycle, see the Windows lifecycle fact sheet and Windows release information.
Key |
---|
= Supported |
= Not supported |
Support notes
Support for Windows 11 versions includes the following editions: Enterprise, Pro, Education, Pro Education, and Pro for Workstation.
Windows 11 reports the Operating System property as
Microsoft Windows NT Workstation 10.0
, which is identical to Windows 10. To distinguish devices running Windows 11, use the Operating System Build device property for build number10.0.22000
or later.OS deployment images and upgrade packages for Windows 11 show the image name as Windows 10. For more information, see Using deployment tools with Windows 11 images.
The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004 (10.1.19041). Versions of the WinPE add-on for the ADK after the ADK for Windows 10, version 2004 (10.1.19041) no longer support 32-bit versions of Windows PE (WinPE). For more information, see Download and install the Windows ADK.
Configuration Manager supports the use of older versions of Windows PE as boot images, but you can't customize them in the Configuration Manager console. For more information, see Customize boot images with Configuration Manager.
Windows 11 on ARM64
Configuration Manager version 2107 with the update rollup supports the client on Windows 11 ARM64 devices.
The All Windows 11 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Starting in version 2403 OS deployment is supported for All Windows 11 (ARM64), you can deploy a task sequence with a feature update to a Windows 11 on ARM64 device. For more information, see Upgrade Windows to the latest version.
Support for Windows Insider
You can update and service Windows Insider builds. This ability is provided as a convenience to our customers. While this functionality should work, its support is best effort. Configuration Manager might not issue a hotfix for this functionality if it doesn't work.
To provide feedback on Windows Insider, use the Windows Feedback Hub.
Known issues
Windows servicing dashboard
The Windows Servicing dashboard currently includes Windows 11 devices with the latest version of Windows 10. It doesn't yet distinguish a version for Windows 11. For more information on this dashboard, see Manage Windows as a service using Configuration Manager.
Software Center notifications don't display during quiet period
By default, Windows 11 enables focus assist for the first hour after a user signs on for the first time. For more information, see Reaching the Desktop and the Quiet Period.
Software Center notifications are currently suppressed during this time. For more information, see Turn Focus assist on or off in Windows.
Pre-provisioning BitLocker during task sequence doesn't own TPM
Applies to: Windows ADK for Windows 11 (version 10.1.22000)
When you use a Windows 11-based boot image with an OS deployment task sequence that includes the Pre-provision BitLocker step, the step might fail. You'll see errors similar to the following strings in the smsts.log:
'TakeOwnership' failed (2147942402)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Process completed with exit code 2147942402
Failed to run the action: Pre-provision BitLocker. Error -2147024894
To work around this issue, add a Run Command Line step to the task sequence before the Pre-provision BitLocker step. Run the following command:
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
For more information on this registry key, see Change the TPM owner password.
Configuration Manager console with Windows Hello for Business authentication
Applies to: Microsoft Entra joined devices
If you configure the authentication level for the site to require Windows Hello for Business authentication, the Configuration Manager console on a Windows 11 device can't connect to the site. The adminui.log file on the devices shows the following errors:
Description = "Current thread is not authenticated with the minimal allowed level.";
ErrorCode = 2185761792;
Use one of the following options to work around this issue:
Update the device to Windows 11 OS build 22000.282. For more information, see October 21, 2021—KB5006746 (OS Build 22000.282) Preview.
Install the console on a device running another version of Windows.
Add users to the authentication exclusion list. For more information, see Configure SMS Provider authentication.
Offline servicing
Note
Starting March 2023 offline servicing (UUP patch) will not work for any version of Windows 11.