Windows 11 is the next client operating system, and includes features that organizations should know. Windows 11 is built on the same foundation as Windows 10. If you use Windows 10, then Windows 11 is a natural transition. It's an update to what you know, and what you're familiar with.

It offers innovations focused on enhancing end-user productivity, and is designed to support today's hybrid work environment.

Your investments in update and device management are carried forward. For example, many of the same apps and tools can be used in Windows 11. Many of the same security settings and policies can be applied to Windows 11 devices, including PCs. You can use Windows Autopilot with a zero touch deployment to enroll your Windows devices in Microsoft Endpoint Manager. You can also use newer features, such as Azure Virtual Desktop and Windows 365 on your Windows 11 devices.

This article lists what's new, and some of the features & improvements. For more information on what's new for OEMs, see What's new in manufacturing, customization, and design.

Security and scanning

The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. This section describes some of these features. For a more comprehensive view, including zero trust, see Windows security.

The Windows Security app is built into the OS. This app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more.

Security baselines includes security settings that already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines.

Microsoft Defender Antivirus is built into Windows, and helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Endpoint Manager to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint.

The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more.

Windows Hello for Business helps protect users and identities. It replaces passwords, and uses a PIN or biometric that stays locally on the device. Device manufacturers are including more secure hardware features, such as IR cameras and TPM chips. These features are used with Windows Hello for Business to help protect user identities on your organization devices.

Easier access to new services, and services you already use

Windows 365 is a desktop operating system that's also a cloud service. From another internet-connected device, including Android and macOS devices, you can run Windows 365, just like a virtual machine.

Microsoft Teams is included with the OS, and is automatically available on the taskbar. Users select the chat icon, sign in with their personal Microsoft account, and start a call:

Power Automate for desktop is included with the OS. Your users can create flows with this low-code app to help them with everyday tasks. For example, users can create flows that save a message to OneNote, notify a team when there's a new Forms response, get notified when a file is added to SharePoint, and more.

Customize the desktop experience

Snap Layouts, Snap Groups: When you open an app, hover your mouse over the minimize/maximize option. When you do, you can select a different layout for the app:

This feature allows users to customize the sizes of apps on their desktop. And, when you add other apps to the layout, the snapped layout stays in place.

When you add your apps in a Snap Layout, that layout is saved in a Snap Group. In the taskbar, when you hover over an app in an existing snap layout, it shows all the apps in that layout. This feature is the Snap Group. You can select the group, and the apps are opened in the same layout. As you add more Snap Groups, you can switch between them just by selecting the Snap Group.

• Start menu: The Start menu includes some apps that are pinned by default. You can customize the Start menu layout by pinning (and unpinning) the apps you want. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
• Taskbar: You can also pin (and unpin) apps on the Taskbar. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
• Widgets: Widgets are available on the Taskbar. It includes a personalized feed that could be weather, calendar, stock prices, news, and more:
• Virtual desktops: On the Taskbar, you can select the Desktops icon to create a new desktop:

Use the desktop to open different apps depending on what you're doing. For example, you can create a Travel desktop that includes web sites and apps that are focused on travel.

Use your same apps, and new apps, improved

Starting with Windows 11, users in the Windows Insider program can download and install Android™️ apps from the Microsoft Store. This feature is called the Windows Subsystem for Android, and allows users to use Android apps on their Windows devices, similar to other apps installed from the Microsoft Store.

Users open the Microsoft Store, install the Amazon Appstore app, and sign in with their Amazon account. When they sign in, they can search, download, and install Android apps.

You can continue to use MSIX packages for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use Windows Package Manager to install Windows apps. You can create Azure virtual desktops that run Windows 11. Use Azure Virtual desktop with MSIX app attach to virtualize desktops and apps. For more information on these features, see Overview of apps on Windows client devices.

If you manage devices using Endpoint Manager, then you might be familiar with the Company Portal app. Starting with Windows 11, the Company Portal is your private app repository for your organization apps. For more information, see Private app repository in Windows 11.

Windows Terminal app: This app is included with the OS. On previous Windows versions, it's a separate download in the Microsoft Store. For more information, see What is Windows Terminal?.

Deployment and servicing

Install Windows 11: The same methods you use to install Windows 10 can also be used to install Windows 11. For example, you can deploy Windows to your devices using Windows Autopilot, Microsoft Deployment Toolkit (MDT), Configuration Manager, and more. Windows 11 will be delivered as an upgrade to eligible devices running Windows 10.

Windows Autopilot: If you're purchasing new devices, you can use Windows Autopilot to set up and pre-configure the devices. When users get the device, they sign in with their organization account (user@contoso.com). In the background, Autopilot gets them ready for use, and deploys any apps or policies you set. You can also use Windows Autopilot to reset, repurpose, and recover devices. Autopilot offers zero touch deployment for admins.

Microsoft Endpoint Manager is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

Windows Updates and Delivery optimization helps manage updates, and manage features on your devices. Starting with Windows 11, the OS feature updates are installed annually. For more information on servicing channels, and what they are, see Servicing channels.

Like Windows 10, Windows 11 will receive monthly quality updates.

You have options to install updates on your Windows devices, including Endpoint Manager, Group Policy, Windows Server Update Services (WSUS), and more. For more information, see Assign devices to servicing channels.

Some updates are large, and use bandwidth. Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more.

Education and apps

Windows 11 SE is a new edition of Windows that's designed for education. It runs on low-cost devices, and runs essential apps, including Microsoft 365. For more information, see Windows 11 SE for Education.

For more questions send us email sales@mont.ge