Microsoft has released an announcement that it will display an upgrade offer to Windows 11 23H2 on “unmanaged” Windows 10 business PCs that are in a domain. By the way, the company is saying: A computer that is “only” a member of a domain is considered unmanaged. Ultimately, this means that IT managers lose control of Active Directories (ADs), which can only be remedied by purchasing additional management software.
Advertisement
In the inconspicuous announcement that Microsoft plans to display such upgrade offers on Windows 10 starting with the April 2024 patch day, the company writes bluntly: “Managed devices are those that you manage using Microsoft Intune, Configuration Manager, or other third-party management tools. Other devices are considered unmanaged.” (in the original: “Managed devices are those that you manage via Microsoft Intune, Configuration Manager, Windows Autopatch, or other third-party management tools. Other devices are considered non-managed.”).
Microsoft: Upgrade offers for unmanaged computers, now also in domains
An upgrade offer usually appears after logging in and restarting the computer. This is on Windows 10 Pro and Windows 10 Pro Workstation PCs that are eligible for an upgrade to Windows 11 and that are not managed by an IT department – at least not yet. If users receive the message, they can decide whether the machine stays with Windows 10 or installs the Windows 11 update.
Since marketing packages everything positively, Microsoft even glorifies this in the beginning of the message, which is expressly aimed at IT professionals: “Good news if you rely on Microsoft to manage Windows updates in your organization.” (“Good news if you rely on Microsoft to manage your organization's Windows updates for you.”). From April Patch Day 2024, Windows users will see the upgrade on computers that are integrated into an Azure or EntraID and local Active Directory (“cloud-domain joined and domain joined)” and are not managed -Offer.
This is nothing less than a slap in the face for IT managers. Anyone who puts computers in an Active Directory naturally manages them with it and also wants to have full control over it. Admins can only see the fact that Microsoft now wants to offer user-controllable upgrades as a threat. Finally, there are reasons why an AD managed network has not yet been upgraded. For example, because the company software used is not yet compatible with Windows 11. IT departments certainly don't want to leave it up to the user to switch from Windows 10 to 11. The notice does not contain a way to prevent these upgrade notices via GPO, only the note to use the cloud-based management Microsoft Intune.
Microsoft did not immediately comment on this. We still expect an answer to our query in this regard and will submit it here.
Just at the beginning of the month, Microsoft announced that it would also offer the upgrade to Windows 11 23H2 on end user systems with Windows 10 and older Windows 11 installations, provided the PCs are appropriately equipped for it. There were previously bugs that the developers had solved, especially on multi-monitor systems.
Update
01.03.2024,
17:47
Clock
In the meantime, Microsoft has quietly backtracked somewhat. The Redmond company has extended the notice on the announcement page to include Windows Update for Business and WSUS. Computers that are managed with these services are also managed computers. We have published a new report about this.
(dmk)