With the end of support for Windows 10 on October 14, 2025, in sight, Microsoft has published a guide for organizations that want to switch to Windows 11.
In the document, the company explains how IT departments can perform this upgrade via Microsoft Intune, in combination with Windows Autopatch. It also discusses the transition from a classic Active Directory infrastructure to a cloud-native approach with Entra ID.
At the heart of Microsoft’s approach is the use of Windows Autopatch, a service that automates and manages the update process based on so-called deployment rings. This phased rollout method allows organizations to test updates on a smaller group of systems first, before rolling them out more widely within the organization. If a problem arises, administrators can roll back the update without impacting the entire network.
Four steps for a structured migration
The Microsoft guide divides the migration process into four main phases:
- Assessment of suitability and preparation
Organizations must first determine which devices meet the system requirements for Windows 11 (such as TPM 2.0 and Secure Boot). This can be done via Endpoint Analytics in Intune or via Configuration Manager. Devices are then assigned to Entra ID groups, which are linked to the rollout rings in Autopatch. - Device segmentation and policy definition
In this step, devices are logically divided into groups. At a minimum, a distinction is made between devices that are suitable for Windows 11 and devices that are not, but are eligible for extended security updates (ESUs). Each group can have its own update policy, tailored to business needs. - Configuration of rollout speed and timing
IT administrators can use the Intune admin center to determine how quickly updates are rolled out per ring, including possible deferral periods. This allows organizations to detect any compatibility issues in a timely manner. - Monitoring and adjustment
The feature update report in Windows Autopatch provides administrators with insight into the status of the upgrade for each device group. Graphs are also available that show trends and error messages, including suggestions for corrective measures.
The Microsoft guide provides a roadmap for companies that want to switch to Windows 11 and modernize their management via cloud services at the same time. Organizations that are currently still heavily dependent on local Active Directory structures will find this a practical example of how the migration to Entra ID and Intune can take shape.
Weigh your options carefully
Although Microsoft recommends Autopatch as the safest and fastest method in its communications, it is important that organizations weigh this choice against their own management structure, compliance requirements, and technical capabilities. Alternatives such as WSUS or Configuration Manager will continue to be supported, albeit with more manual steps.