Microsoft announced its plans for the next version of Windows, called Windows 11. Built with security in mind, it will once again cause us to make hard decisions regarding investments in hardware and who will get the new operating system on new machines and who will not.
Windows 11 will demand new hardware requirements due to a “redesign for hybrid work and security with built-in hardware-based isolation, proven encryption, and strongest protection against malware.” With those requirements come deployment concerns. BIOS updates are always disruptive, but tracking down and inventorying what devices can and cannot support Windows 11 will once again result in mixed networks of older and newer operating systems.
Trusted Platform Module 2.0 required
Several requirements will force you to separate your network into a series of haves and have nots. First comes the requirement for Trusted Platform Module (TPM) 2.0. TPM 2.0 will be required for “hardware-enforced stack protection for supported Intel and AMD hardware, helping to proactively protect our customers from zero-day exploits.” A root of trust ensures that when you boot a computer, it has not been tampered with in any way. The anchor for the boot process is in the hardware that the computer boots from. A TPM chip is a purpose-built, secure cryptoprocessor designed to carry out cryptographic operations.