Teaser:
Upgrade to Windows 11 with confidence — 10 Intune tips from Microsoft engineers, MVPs, and guides.
Windows 10 reached end of support on October 14, 2025 for most editions. After this date, devices no longer receive new features, quality updates, security fixes, or support.
Organizations that need more time can enroll eligible devices in the Windows 10 Extended Security Updates (ESU) program, which provides critical security updates — but no new features or non-security fixes — for up to three additional years (through October 2028).
For organizations planning or completing their migration to Windows 11, Intune plays a key role in managing upgrades smoothly. The following ten tips — drawn from Microsoft engineers and MVPs — offer practical guidance to help IT teams align stakeholders, validate readiness, and structure upgrade strategies.
From readiness to rollout:
Check out these 10 tips with Intune to streamline your Windows 11 migration
Tip 1: Get leadership buy-in with a clear business case for Windows 11
Modernization starts with alignment at the top. MVP James Robinson, with over 20 years of IT experience, explains why moving to Windows 11 can deliver benefits such as smoother device management, stronger security, and simplified hardware procurement. It’s also an opportunity to shift from legacy tools to cloud-native endpoint management with Intune.
Explore James’s full perspective on framing your business case.
Tip 2: Prepare your foundation — verify hardware, policy, and enrollment readiness
Begin your Windows 11 migration by checking that every device is enrolled in Intune. Once enrolled, use Endpoint analytics to validate that devices meet Windows 11 requirements. Key considerations include licensing, hardware compatibility, and enrollment — all critical for reducing risk and supporting a smoother upgrade.
Microsoft engineer Steven Hosking outlines five steps to migrate Windows 10 domain-joined and co-managed devices to Windows 11.
Tip 3: Free up disk space with Intune Remediations and Storage Sense
Low free disk space is a common cause of upgrade failures, especially on devices with smaller SSDs. Use Remediations in Intune to deploy PowerShell scripts that check available storage, clean up locations like Recycle Bin and Downloads, and proactively notify users.
For ongoing maintenance, pair this with Storage Sense, a built-in Windows feature that automatically clears temporary and Recycle Bin files. While Storage Sense handles routine cleanup, custom Intune Remediations address additional scenarios — such as large user folders or legacy files — that Storage Sense doesn’t cover. Together, they provide a proactive, centrally managed way to keep devices upgrade ready.
Follow MVP Florian Salzmann’s step-by-step guide to create and deploy Remediation scripts in Intune.
Tip 4: Manage OS updates automatically with Windows Autopatch
Simplify your Windows 11 rollout with Windows Autopatch. Start by reviewing Windows 11 readiness reports in Intune to confirm which devices meet upgrade requirements. Next, use Autopatch Groups to organize pilot and production rings. Autopatch supports multi-phase feature update deployments for these groups to stagger rollout timing and reduce risk. Throughout deployment, track progress and resolve upgrade blocks leveraging the feature update reports in Autopatch. This structured approach provides clear visibility and helps upgrades progress smoothly at scale.
Check out the 4 steps to success in the playbook from Microsoft engineer, Akash Malhotra.
Tip 5: Run targeted, version-specific rollouts with feature update policies
When you need to manage Windows 11 upgrades outside of Autopatch—such as in highly customized environments—use feature update policies in Intune for direct control. These policies let you to deploy a specific Windows 11 version to selected device groups, keeping those devices on that current version until you decide to upgrade. This approach aligns to honor Microsoft safeguard holds to help prevent known issues.
Learn how to configure feature update policies for Windows devices in Intune.
Tip 6. Modernize provisioning with Intune and Windows Autopilot
Upgrading to Windows 11 is an ideal time to rethink your approach to provisioning. MVP Andrew Taylor recommends using hardware refresh cycles to switch from Microsoft Configuration Manager or on-premises methods to cloud-based provisioning with Intune and Windows Autopilot. This helps build a solid foundation for modern provisioning, enabling phased deployment and streamlining lifecycle management.
Read Andrew’s post on planning an Intune Autopilot migration.
Tip 7: Preserve user settings and app lists with Windows Backup for Organizations
Use Windows Backup for Organizations to capture user settings, personalization, and a list of installed Microsoft Store apps from Windows 10 before migration. These preferences can be restored during device enrollment when the user signs in to Windows 11 with the same Entra ID. This helps employees return to familiar configurations and quickly reinstall apps from their list — helping to reduce post-upgrade friction and improving user satisfaction.
Learn how to configure Windows Backup for Organizations in Intune and explore best practices.
Tip 8: Bridge hardware delays with Windows 365 Reserve
When hardware refresh cycles don’t align with your timeline, Windows 365 Reserve — now in limited public preview — can enhance business continuity. By provisioning secure temporary Cloud PCs, you can keep your workforce productive while you plan upgrade waves at your own pace. Because these Cloud PCs are managed with Intune, you apply more consistent security policies and app deployment across physical and virtual endpoints during the transition.
Explore more about the limited public preview and get practical guidance to plan upgrade waves.
Tip 9: Treat your upgrade as a security milestone
A Windows 11 migration is an opportunity to strengthen and modernize endpoint security. MVP Simon Hartmann shares practical insights from enterprise deployments with Intune, illustrating how aligning upgrades with stronger security measures and future-ready policies can help reduce risk, streamline management, and improve compliance readiness.
Use this stage to apply security baselines and enable features such as App Control for Business. This baseline helps to ensure only trusted applications run and reviews device-level protections such as BitLocker, Microsoft Defender for Endpoint, and Secure Boot.
Explore Simon’s tips to set the stage for a more secure, future-ready upgrade with Intune.
Tip 10: Maintain your new Windows 11 security posture with faster patching
After upgrading, keeping devices secure means minimizing the window between patch release and protection. Hotpatch updates — available for Windows 11 Enterprise, version 24H2 — apply Monthly B release security updates without waiting for a reboot. This helps organizations reduce exposure gaps and maintain compliance with minimal disruption. In the Intune admin center, you can configure Hotpatch as part of a Windows quality update policy for eligible devices, so updates take effect promptly.
Learn how to configure Hotpatch and apply quality-update policies in Intune.
What’s new Intune: What's new in Microsoft Intune - Microsoft Intune | Microsoft Learn
__________________________________________________________________________________________________________________________________________________________________
Stay up to date! Bookmark the Microsoft Intune Blog | Microsoft Community Hub and follow us on LinkedIn or @MSIntune on X to continue the conversation.
_________________________________________________________________________________________________________________________________________________________________________________________
Microsoft