Microsoft: You Can't Get Around Windows 11 Requirements
Welcome to the more secure, more locked-down future.
Microsoft is sticking to its guns with Windows 11’s minimum requirements, with Microsoft Program Manager Aria Carley saying in a recent AMA webcast that your PC won’t even allow itself to download the upgrade if it doesn’t meet Microsoft’s standards.
Windows 11’s minimum requirements have caused a bit of an uproar ever since they were first announced alongside the OS earlier this June. Key points of concern were the need for TPM 2.0, an up-to-now obscure security feature that’s so niche that most standalone motherboards automatically disable it in their BIOS, as well as a strict CPU compatibility list.
While Microsoft has since said that it’s testing Intel 7th gen CPUs with Windows 11, the first Windows 11 system requirements list said that you’d need to have at least an 8th gen Intel CPU or 2nd gen Ryzen CPU to upgrade to the new OS. For some context, Intel’s 8th generation launched as recently as 2017.
This left a lot of users, like myself, in the dark. My main home desktop uses an Intel 6th gen Core i7 CPU and a GTX 1080, which while a little out of date, is fine for me given that I don’t really care about ray tracing. I’ve thought about upgrading, but the best CPUs and best GPUs are so expensive right now that I’d rather hold off.
But if I want to upgrade to Windows 11, Microsoft’s going to force my hand. “Group policy will not enable you to get around the hardware enforcement for Windows 11,” Carley said in her recent webcast. “We’re still going to block you from upgrading your device to an unsupported state since we really want to make sure that your devices stay supported and secure.”
How thoughtful.
Carley did qualify that she knows “it sucks” if your recent, capable build can’t upgrade, but said that Microsoft’s rationale is to “keep devices more productive, have a better experience, and better security than ever before so they can stay protected.” I’m pretty happy with the experience on my desktop, so I can only assume the real impetus behind this decision is that added security. TPM 2.0 is the big new requirement there, and to be fair, it does give your PC a hardware-based way for your computer to store encryption keys, certificates and other sensitive data.
And to be fair to Microsoft, TPM 2.0 also isn’t exactly new. The company began requiring it on OEM laptops and desktops starting in 2016. It makes sense, then, that the big M would want to start utilizing the fruits of that decision. But given that many current standalone motherboards and chips don’t include it, requiring it is a move that favors pre-builts and risks leaving PC builders in the dust.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
At the very least, if you’re stuck on Windows 10, you won’t have to waste a download on the Windows 11 upgrade only to find out your system isn’t compatible with it. Carley said that a device connected to Windows Update “will actually be able to determine [compatibility] by itself before ever being offered [Windows 11] and wasting that download.” I’m breathing a sigh of relief for my data right now, although that does make trying to force my system to run the OS without the minimum specs even harder.
For instance, while my 6th gen Intel chip doesn’t have TPM built-in, there’s nothing stopping me from trying to install a standalone TPM module on my PC to run Windows 11. This is a fact scalpers know well, and the prices for TPM modules have recently skyrocketed accordingly. Still, it’s cheaper than a whole new build. I won’t know for sure whether installing a standalone module would let me run the OS despite meeting the minimum requirements until it launches, but it’s unlikely that a few discouraging words from Microsoft are going to stop builders from trying everything they can to upgrade.
For now, though, if you download the Windows 11 ISO and do a clean install of the preview build, you may be able to test the new operating system on a computer that doesn't meet the standards. We were able to install it in a VM with just 2GB of RAM and no secure boot or TPM.
Regardless, it’s clear what the official word is. Microsoft’s going to do everything it can to force you to hit the Windows 11 minimum requirements to upgrade your PC, even if its performance is otherwise strong. Any money you spend trying to get around that is at your own peril.
Michelle Ehrhardt is an editor at Tom's Hardware. She's been following tech since her family got a Gateway running Windows 95, and is now on her third custom-built system. Her work has been published in publications like Paste, The Atlantic, and Kill Screen, just to name a few. She also holds a master's degree in game design from NYU.
