Windows 11 in DoD/Fed - plan now!

Windows 11 is here!?On a related note, Microsoft has announced that Windows 10 will no longer be supported after October 14, 2025.?This creates an urgent need for Department of Defense (DoD) (and other Federal) customers to plan and execute a migration to Windows 11, as unsupported operating systems do not receive security patches and must therefore be removed from the network.

What separates this project from a “normal” OS upgrade is the system requirements – customers may find that a number - maybe a big number - of their existing end-user devices (EUD) will not support Windows 11, and this complicates matters because, while 2025 may seem a ways off, the typical duration of acquisition to actual fielding can be relatively lengthy, and there may be a herculean effort required at the back end of the project if things are not put into motion right away.

Many organizations strive to be on a tech refresh cycle for EUD that sees a certain percentage of devices replaced each year, introducing consistency into budgets and guaranteeing modern devices for everyone in the organization.?What you may find is that the number of EUD that need to be replaced by October of 2025 could exceed the number that would be routinely tech refreshed if budgets for such things remain as planned.

Fiscal year (FY) 22 is already in progress, and FY26 (during which the Windows 10 support ends) will be too late, leaving just three budget cycles (plus anything that could be done this FY) to ensure that 100% of EUD are Windows 11 compatible.

There are some risks and planning factors to consider, and I organize these and the project into five phases or activities – assessment/specifications, budget/acquisition, supply/logistics, image development/testing, and fielding.

Assessment/specifications

Before any planning can be done, the situation must be known - an assessment must be performed to see how many devices in the enterprise can receive Windows 11 and how many cannot.?This can be done any number of ways.

The number of devices not capable of receiving Windows 11 is the number to plan for acquiring over the next three FY – if it is equal to or under what would normally be tech refreshed, then you need only ensure that your budget for such things remains as planned.?If it is greater, actions must be taken to increase the budget.?You may need to subtract devices that were acquired here in FY22 that have not yet made it into the field.

The only other thing to do in this first phase is to ensure that the acquisition folks in your organization have the correct specifications for EUD to support Windows 11; any new devices acquired must be of use.

Budget/acquisition

There are some major risks to talk about here – money, supply, and supply chain.

As far as money goes, we all know that no one is taking baths in cash.?It is difficult enough to maintain budget levels, let alone increase them dramatically for capital purchases.?Therefore, a risk that must be accounted for is not receiving any funds above normal in one or more of the upcoming FY.?Each year that passes without additional funding will clump the required acquisitions at the back end of the project, possibly exceeding process throughput in the supply/logistics and fielding phases and thus pressuring the deadline.

Secondly – supply.?With all of DoD under the same deadline, you will not be the only organization wanting to acquire abnormally large quantities of EUD.?The global situation of late has been less than ideal for production, and the risk that must be monitored here is that demand could exceed supply, once again moving the receipt of devices to the back end of the project.?If this risk is realized, it could impact pricing as well (back to budgets).

Thirdly, and actually rather closely tied to supply, is supply chain.?I differentiate between the two because you can buy all the devices you want, but they can’t be processed and fielded while they are sitting on a container ship in a harbor somewhere.?While the present issue with that is likely to pass in the coming months, it has impacted organizations and must therefore be managed as a risk.?Once again, any delay in actually getting your hands on the devices will ultimately put pressure on the project deadline.

Supply/logistics

Once purchased, the EUD will have to land somewhere, be taken off pallets, inventoried, put into the property book system, birthed within the service management system, and shipped to receiving units.?These activities may be performed by one or more organizations.

What is to be watched here is throughput.?The activities listed above take time, and only so many devices can be done per month.?Taking that magic number – the number of devices that must be acquired per year to meet the deadline – and dividing it by the throughput of this phase may show a problem.?Devices may not make it all the way through the process before more arrive, creating a log jam that will ultimately manifest itself in the final phase of fielding.

Early in this project, an effort should be made to assess throughput in this phase and identify opportunities to improve efficiency – introducing/enhancing automation at every opportunity.?Devices may take months to actually show up following contract/task order award, leaving just six to eight months of each FY to actually start them on their path to the users.

