Microsoft: Unsupported PCs May Not Get Windows 11 Security Updates

While Microsoft continues to allow methods for installing Windows 11 on hardware that doesn’t meet the minimum requirements, the company wants users to know that there could be some major downsides of doing this.


As Windows 11 launches Tuesday with stricter hardware requirements than past versions of the operating system, Microsoft says that security updates will not be guaranteed for users that opt to install Windows 11 on an unsupported PC.

While Microsoft is not condoning methods for bypassing its minimum Windows 11 hardware requirements, the company is not forbidding these methods—such as using the Windows media creation tool—outright.

[Related: Microsoft Exec: Windows 11 CPU Requirements Allow Key Security Features To Run ‘By Default’]

Sponsored post

But in new Windows 11 support pages posted Monday, Microsoft outlined several risks of doing this.

“If you choose to install Windows 11 on ineligible hardware, you should be comfortable assuming the risk of running into compatibility issues,” Microsoft said on one of the support pages. “Your device might malfunction due to these compatibility or other issues.”

Additionally, “devices that do not meet these system requirements will no longer be guaranteed to receive updates, including but not limited to security updates,” the company said on the page.

Along with requiring a TPM 2.0 security chip, Windows 11 is only compatible with CPUs released in the past four years. The requirements are expected to exclude a significant number of PCs from installing Windows 11—a stark departure from Microsoft’s approach with past releases of Windows.

Security benefits of TPM 2.0 include support for BitLocker, which encrypts all data on a device, ensuring that the data cannot be accessed in the event the device is lost or stolen.

The CPU requirements for upgrading to Windows 11 include—with just a few exceptions—having a processor from Intel’s eighth generation and newer, or AMD’s Zen 2 series and up. Microsoft has said that those chips support security features such as virtualization-based security, or VBS. This is crucial, according to Microsoft, because VBS enables memory integrity—a way of disabling the injection of dynamic code into the Windows kernel.

In another support page posted Monday, Microsoft lays out how users can create Windows 11 installation media—potentially in order to get around minimum hardware requirements for the operating system. This page also comes with a warning: “Microsoft recommends against installing Windows 11 on a device that does not meet the Windows 11 minimum system requirements.”

However, “if you choose to install Windows 11 on a device that does not meet these requirements, and you acknowledge and understand the risks, you can create the following registry key values and bypass the check for TPM 2.0 (at least TPM 1.2 is required) and the CPU family and model,” Microsoft said on the support page, before providing the required registry key values.

While Microsoft is clearly leaving it as an option to install and run Windows 11 on unsupported PCs, businesses “should not take that chance,” said Derek Nwamadi, CEO of Dallas-based solution provider Quantum Symphony, in a previous interview with CRN.

Individual users who know what they’re doing may be able to pull this off without issues, but “as a business, it’s just a bad idea,” Nwamadi said.

Windows 11 will be available on Tuesday as a free upgrade for Windows 10 devices and on new PCs and tablets. New Windows 11 devices that have been announced so far include PCs and 2-in-1 tablets from Microsoft’s Surface line as well as PCs from HP Inc., Lenovo, Dell, Acer, Samsung, Dynabook and Asus.