Configuration guide: Windows 11 migration

Introduction

To get started with this workflow, please ensure all related content is installed and configured appropriately. This page provides guidance on which content is included and how to configure it.

Please keep in mind this is just a guide and represents suggested configurations. You are free to customize and edit content as you see fit based on your specific environment.

Dependencies

To utilize this workflow, you need to install the necessary content into your Nexthink Infinity tenant.

Pre-requisites

This library pack contains content from the following expansion products

Content and dependency

TypeNameDescription

Windows 11 migration

Automate the Windows migration process.

Update to Windows 11 - Workflow invoke

Informs the user that the device is compatible with Windows 11 and confirms with the user whether it is time to add the device to the migration group.

Disk cleanup - Invoke

Works in pair with the Disk cleanup remote action. It asks users if they want to start a disk cleanup and to choose between a light clean or a deep clean.

Disk cleanup - Completed

Works in pair with the Disk cleanup remote action. Inform the user about the completion of the disk cleanup

Get Windows 11 readiness

Gets all the necessary information to know if the device is compatible with Windows 11.

Disk cleanup

This remote action is designed to help employees to maintain healthy levels of disk space.

Invoke Intune policy synchronization

Forces a task to run that causes Intune policy synchronization.

Configuration

Step 1) Install library pack content

Step 2) Configure ITSM API connector credentials

The configuration of connector credentials is essential for enabling API calls. See detailed information at https://nexthink.gitbook.io/opd/integrations/outbound-connectors/connector-credentials. Each Service/API thinklet has a dropdown field for credentials that need to be filled out. When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.

Here's an example of a connector credential configuration in a thinklet that augments a ServiceNow ticket with information about a device that needs to be updated for Windows 11 compatibility.

Step 3) Set up a registered Microsoft Entra ID app and configure Microsoft Graph API connector credentials

Refer to the following documentation page to register the Microsoft Entra ID application and configure the appropriate connector credentials in Nexthink: Entra ID integration for workflows.

For this workflow, the registered Entra ID application must be granted the following permissions:

Permission typeLeast privileged permissions

Delegated

GroupMember.ReadWrite.All and Device.ReadWrite.All

Application

GroupMember.ReadWrite.All and Device.ReadWrite.All

For detailed information about permissions, see the Graph API documentation:

https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0

Step 4) Configure global parameters

There are three global parameters in this workflow:

4.1) MS migration group (ms_migration_group)

This parameter should contain the ID of the Entra ID group in which the Intune Windows 11 deployment is targeting its members.

4.2) Ticket for upgrade candidates (ticket_for_upgrade_candidates)

This parameter should contain the reference for a single global ITSM ticket created before running the workflow. This ticket will be updated with details about devices that require hardware upgrades to be compatible with Windows 11.

4.3) Ticket for replacement candidates (ticket_for_replacement_candidates)

This parameter should contain the reference for a single global ITSM ticket created before running the workflow. This ticket will include information about devices that are candidates for replacement due to incompatibility with Windows 11.

The corresponding Entra ID group and two ITSM tickets must be created before running the workflow, and their IDs must be specified in the parameters above.

As the workflow progresses, these tickets will be updated with details of devices that are considered partially compatible or candidates for replacement. This information includes the following: the device name and the incompatible hardware components of these devices.

Step 5) Configuration of Windows 11 deployment with Intune

This workflow uses the Microsoft Intune feature update deployment profile to update devices to Windows 11. This deployment profile applies to devices that are members of the Entra ID migration group specified in the global workflow parameters.

For this workflow, create an Intune feature update deployment profile with the following settings:

Setting nameSetting value

Feature update to deploy

The target version of Windows 11 that your organization uses, such as Windows 11 23H2.

Rollout options

Make update available as soon as possible

Assignments - Included groups

Name of your migration group in Entra ID

Step 6) Configure remote action(s)

This workflow uses the following remote actions. Make sure to install the latest versions and complete the setup as below.

NameTriggerParameters to edit

Get Windows 11 readiness

API trigger should be enabled so that it can be triggered from the Workflow

N/A

Disk cleanup

API trigger should be enabled so that it can be triggered from the Workflow

  • disk_cleanup_campaign_id

  • cleanup_completed_campaign_id

  • remove_files_not_modified_in_days

  • maximum_delay_in_seconds

Please note: The Get Windows 11 readiness remote action contains a list of CPUs that are compatible with Windows 11. Nexthink updates this list with new generations of CPUs. Be sure to update this remote action regularly.

Disk cleanup - input parameters

NameDefault valueDescription

disk_cleanup_campaign_id

disk_cleanup_invoke

This parameter must be populated with the NQL ID of the Update to Windows 11 - Invoke campaign

cleanup_completed_campaign_id

disk_cleanup_completed

This parameter must be populated with the NQL ID of the Update to Windows 11 - Completed campaign

remove_files_not_modified_in_days

7

Specifies a threshold for the number of days within which files modified later than this threshold will be deleted.

maximum_delay_in_seconds

30

Specifies the number of seconds that is the maximum random delay set to avoid overloading the server that hosts the virtual machines.

cleanup_level

Light

This parameter is not used in this workflow.

Step 7) Configure campaigns

There are four campaigns in this workflow:

Campaign nameCampaign NQL IDDescription

Update to Windows 11 - Invoke

update_to_windows_11_workflow_invoke

Informs the user that the device is compatible with Windows 11 and confirms with the user whether it is time to add the device to the migration group.

Disk cleanup - Invoke

disk_cleanup_invoke

Works in pair with the Disk cleanup remote action. It asks users if they want to start a disk cleanup and to choose between a light clean or a deep clean.

Disk cleanup - Completed

disk_cleanup_completed

Works in pair with the Disk cleanup remote action. Inform the user about the completion of the disk cleanup.

These campaigns should be modified before use to ensure that they match corporate communication guidelines. Navigate to the manage campaigns administration page to review and edit your campaigns.

For each installed campaign, please ensure to:

  • Customize the sender name and image.

  • Review and adjust questions.

  • Publish the campaign when you are ready to use it.

Step 9) Schedule the workflow

This workflow is designed to run on all non-Windows 11 devices that are included in the Windows 11 migration process. As a result of this workflow, devices that are compatible with Windows 11 will be migrated to Windows 11, and devices that are not compatible or that require a hardware upgrade will appear in the corresponding ITSM tickets.

Trigger configuration for the workflow

The recommended way to trigger this workflow is as follows: Trigger the workflow in ad hoc mode on non-Windows 11 devices using Investigation. The workflow will automatically evaluate whether each specific device is compatible with Windows 11. Any devices that are considered incompatible or require a hardware update will be added to the appropriate ITSM tickets with details of their incompatibility.

The example below shows what an investigation looks like when selecting non-Windows 11 devices.

NQL:

Code
1 devices
2 | where operating_system.platform == windows and device.license_type != server
3 | where operating_system.name != "*Windows 11*"
4 | list name, operating_system.name, operating_system.build, last_seen

Usage guide

Your content is now configured and ready to be used. For usage overview and recommendations, you can visit the usage guide:

Usage guide: Windows 11 migration

Last updated