Windows 10 reached end of support in October 2025. That means Microsoft no longer releases free security patches for it. Every Windows 10 computer still running in your office is a growing security liability, and with each passing month, new vulnerabilities are discovered and left unpatched on those machines. Migrating to Windows 11 requires checking hardware compatibility, planning a rollout that minimizes disruption, and replacing machines that cannot make the upgrade.
If you have not started this migration yet, now is the time. Here is how to plan and execute it.
Why This Is Urgent
End of support is not just a label. It means your Windows 10 computers no longer receive the monthly security updates that protect against newly discovered vulnerabilities. Every Patch Tuesday, new fixes are released for Windows 11, and attackers know that those same vulnerabilities exist on Windows 10 but will never be patched there.
Cyber insurance policies may not cover breaches that occur on unsupported operating systems. If your insurer investigates a claim and finds that the compromised machine was running Windows 10 after end of support, they have grounds to deny coverage. Compliance frameworks including HIPAA, PCI DSS, and CIS Controls require that systems run supported software.
Microsoft does offer paid Extended Security Updates (ESU) for Windows 10 at $61 per device for the first year, with the cost increasing each subsequent year. ESU is a temporary bridge for machines you cannot replace immediately, but it is not a long-term solution. The goal should be to get every machine onto Windows 11.
Step 1: Inventory Your Current Hardware
Before you upgrade anything, you need a clear picture of what you have. List every Windows computer in your office: desktops, laptops, shared workstations, and any machines in conference rooms or reception areas. For each device, record the manufacturer, model, approximate age, current Windows version, and the primary user.
If your devices are enrolled in Microsoft Intune (included with Microsoft 365 Business Premium), you can pull this inventory from the Intune admin center. Go to Devices > All devices and export the list. Intune shows the device model, OS version, last check-in date, and compliance status for every enrolled device, which saves you from walking to each desk.
If you are doing this manually, you can check each machine by going to Settings > System > About. This screen shows the Windows edition, version, processor, and installed RAM.
Windows 11 Hardware Requirements
Windows 11 has stricter hardware requirements than Windows 10. The most common blocker is the processor requirement.
- Processor: 1 GHz or faster with 2 or more cores on a compatible 64-bit processor. In practice, this means Intel 8th generation (Coffee Lake, released 2017-2018) or newer, or AMD Ryzen 2000 series or newer.
- RAM: 4 GB minimum. For business use, 8 GB or more is strongly recommended.
- Storage: 64 GB minimum. For practical use, 256 GB or more is recommended.
- TPM: Version 2.0 is required. Most business PCs manufactured from 2018 onward have TPM 2.0 built in.
- UEFI firmware with Secure Boot is required.
The quickest way to check a specific machine is to download and run the Microsoft PC Health Check app. It gives you a simple pass or fail result and tells you exactly which requirements are not met.
The biggest blocker for most offices is the processor requirement. Machines older than 2018 typically have CPUs that are not on Microsoft's supported list, and there is no workaround for this.
Step 2: Categorize Your Machines
After checking each device, sort them into three categories:
Can upgrade in place. The machine meets all Windows 11 hardware requirements. Windows 11 can be installed on top of Windows 10 without wiping the machine, preserving all files, applications, and settings. This is the simplest path.
Needs replacement. The machine does not meet hardware requirements, usually because of the processor or TPM. These machines must be replaced with new hardware.
Borderline. The machine meets the requirements but is old enough (four or more years) that you should consider whether it makes sense to upgrade it or replace it. Upgrading a five-year-old laptop to Windows 11 is technically possible, but you may only get another year or two of useful life from that hardware before it needs replacement anyway. In many cases, replacing these machines now saves you from doing it again in 18 months.
Step 3: Plan the Rollout
Do not upgrade all machines at once. A phased rollout lets you catch problems early before they affect your entire office.
Phase 1: Pilot group. Upgrade 3 to 5 machines first. Choose a mix of roles (someone in accounting, someone in operations, etc.) so you can test how different applications and workflows perform on Windows 11. Run the pilot for at least one week and ask the pilot users to report any issues with their applications, printers, or other peripherals.
Phase 2: Main deployment. After the pilot confirms no major issues, upgrade the remaining compatible machines in batches of 5 to 10 per week. Schedule upgrades for evenings or weekends so the machines are ready to use the next business morning. The in-place upgrade takes 1 to 3 hours per machine depending on hardware speed and the amount of data on the drive.
