This message was deleted.

Looking to do that atm… in place upgrades… vmware team considering impact of turning encryption on as they use deduplication… How are you going about this?

We haven't even started the project, I was just told I'll be one of the resources. I'm not really a VMware guy so I don't know how they plan on tackling that. The documentation I've found doesn't state what happens if you enable the required TPM settings on a W10 VM before you actually upgrade. If you can make the changes to the guest and then boot into your existing W10 VM while you wait for the upgrade - which will be via SCCM for us - then that would be optimal.

I think with Azure if you did not enable Trusted launch when creating the VMs you have to create new ones.

Hmm, that appears to be the case. I don't see the Security features in my Azure VMs that weren't configured this way, and the docs state that they should show up in Configuration if you wanted to change it after building one with it enabled.

I have a client pushing hard for Windows 11 because it's shiny to them. I have no idea what will come of it.

We've been doing W10->W11 IPUs on our persistent VDis for a few weeks now and its going smooth. Need to make sure there's enough disk space, power off, add the vTPM, snapshot, then kick off the IPU.

Are they booting into W10 and then running the upgrade?

Yeah. Although, I’m not 100% sure what’s included in our “upgrade” bundle. Our software packagers created a bundle that gets applied on the Win10 VM and it automates the IPU. I can dig into it if it’ll help.

I'm just looking for high level info, so if you don't mind asking, I'd appreciate it. Definitely don't put any effort into it if it's going to be a pain.

I have high level access to the deployment console so I’ll take a look tomorrow and get back to you.

I am interested as well.

Being honest, I'm trying to get them to just not even go down this route. We're migrating to a new domain in a year or so, and we're all going to get new VMs at that point anyway. This just seems like a shortsighted move to me.

In that case I would build new, which I am sure you agree. But sometimes you have bone heads to work with lol

Yep.

I am no automation expert, but building new is the way to go, and trying to streamline things would be best.

I want to build new because I have been involved in the new image, so I fixed some of the nonsense I saw in the old images.

I just picked apart the deployment script being used and its pretty basic with a lot of pre-flight checks. At a high level: • Prechecks: Supported build?, memory, Disk space, edition, previous IPU attempts, VDi?, environment setup (WinPE, ISO, etc) • Run readiness script: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866 • Check for wireless and VPN (only allow IPU on non-VPN wired connections due to cert upgrade) • Check for known blocking software (certain versions of AV will block the IPU) • Run Disk Cleanup • Analyze profiles: remove older than 30d, and DMP files >1d • Double check disk space >10Gb free • Check for pending reboots, and prompt to reboot if necessary • Ensure device is not on battery power • Mount ISO • Execute IPU

Awesome, thank you very much!