Although it was only released to the public on October 5th, a lot has already been written about Microsoft’s recent official release of Windows 11. Like any major OS release, your initial perception of it will depend on what you read and hear about it on the internet.

 

In order to provide you with more than just anecdotal analysis of the new features, some of the Pax8 team has been using Windows 11 for our daily OS as part of the Microsoft Insiders program. In this blog, we’re going to share what we’ve discovered as we put Windows 11 through its paces while using it as our daily operating system over the past few months.

 

Join us as we dive into Windows 11 and discuss the features we really like, from an enterprise user standpoint, that will help MSPs and their clients in terms of productivity, security, and manageability. We will also address a few of the questions or concerns you might have or that you might face from clients about upgrading.

 

Newly designed for ease of use

The first thing that jumps out with Windows 11 is an overall cleaner, more modern design with a more fluid UI/UX that’s been reconfigured to make it easier to find what you need. A lot has been made about the task bar now being centered at the bottom of the display instead of being on the left as it has been for more than a decade, but to us that isn’t the real news.

 

What really grabbed us was the complete redo on the Start Menu. Instead of a massive scrolling list of apps and utilities to sort through, clicking “Start” slides open a two-section menu pane with the top area being a dedicated icon-based spot for your pinned apps and programs.

 

Windows 11 on Desktop

 

The lower section provides shortcuts to recent documents, and it helps users harness the power of the cloud and Microsoft 365 by displaying recent files across all devices and platforms. For further efficiency and convenience, you can also pin some of your most-used system folders in the space between your profile and the power button.

 

Also included in the new interface is a fully integrated tablet mode that automatically engages when you detach the keyboard. Tablet mode provides larger icons with more spacing to make it easier to make touch selections.

 

Powering productivity through customization

One of the coolest new features in Windows 11 is Snap Layouts. This is truly an inspired addition that takes the concept of the split screen to a whole new level. Hovering over the maximize button on a window (or pressing WIN+Z) gives you a clickable selection of six multi-window layouts you can use to organize multiple application windows. Not having to alt-tab back and forth really helps optimize your screen space and your productivity.

 

Screenshot of Windows 11 Snap Layouts Feature
 

Snap Groups is an extension of Snap Layouts that allows you to group the apps you’ve been using together, and Windows 11 will not only remember those apps but also the snap layout you had. This experience even extends to docking with external monitors. Windows 11 restores the layout you had on your monitor upon reconnection.

 

Windows 11 also lets you create and customize multiple virtual desktops to help you quickly separate your personal and work environments allowing you to quickly access the tools you need to work more efficiently. We used it to set up different desktops for different projects and job responsibilities.

 

The last, but certainly not least, Windows 11 feature that we’ve really found invaluable to our daily productivity is the widget board.

 

Windows 11 Widget BoardA quick left-swipe of the screen (or pressing WIN+W) pops out a quick-view display showing your own customizable feed. You can, of course, set it to show you news, weather, stocks, or sports updates, but we set ours to keep us updated on upcoming meetings, our Microsoft To-Dos, and our most actioned documents. It’s amazing how quickly this became something we couldn’t live without.

 

You might be wondering why we haven’t talked about Windows 11 having Teams built directly into it. The only reason we haven’t is that only the consumer version is currently fully integrated. However, we have heard talk that integrating Teams for Business is high on Microsoft’s list of upgrades. Once that happens, we anticipate it will become one of our favorite productivity features.

 

Boosting security from the inside

Windows 11 is built for cloud use, and advanced cybersecurity is a big part of the OS. Windows 11 introduces a host of hardware and virtualization-based security features that protect business workloads from the highly sophisticated malware and exploit threats that are out there.

 

To protect from one of the more advanced attacks that’s pervasive these days, Windows 11 has increased protection using Secure Boot. It prevents the rootkits from compromising your devices at the kernel or system level by inspecting the integrity of your OS boot code, which includes the firmware and individual operating system components, to make sure nothing has been altered.