Image development/testing (and support readiness)

This should be pretty straight forward for most organizations.?A secure host baseline (SHB) image of Windows 11 will be released sometime in FY22, and organizations will have plenty of time to tailor it for themselves and have it ready to place on incoming EUD.

One sort of scenario to keep an eye on in this regard would be in the months leading up to the deadline.?Around March or April of 2025, the last devices purchased as part of this project will start to show up, and they could be of a sort not supported (from a EUFI/drivers perspective) on the organization’s existing Windows 11 image.?This could create a need to test and release an image compatible with the new devices in pretty short order, giving technicians in the field as much time as possible to deploy the devices.

Another thing to ensure is that the imaging and updating process is as efficient as possible.?Once a device comes online, how many updates does it need to apply??How many devices will be hitting the servers for updates simultaneously??Making sure that your Windows Servicing is a well-oiled machine will help with throughput in the last phase.

The development and testing of the image is a perfect time to educate support staff, from the Service Desk on up, on Windows 11, and ensure that all policies, procedures, scripts, reports, and so on are modified as necessary to support it.

Fielding

The last step in the project is taking a Windows 10 device out of users’ hands and putting a Windows 11 device in its place.?Like the supply/logistics phase, the main concern here is throughput.?Additionally, user readiness is a planning factor, as well as device disposal.

As to throughput, we must remember that, in the end, a human being is going to be handing a device to another human being, seeing them through to productivity, taking their old device away, and disposing of it.?How many humans do you have doing this??How many swaps can they do per day?

This is another throughput calculation that must be estimated and assessed along with the total EUD coming in and through the supply/logistics actions.?Are your techs in the field able to accomplish these device swaps in time while accounting for their normal duties??Can they keep pace with supply/logistics??If the project gets back-loaded, will they be able to complete all swaps in time?

For user readiness, we will speak of the extent to which they are using the cloud, and their acceptance of Windows 11.

Because this is an actual device swap, you must account for users’:

• Email
• PST files
• Data
• Settings
• Apps

The best thing to do – the thing that will maximize throughput of this phase – is to “cloudify” (“cloudize”?) the users to the greatest extent possible.?If their email, data, and settings are in the cloud, device swaps become a snap.?Does the deployment method for all apps support easy device swaps?

The management of those five things impacts the overall throughput of the device swap, and there is time to ensure that things will go as smoothly as possible.?The process is much the same as if a user has a catastrophic failure of a Windows 10 device and receives a replacement, so you should be able to quantify some estimates.

PST files can be something to watch.?I don’t know about other client spaces, but folks in DoD/Fed have a long-standing tradition of saving every email possible, organizing them into PST files based on FY, and retaining all of them going back to their Lotus Notes days in the ‘90s.?These large files don’t especially play nicely with cloud storage, and you’ll likely need to account for them as part of the planning.?Records Management policies can be quite handy in this regard – if you need the proverbial “stick”.

User readiness - Windows 11 is a little different from Windows 10 and, though they might muddle through from intuition and familiarity from use at home, it certainly wouldn’t hurt to make an effort to educate users in advance as to what they may expect from Windows 11 and the device swap process in general.?A communications plan should be part of this project.?(Ask your Microsoft representative about our Adoption and Change Management team – stakeholder management, user acceptance, communications – all in their wheelhouse.?Engaging them as early in the project as possible can yield some fantastic results.)

And, lastly, disposal – so you just made that herculean effort and got 250,000 EUD replaced in time – what are you going to do with the old ones?

Conclusion

The end of support for Windows 10 places a hard deadline on organizations to migrate to Windows 11, which may require a significant investment in hardware.?Acquiring the hardware alone is just the beginning, though, and there are risks and planning considerations all along the path.

Throughput issues in the supply/logistics and fielding phases may be disguised in FY23 and FY24 because there will be several months in which no new EUD are coming in (as we pass from one acquisition cycle to another), and backlogged devices may be flushed through the system during this time (October through March-ish).?In FY25, however, no buffer exists, as the deadline is October of that year, but EUD purchased may not show up until March or April.?This lack of a buffer during the last year of the project will be especially annoying if the project has been back-loaded due to fiscal restraints in FY23 and FY24, creating the need for increased throughput.

If you haven’t done so already, assign a project officer now!