Configuration guide: Windows 11 migration
Introduction
To get started with this workflow, please ensure all related content is installed and configured appropriately. This page provides guidance on which content is included and how to configure it.
Please keep in mind this is just a guide and represents suggested configurations. You are free to customize and edit content as you see fit based on your specific environment.
Dependencies
To utilize this workflow, you need to install the necessary content into your Nexthink Infinity tenant.
Pre-requisites
This library pack contains content from the following expansion products
Content and dependency
Update to Windows 11 - Workflow invoke
Informs the user that the device is compatible with Windows 11 and confirms with the user whether it is time to add the device to the migration group.
Disk cleanup - Invoke
Works in pair with the Disk cleanup remote action. It asks users if they want to start a disk cleanup and to choose between a light clean or a deep clean.
Disk cleanup - Completed
Works in pair with the Disk cleanup remote action. Inform the user about the completion of the disk cleanup
Get Windows 11 readiness
Gets all the necessary information to know if the device is compatible with Windows 11.
Disk cleanup
This remote action is designed to help employees to maintain healthy levels of disk space.
Invoke Intune policy synchronization
Forces a task to run that causes Intune policy synchronization.
Configuration
Step 1) Install library pack content
Step 2) Configure ITSM API connector credentials
The configuration of connector credentials is essential for enabling API calls. See detailed information at https://nexthink.gitbook.io/opd/integrations/outbound-connectors/connector-credentials. Each Service/API thinklet has a dropdown field for credentials that need to be filled out. When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.
Here's an example of a connector credential configuration in a thinklet that augments a ServiceNow ticket with information about a device that needs to be updated for Windows 11 compatibility.
Step 3) Set up a registered Microsoft Entra ID app and configure Microsoft Graph API connector credentials
Refer to the following documentation page to register the Microsoft Entra ID application and configure the appropriate connector credentials in Nexthink: Entra ID integration for workflows.
For this workflow, the registered Entra ID application must be granted the following permissions:
Delegated
GroupMember.ReadWrite.All and Device.ReadWrite.All
Application
GroupMember.ReadWrite.All and Device.ReadWrite.All
For detailed information about permissions, see the Graph API documentation:
https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0
Step 4) Configure global parameters
There are three global parameters in this workflow:
4.1) MS migration group (ms_migration_group)
This parameter should contain the ID of the Entra ID group in which the Intune Windows 11 deployment is targeting its members.
4.2) Ticket for upgrade candidates (ticket_for_upgrade_candidates)
This parameter should contain the reference for a single global ITSM ticket created before running the workflow. This ticket will be updated with details about devices that require hardware upgrades to be compatible with Windows 11.
4.3) Ticket for replacement candidates (ticket_for_replacement_candidates)
This parameter should contain the reference for a single global ITSM ticket created before running the workflow. This ticket will include information about devices that are candidates for replacement due to incompatibility with Windows 11.
The corresponding Entra ID group and two ITSM tickets must be created before running the workflow, and their IDs must be specified in the parameters above.
As the workflow progresses, these tickets will be updated with details of devices that are considered partially compatible or candidates for replacement. This information includes the following: the device name and the incompatible hardware components of these devices.
Step 5) Configuration of Windows 11 deployment with Intune
This workflow uses the Microsoft Intune feature update deployment profile to update devices to Windows 11. This deployment profile applies to devices that are members of the Entra ID migration group specified in the global workflow parameters.
For this workflow, create an Intune feature update deployment profile with the following settings:
Feature update to deploy
The target version of Windows 11 that your organization uses, such as Windows 11 23H2.
Rollout options
Make update available as soon as possible
Assignments - Included groups
Name of your migration group in Entra ID
Step 6) Configure remote action(s)
This workflow uses the following remote actions. Make sure to install the latest versions and complete the setup as below.
Get Windows 11 readiness
API trigger should be enabled so that it can be triggered from the Workflow
N/A
Disk cleanup
API trigger should be enabled so that it can be triggered from the Workflow
disk_cleanup_campaign_id
cleanup_completed_campaign_id
remove_files_not_modified_in_days
maximum_delay_in_seconds
Please note: The Get Windows 11 readiness remote action contains a list of CPUs that are compatible with Windows 11. Nexthink updates this list with new generations of CPUs. Be sure to update this remote action regularly.
Disk cleanup - input parameters
disk_cleanup_campaign_id
disk_cleanup_invoke
This parameter must be populated with the NQL ID of the Update to Windows 11 - Invoke campaign
cleanup_completed_campaign_id
disk_cleanup_completed
This parameter must be populated with the NQL ID of the Update to Windows 11 - Completed campaign
remove_files_not_modified_in_days
7
Specifies a threshold for the number of days within which files modified later than this threshold will be deleted.
maximum_delay_in_seconds
30
Specifies the number of seconds that is the maximum random delay set to avoid overloading the server that hosts the virtual machines.
cleanup_level
Light
This parameter is not used in this workflow.
Step 7) Configure campaigns
There are four campaigns in this workflow:
Update to Windows 11 - Invoke
update_to_windows_11_workflow_invoke
Informs the user that the device is compatible with Windows 11 and confirms with the user whether it is time to add the device to the migration group.
Disk cleanup - Invoke
disk_cleanup_invoke
Works in pair with the Disk cleanup remote action. It asks users if they want to start a disk cleanup and to choose between a light clean or a deep clean.
Disk cleanup - Completed
disk_cleanup_completed
Works in pair with the Disk cleanup remote action. Inform the user about the completion of the disk cleanup.
These campaigns should be modified before use to ensure that they match corporate communication guidelines. Navigate to the manage campaigns administration page to review and edit your campaigns.
For each installed campaign, please ensure to:
Customize the sender name and image.
Review and adjust questions.
Publish the campaign when you are ready to use it.
Step 9) Schedule the workflow
This workflow is designed to run on all non-Windows 11 devices that are included in the Windows 11 migration process. As a result of this workflow, devices that are compatible with Windows 11 will be migrated to Windows 11, and devices that are not compatible or that require a hardware upgrade will appear in the corresponding ITSM tickets.
Trigger configuration for the workflow
The recommended way to trigger this workflow is as follows: Trigger the workflow in ad hoc mode on non-Windows 11 devices using Investigation. The workflow will automatically evaluate whether each specific device is compatible with Windows 11. Any devices that are considered incompatible or require a hardware update will be added to the appropriate ITSM tickets with details of their incompatibility.
The example below shows what an investigation looks like when selecting non-Windows 11 devices.
NQL:
Usage guide
Your content is now configured and ready to be used. For usage overview and recommendations, you can visit the usage guide:
Last updated