Endpoint Security , Governance & Risk Management , IT Risk Management

Windows 11 Adoption Is Slow Despite Windows 10 Security Risk

Only 8.35% of Windows Users Had Migrated to Windows 11 by May 2023
Windows 11 Adoption Is Slow Despite Windows 10 Security Risk
Image: Shutterstock

Microsoft's Windows 10 operating system is near the end of life for its 10-year run, but less than 10% of enterprise machines are running Windows 11. Why are organizations so slow to upgrade?

See Also: OnDemand Panel | Strengthening OT Security with HCLTech and Microsoft

Microsoft announced in December that Windows 10 will reach end of support in October 2025, which means those who rely on the operating system will no longer receive essential security updates, bug fixes or technical support unless they migrate to Windows 11.

Enterprises running Windows 10 on their PCs and other devices can seamlessly upgrade their device software to Microsoft's newer offering, but the company's primary condition for end users is to undergo a hardware refresh cycle because "a modernized infrastructure" will help keep organizations productive and their data secure.

IT asset management company Lansweeper revealed last year that Microsoft's stringent hardware checklist for Windows 11 means that one-third of an estimated 33 million Windows devices worldwide are not eligible for an automatic upgrade.

Microsoft's checklist requires a Windows 10 device to have at least a 1 GHz processor and two or more cores on a 64-bit processor along with a minimum of 4 gigabytes of RAM and 64 gigabytes of memory to be eligible for a Windows 11 upgrade. According to Lansweeper's analysis, only 57.26% of machines meet the CPU requirement.

The wholesale adoption of Windows 11 faces another hurdle in that Microsoft is requiring eligible workstations to run a modern Trusted Platform Module, or TPM 2.0, which supports a larger number of cryptographic algorithms to improve drive signing and key generation performance.

Microsoft said TPM 2.0 is an important building block for security-related features in Windows 11, such as Windows Hello for identity protection and BitLocker for data protection. The software giant said most PCs that have shipped in the last five years are capable of running TPM 2.0, but Lansweeper found that only about 74.80% of tested workstations feature this capability.

The company found that by May 2023, only 8.35% of Windows users had migrated to Windows 11, up from 5.74% in September 2022. At that point, Windows 10 reigned as the world's most popular operating system with a share of over 80%, which means many organizations need to upgrade their Windows workstations to beat Microsoft's end of support deadline of October 2025.

"For enterprises with thousands of Windows machines, preparing for the Windows 11 upgrade is a massive task without automation - and even worse without an up-to-date IT asset inventory," Lansweeper said. "It would be impossible to find all the devices using manual, paper-based processes, as many organizations have abandoned IT assets that are sitting idle but are still connected to the network. The reality is, you can't update machines you don't know you have."

Compatibility Issues

Kishan Kendre, head of information security at Mumbai-based Blue Star Limited, told Information Security Media Group that security leaders have to consider several critical factors before migrating their organizations' Windows devices to the new operating system.

He said the Windows 11 architecture is quite different from Windows 10, and IT personnel should take into account the new version's compatibility with enterprise applications. One example, he said, is that Windows 11 enables TLS 1.3 by default but that may not support many in-house applications that are compatible with TLS 1.2 and older versions.

Applications that use duplex-close policy in TLS 1.2 may face compatibility issues with the newer version that uses a half-close policy, and those that use unsupported signature algorithms may not be compatible with TLS 1.3, which uses predefined signature algorithms for certificate authentication.

"Application compatibility is certainly a factor, especially for organizations operating in heavily regulated sectors such as banking and finance," said Deep Pandey, lead cybersecurity strategist at IT consulting company Coforge. "These organizations try to avoid migrating to avoid dependencies. They prefer signing up for longer support programs for existing software and applications rather than having to deal with compatibility and data security issues."

Kendre said there is also a belief that Microsoft forces enterprise users to use Microsoft Edge as the default browser with Windows 11. Microsoft pushed an update to Outlook and Teams last year that makes links open on Edge by default, regardless of whether a user selects a different browser as the default option.

Microsoft said that using Edge to open links in Outlook and Teams enables users to view the Outlook email or Teams chat in the Microsoft Edge sidebar pane. "This experience lets you easily access, read and reply to your Outlook email or Teams chats using your matching authenticated profile. No more disruptive switching - just your full email or chat open next to your web links so you can reference them side-by-side and stay in your flow," it said. Users, however, may prefer a different browser for all digital work.

Venkata Satish Guttula, cybersecurity auditor and consultant, said organizations must plan for end of life for operating systems and software they rely on to avoid last-minute confusion and challenges. Many organizations, particularly smaller ones, find it difficult to bear the cost of frequent updates so the vendor must cater to their specific needs, such as providing enough time to let them test a software solution's compatibility and effectiveness.

"I have audited several companies that, unable to bear steep licensing costs, are using the open-source Ubuntu OS or pirated versions of Windows 7 to keep their systems running, albeit at a huge security risk," Guttula said. "Vendors must provide sufficient time and support to end-user organizations to enable them to migrate seamlessly and without fear."

Microsoft Sweetens Its Windows 11 Offering

Microsoft appears to be listening to the concerns. The company in April announced an Extended Security Update program for devices running Windows 10 that enables enterprises to continue receiving monthly security updates by paying $61 per device for one year after the end-of-support date. "The price will double every consecutive year, for a maximum of three years. If you decide to jump into the program in Year Two, you'll have to pay for Year One too, as ESUs are cumulative," the announcement says.

The company is also offering a way out for organizations that may not want to replace every single Windows 10 device with a new one compatible with Windows 11. "Windows 10 devices accessing Windows 11 Cloud PCs through Windows 365 will automatically be activated to receive security updates without any additional steps. This license is included in the Windows 365 subscription at no additional cost with a one-year commitment," it said.

The company has also sweetened its Windows 11 offering with additional features and updates to entice organizations worldwide to switch from Windows 10 and older operating systems prior to the end-of-support date. It recently announced its decision to provide enterprises with a single update management solution for PCs, 365 applications and Teams that combines the Windows Update for Business deployment service with Autopatch.

The company also debuted its AI-powered assistant Copilot for free with Windows 11 to support creativity and collaboration and automate several tasks to enhance productivity. It also made a "Copilot preview" available on Windows 10 in select markets to give end users a look at the AI-powered assistant's capabilities.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.