Windows 11 will leave millions of PCs behind, and Microsoft is struggling to explain why

Share All sharing options for: Windows 11 will leave millions of PCs behind, and Microsoft is struggling to explain why

Microsoft has had six years to prepare for the launch of Windows 11, but the company is still struggling to explain its new hardware requirements. Windows 11 will officially support Intel 8th Gen Coffee Lake or Zen 2 CPUs and up, leaving behind millions of PCs that were sold during the launch of Windows 10.

It’s an unusual surprise if you purchased a new PC for Windows 10, or perhaps you have a perfectly capable machine that’s even older. Windows 11 will require Intel 8th Gen Coffee Lake or Zen 2 CPUs and up, TPM 2.0 (Trusted Platform Module) support, 4GB of RAM, and 64GB of storage.

Microsoft doesn’t typically enforce such specific processor requirements with Windows — with both Windows 8 and Windows 10 only requiring a 1GHz processor, 1GB of RAM (2GB for 64-bit), and 16GB of storage (20GB for 64-bit). Power users of Windows, and IT admins alike, have built up an expectation of being able to upgrade to the latest OS, regardless of what hardware they’re running. It looks like that’s about to end with Windows 11.

After much confusion last week, Microsoft attempted to explain its hardware requirements again yesterday, and it sounds like the main driver behind these changes is security. Coupled with Microsoft’s hardware requirements is a push to enable a more modern BIOS (UEFI) that supports features like Secure Boot and TPM 2.0 (Trusted Platform Module).

When you combine TPM with some of the virtualization technologies that Microsoft uses in Windows, there’s an understandable security benefit that we’ve discussed in detail previously. Microsoft claims that a combination of Windows Hello, Device Encryption, virtualization-based security, hypervisor-protected code integrity (HVCI), and Secure Boot “has been shown to reduce malware by 60 percent.”

You obviously need modern hardware to enable all these protections, and Microsoft has been building toward this moment for years. TPM support has been a requirement for OEMs to gain Windows certification since around the release of Windows 10, but Microsoft hasn’t forced businesses or consumers to enable it.

Microsoft’s decision to force Windows 11 users into TPM, Secure Boot, and more comes at a pivotal moment for Windows. It’s Microsoft’s operating system that’s always caught up in ransomware and malware attacks, and things are only going to get worse if the level of Windows hardware security doesn’t go up a notch.

That delicate balance of security and the typical openness of Windows is something that Microsoft will struggle with over the next decade, as it wrestles with modernizing Windows and the understandable backlash. While Microsoft is waiving its new hardware requirements during the preview phase of Windows 11, we still don’t know exactly what devices will be supported when it launches later this year.

Microsoft tried to offer some more clarity around this yesterday, but it wasn’t the level of detail we were hoping for. “As we release to Windows Insiders and partner with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles,” says a blog post from the Windows team. That could be good news for the Surface Studio 2, a $3,499 device that Microsoft still sells with a 7th Gen chip that’s not on the Windows 11 list.

This same blog post also revealed that 7th Gen is probably as far back as Microsoft is willing to concede. “We also know that devices running on Intel 6th generation and AMD pre-Zen will not” meet Microsoft’s minimum system requirements, said the blog post before it was edited to remove this line. It’s not clear why Intel’s 6th Gen chips are definitely off the list, but part of this decision could be related to Spectre and Meltdown — two major computer processor security bugs that affected nearly every device made for 20 years.

“Microsoft’s CPU selections for Windows 11 don’t appear much at all to do with performance but look like security mitigations for side-channel attacks,” says Patrick Moorhead, principal analyst at Moor Insights and Strategy. “It also helps chipmakers focus driver work on the future, not the past.”

Side-channel attacks like Spectre and Meltdown were revealed just before Intel implemented hardware mitigations to protect against some speculative execution attacks in some 8th Gen chips in 2018. Not all of Intel’s 8th Gen chips include these hardware mitigations, though, but Microsoft has set a specific cutoff of 8th Gen and beyond. Microsoft hasn’t fully explained that decision, and the company is now telling people to wait and see if it’s able to include more older machines during its testing. Either way, there’s going to be a CPU cutoff that will affect millions of PCs.

Critics of Microsoft’s approach note that this move will generate unnecessary e-waste as consumers move to upgrade PCs that are more than capable of running Windows 11. The complexities of TPM and UEFI are also being debated by IT admins, particularly if devices aren’t set up to use these technologies yet.

Security expert Kevin Beaumont, who spent nearly a year working at Microsoft during the pandemic, has criticized the company over its Windows 11 hardware requirements. “In the middle of a pandemic when orgs are hurting, with a global chip shortage, Microsoft [is] trying to get people to replace things for security reasons that are questionable,” said Beaumont on Twitter. “Buy a Surface? No. Make a better OS.”

In the middle of a pandemic when orgs are hurting, with a global chip shortage, MS are trying to get people to replace things for security reasons that are questionable.

Buy a Surface? No. Make a better OS. — Kevin Beaumont (@GossiTheDog) June 28, 2021

Microsoft’s hardware changes also arrive just weeks after Apple announced macOS Monterey, with support for Mac Pros sold in late 2013 and beyond, and Mac Minis sold from late 2014 onward. Apple obviously doesn’t have to support a massive range of hardware configurations like Microsoft does, but the latest version of macOS will still run on systems that are eight years old. Microsoft’s changes mean that some PCs that are only three years old will be excluded from the Windows 11 upgrade.

There will be some exceptions to Microsoft’s new rules, though. “Windows 11 does not apply the hardware-compliance check for virtualized instances either during setup or upgrade,” notes a Microsoft document (PDF) on minimum hardware requirements for Windows 11. That means if you run Windows 11 as a virtual machine, you can ignore the CPU and security requirements. That flies in the face of Microsoft’s big security push here, but the reality is that most consumers and commercial customers won’t be running Windows 11 in a VM.

Microsoft still has a few months left to test Windows 11, and feedback from the preview will inform “any adjustments [Microsoft] should make to our minimum system requirements in the future.” The software maker has also removed its PC Health Check app that led to a lot of confusion around Windows 11 upgrades. “We acknowledge that it was not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn’t meet upgrade requirements,” says the Windows team.

That gives Microsoft some breathing room between now and launch, and enough time for testers to play with Windows 11 free from these new restrictions. But if you’re testing Windows 11 right now on an older CPU that’s not on the official list, the chances are you’ll need to reinstall Windows 10 at the end of the preview period.

Microsoft is allowing testers to access Windows 11 on a wide range of hardware during the preview, but it’s planning to apply these new restrictions at launch. I would be surprised if there is a major change to these hardware requirements later this year, other than Microsoft stepping down to some 7th Gen chips. So enjoy testing Windows 11 while you still can.