Phase 3: Hardware replacements. Replace incompatible machines as budget allows. Prioritize users who work with sensitive data (client records, financial information, healthcare data) because those machines carry the highest risk while running an unsupported operating system.
For businesses with devices enrolled in Microsoft Intune, you can manage the Windows 11 upgrade centrally. Intune lets you create a Windows feature update deployment policy that targets specific groups of devices, so you can roll out the upgrade in phases without touching each machine individually.
Step 4: Check Application Compatibility
Most modern business applications work on Windows 11 without issues. Microsoft Office, Microsoft 365 apps, major web browsers, and most cloud-based applications are fully compatible.
Test your critical applications during the pilot phase. This means any line-of-business applications, accounting software (QuickBooks, Sage), practice management tools, EHR systems, or industry-specific software. Open them, run through typical workflows, and confirm everything behaves as expected.
Check with your software vendors for Windows 11 compatibility statements. Most vendors publish these on their support websites. If you use any software that specifically requires Internet Explorer or a 32-bit-only environment, it may have issues on Windows 11. These situations are rare but worth checking.
Also verify that your printers and peripherals have Windows 11 drivers available. Check the manufacturer's website for driver downloads for your specific models.
Step 5: Perform the Upgrade
Before upgrading any machine, back up the user's data. Even though an in-place upgrade preserves files and settings, having a backup ensures you can recover if something goes wrong. If the user's files are already syncing to OneDrive or SharePoint, verify the sync is current before starting.
Run the upgrade through Settings > Windows Update. If the Windows 11 upgrade is available for the device, it will appear as an optional update. Click Download and install and follow the prompts. Alternatively, download the Windows 11 Installation Assistant from Microsoft's website and run it directly.
After the upgrade completes, verify the following: all applications open and work correctly, printers are connected and printing, the user can access email and calendar in Outlook, Teams calls and meetings work (test microphone and camera), and shared files on OneDrive, SharePoint, or network drives are accessible. Run Windows Update again to pick up any post-upgrade patches.
Budgeting for Replacements
For machines that need replacement, plan for approximately $800 to $1,200 per laptop and $600 to $1,000 per desktop for business-grade hardware. Business-class machines from Dell (Latitude), HP (EliteBook), and Lenovo (ThinkPad) are built for durability and manageability and are the recommended options.
A typical 20-person office may need to replace 5 to 10 machines that do not meet Windows 11 requirements. If budget is tight, stagger purchases across 2 to 3 months, prioritizing the highest-risk machines first.
Consider refurbished business-class machines as a cost-effective option. A refurbished Dell Latitude or Lenovo ThinkPad that is 2 to 3 years old will meet Windows 11 requirements and cost significantly less than a new machine.
Factor in setup time for new machines: 2 to 4 hours per device for configuration, application installation, and data migration. For businesses with more than a handful of new machines to deploy, Microsoft Autopilot (included with Microsoft 365 Business Premium) eliminates most of this manual work. With Autopilot, you register the new device's hardware ID with your tenant, and when the employee powers on the laptop and signs in with their work credentials, all policies, applications, and settings deploy automatically. Athencia configures Autopilot as part of its managed IT stack, so new laptops can be shipped directly to employees and set themselves up.
What About Machines You Cannot Replace Yet
If you have machines that cannot run Windows 11 and cannot be replaced immediately, here is how to reduce the risk.
Purchase Extended Security Updates (ESU) from Microsoft. This provides continued security patches for Windows 10 at $61 per device for the first year. The cost increases each subsequent year, so this is a short-term measure.
Isolate Windows 10 machines on the network as much as possible. If your office network supports VLANs, place these machines on a separate network segment with restricted access to sensitive resources.
Make sure endpoint protection is current and actively monitored on these machines. Microsoft Defender for Business provides baseline protection, and layering Huntress Managed EDR on top adds 24/7 human threat monitoring. If a Windows 10 machine is compromised, you want to know about it immediately.
Do not use Windows 10 machines for processing sensitive data. Move users who handle client records, financial data, or healthcare information to Windows 11 machines first.
Plan to replace these machines within 12 to 18 months. ESU buys you time, but it is not a permanent solution.
Need Help?
Migrating an entire office from Windows 10 to Windows 11 involves hardware decisions, compatibility testing, and careful scheduling. If you want help planning the rollout, budgeting for replacements, or setting up new machines with Autopilot, contact Athencia. We will build a migration plan that fits your timeline and budget.