Microsoft temporarily halts Windows 11 24H2 update on PCs with select Ubisoft games — avoiding frequent freezing and black screen glitches in modern Assassin's Creed, Star Wars, and Avatar titles
Rebootless updates come to Windows 11 Enterprise and 365 for security updates — Microsoft releases hotpatching for Windows 11 Enterprise 24H2 and Windows 365 Preview Editions
-
bigdragon These new requirements are honestly great if they're used to secure the OS and user data. That niche hardware is actually quite powerful and useful.Reply
However, the same hardware can be abused for DRM and heavy-handed content restrictions on users. I don't see signs of that happening yet, but there's always the risk. -
caseym54 bigdragon said:However, the same hardware can be abused for DRM and heavy-handed content restrictions on users. I don't see signs of that happening yet, but there's always the risk.
I bet it's the furthest thing from their minds. -
Blitz Hacker
I mean I'm gonna post this here and see how it ages. My guess is Microsoft has found some serious security flaw that needs an OS overhaul to remedy, or They want to push some sort of protection for ransomware. I just hope they don't over step going on some unremoveable drm policy for applications etc. That stuff is horrible.bigdragon said:These new requirements are honestly great if they're used to secure the OS and user date. That niche hardware is actually quite powerful and useful.
However, the same hardware can be abused for DRM and heavy-handed content restrictions on users. I don't see signs of that happening yet, but there's always the risk. -
uptonland It just means there will be a bunch of bootleg versions with assorted workarounds & hacks to allow installation a-la the hackintosh community and dark-site license verification/activation like that currently available for virtually all MS and other software. As usual, it'll only be legit installs that will be affected.Reply -
tshinhar The new requirements are horrible.Reply
Why can't I install win 11 if I have a cpu that is clearly capable of running it (like Intel 6th gen)?
I mean sure, if the requirements where just the tpm 2.0 and secure boot I could somewhat expect that argument, but what if I have them both but with a 6 gen cpu? (and before anyone says it is not possible because the cpu is too old I do have such a pc)
It's just a scam to try and force people to buy new pcs -
drtweak <Mod Edit> I still have clients who are on 7 because they don't want to spend 15-25K a year on subscriptions but their 2013 standalone license works just fine but not past windows 7. I have another client who has mixed XP to 10 stuff XP stuff running one stupid little program and blocked from net) and the new version of the software that he paid for, bought a new server and SQL to run (Him and my boss are not fans of VM's) so he spend 4K on that plus who knows how much on the software only to put it on hold after training everyone after he found out it only works on 10 AFTER doing all of this! Now its like <Mod Edit>. might as well just replace all those PC's now vs refrub stuff he likes for 11.Reply -
thestryker You don't actually need secure boot to be enabled according to the specs so that being a requirement is extremely arbitrary. TPM they haven't explained the use of, but okay I could see it no real problem here. Arbitrarily cutting off CPUs which support both secure boot and TPM 2.0 without an explanation is by far the worst part of this debacle. I have a 6900k system which supports secure boot and has a TPM 2.0, but for no disclosed reason this isn't good enough.Reply -
Makaveli drtweak said:<Mod Edit> I still have clients who are on 7 because they don't want to spend 15-25K a year on subscriptions but their 2013 standalone license works just fine but not past windows 7. I have another client who has mixed XP to 10 stuff XP stuff running one stupid little program and blocked from net) and the new version of the software that he paid for, bought a new server and SQL to run (Him and my boss are not fans of VM's) so he spend 4K on that plus who knows how much on the software only to put it on hold after training everyone after he found out it only works on 10 AFTER doing all of this! Now its like <Mod Edit>. might as well just replace all those PC's now vs refrub stuff he likes for 11.
Lack of due diligence there. Sounds like managers and higher ups doing this instead of actual technical people.
thestryker said:You don't actually need secure boot to be enabled according to the specs so that being a requirement is extremely arbitrary. TPM they haven't explained the use of, but okay I could see it no real problem here. Arbitrarily cutting off CPUs which support both secure boot and TPM 2.0 without an explanation is by far the worst part of this debacle. I have a 6900k system which supports secure boot and has a TPM 2.0, but for no disclosed reason this isn't good enough.
I find this interesting and maybe it was the build I was using. But I couldn't load bulid 22000.51 in a VM without secure boot being on install would always fail. Maybe that has been changed in the newer builds. -
Johnpombrio I still think that MS will relent and offer Win 11 without Secure Boot and the TPM requirement. They will create a new "Windows 11 Secure!" version and require some vulnerable corporate clients to adhere to a more secure environment. To have this level of security for the ordinary user is kind of pointless.Reply