Windows 11 will be released soon. However, you're computer may not be compatible, either because you have an older computer or you have certain settings in your BIOS. First, here is a very general article about the problem. It covers enterprise computers as well as personal computers. Some of you may have that arrangement, even if you work from home, so I thought it reasonable to include that information.  Go past the article for more information

Security boost in Windows 11 limits PC reuse

Microsoft has put a lot of emphasis on improving security in Windows 11, but this comes at a cost as old hardware is no longer supported

By Cliff Saran

Published: 29 Sep 2021 14:39

Data from Lansweeper has found that almost a fifth of PCs will be unable to run Microsoft’s newest operating system (OS), Windows 11. Although it can be manually installed on any PC, Windows 11 is only certified to run on equipment with processors less than four years old. An automatic upgrade to the new operating system is only possible if the PC is running a supported processor and has the minimum 4GB of required memory. Specifically, to run Windows 11, PCs need a trusted platform module (TPM version 2.0), which Microsoft describes as a secure crypto-processor designed to carry out cryptographic operations. It said the TPM includes multiple physical security mechanisms to make it tamper-resistant.

Malicious software is unable to tamper with the security functions of the TPM, Microsoft noted in the Windows 11 specifications webpage. The TPM is used to store cryptographic keys and helps to maintain the integrity of the system. Newer hardware tends to have the TPM built-in, such as Intel Platform Trust or AMD Platform Security Processor. 

However, analysis from Lansweeper, based on an estimated 30 million Windows devices from 60,000 organisations, found that many PCs lack TPM capabilities. It reported that, on average, only 44.4% of the workstations were eligible to receive the automatic upgrade.

Lansweeper’s analysis found that while the majority of PCs (91%) had sufficient RAM, only about half of the workstations met the TPM requirements. Of the PCs it analysed, almost a fifth (over 19%) failed and 28% were not TPM-compatible or did not have the crypto-processor functionality enabled.

For PCs with a TPM 2.0 module, the function can be enabled in the Bios menu. For older devices, some PC motherboard models offer an add-in TPM 2.0 card which can be purchased. But some organisations may need to scrap their old PC hardware altogether if they want to install Windows 11.

Organisations using virtual desktop infrastructure (VDI) also face challenges in updating virtual machines (VMs) to Windows 11. When Lansweeper analysed virtual machines, it found that CPU compatibility was slightly higher, at 44.9%, but only 66.4% of the VMs had enough RAM. It’s analysis also found that very few Windows VMs (0.23%) had TPM 2.0 enabled.

While TPM passthrough (vTPM) exists to give virtual machines a TPM, Lansweeper said this feature was rarely used. It warned that Windows VMs would need to be reconfigured with a vTPM before they could upgrade to Windows 11.

It also found that TPMs on physical servers only passed the test 1.49% of the time. This, according to Lansweeper, means about 98% would fail to upgrade if Microsoft were to create a server operating system with similar requirements in the future. Its analysis found hardly any virtual servers with TPM enabled.

Discussing the data, Roel Decneut, chief marketing officer at Lansweeper, said: “Microsoft justifies the need for these requirements to allay security fears, as many devices won’t be able to upgrade, even some that are fresh on the market.”

Decneut said the improved security might drive organisations that are early adopters of new technology to upgrade their PC estate, but in enterprises with thousands of Windows machines the upgrade would be a massive task, requiring a full inventory of the PC estate.

One of the implications of this change, even if you aren't on an enterprise computer, is that servers and workstations at, say, hospitals or retail establishments, that use Windows may not migrate to Windows 11 and, therefore, will have a security exposure compared to using Windows 11.

Now, a couple of articles on how to tell whether or not you can install Windows 11. There are two things you have to check: (1) Your computer hardware and (2) Your Bios settings. The articles:

Confirm TPM 2.0 with Device Manager

To check if a TPM chip is present and enabled with Device Manager, use these steps:

1. Open Start.
2. Search for Device Manager  and click the top result to open the app.
3. Expand the Security devices branch.
4. Confirm the Trusted Platform Module 2.0 entry exists.

The Bios needs to be checked as well to make sure it has UEFI enabled.  If you have a pre-Windows 10 installation, you can get to the Bios using the function key or whatever key assigned to the Bios to bring the interface up.  You will need to know your Bios to check for UEFI. For Windows 10, you can check for UEFI by restarting your computer by clicking on the "start" icon, then the power button, then Shift button AND left button mouse click on the Restart option.  The computer will reboot to this:

Left click on the Troubleshoot option to get this:

The UEFI Firmware Settings icon needs to exist, otherwise, you will have to reinstall windows with this setting enabled.