 

The Secure Boot process is supported by the latest Trusted Platform Module technology version 2.0 (TPM 2.0). TPM 2.0 is a secure crypto processor used to generate and store cryptographic keys that are unique to your system. The chip incorporates multiple physical security mechanisms, including an RSA encryption key unique to your system’s TPM itself, that keep malicious software from tampering with its security function.

 

Windows 11 also leverages browser virtualization and sandboxing to provide additional security layers. A key component of this is Microsoft Defender Application Guard. Application Guard uses virtualization-based technology (also known as “Krypton” Hyper-V containers) that, when combined with Microsoft Edge, creates isolated browser instances. This browser isolation prevents untrusted websites and links from compromising your system and your enterprise data, because it keeps any malicious code from being able to access the rest of your operating system.

 

With Hyper-V isolation, multiple container instances run in parallel, but each is sequestered inside a highly optimized virtual machine and effectively gets its own kernel. This creates hardware-level isolation between each container as well as the container host.

 

 

Diagram of how Defender Application Guard works on the host PC and the isolated Hyper-V browser container.

How Defender Application Guard works on the host PC and the isolated Hyper-V browser container. (Source: Microsoft)

 

In addition to protecting your browser sessions, Application Guard can also be used with Microsoft 365 and Office to prevent Word, PowerPoint, and Excel files from accessing trusted resources, such as enterprise credentials and data.

 

What about the TPM 2.0 hardware upgrade issue?

There’s been a lot of hullabaloo in the media, on the blogs, and in the forums about the TPM 2.0 requirement for running Windows 11. Yes, TPM 2.0 is an important building block for security-related features, including Windows Hello for identity protection and BitLocker for data protection. But, what many of those posts don’t make clear is that most users won’t need to buy new TPM 2.0 hardware to upgrade to Windows 11.

 

According to a Microsoft support article published in August,

“Most PCs that have shipped in the last 5 years

include TPM 2.0.”

 

You might simply need to enable the TPM 2.0 hardware already built into your current PC. Check out Microsoft’s support article on enabling TPM 2.0 on your PC to learn how. They even include links to the Windows 11 support pages from popular manufacturers.

 

And for those who are running older machines, whether these are your own machines or the equipment your clients currently have, the cost of the required hardware upgrade is minimal. We would, however, recommend looking at a TPM 2.0 upgrade scenario as an opportunity to talk with your clients about replacing their older, non-compatible machines. Investing in new PCs and tablets will not only help the security features run better, but it will also allow you and your clients to take full advantage of the sophisticated security, productivity, and manageability features built into Windows 11. Plus, it will help them make the shift to operating in a truly cloud-native environment that the future of work is already being built around.

 

Making manageability even easier to manage

One of the greatest aspects of Windows 11 is something you don’t actually see. In fact, you don’t really do anything with it — which is the whole point. We’re talking about backend management that’s pretty much built-in.

 

Windows 11 is built from the ground up to be cloud managed, and it plays really well with Microsoft’s endpoint management tools. Its integration with Microsoft Intune and Endpoint Manager is already extremely solid, and it will only increase with future Windows 11 upgrades.

 

Plus, all those security measures we talked about above are automated in Windows 11. There’s nothing you need to do to make them work — they just do. This is another reason to pull the trigger right away and upgrade your OS. Even in this initial release, Windows 11 handles more of the manageability tasks on its own, and Microsoft is developing more tools to make it even easier to manage from a partner’s perspective.

 

Efficiency and organization in today’s chaotic, multi-tasking, hybrid work world

Hopefully our breakdown has helped you sort through all the noise that’s swirling around out there about the new Windows 11 release. It really is a great upgrade that will help you and your clients build powerful cloud-native solutions that directly address the needs and issues of the multi-tasking, multi-device, flexible-location nature of the modern, hybrid workplace.

 

Get started with Windows 11

If you want to learn more about integrating Windows 11, or any of our vendor partners’ cloud-based productivity, security, infrastructure, or operations technology into your cloud stack solutions, schedule a call with a Pax8 rep to get answers.