Windows 11 Elevated System Requirements

Update: Microsoft Respond to Windows Installation Feedback

Microsoft initially released Windows 11 system requirements with a limited number of supported processors. In the case of Intel Processors only supporting 8th Generation Processors and newer.

Support 6th Generation (Skylake) and 7th generation (Kabylake) Processors for Windows 11

The Windows 11 PC Check reports the OptiPlex 7040 (6th Generation Intel Processor) and OptiPlex 7050 (7th Generation Intel Processor) systems to be incompatible. The system requirements are a bit more elevated than I would have expected. I personally would expect Windows 11 to work on 6th (Skylake) and 7th (Kabylake) Generation Intel Processors which are from around 2016-2017. Moreover i5-6xxx, i7-6xxx, i5-7xxx and i7-7xxx have a marginal difference in system performance and technologies available compared to i3-8xxx and are superior to the supported Atom and Celeron products. These processors also meet all of Windows 11 other system requirements and Dell have stated that all Skylake Systems have regarding a Trusted Platform Module (TPM Version 2.0) c.f. Dell Article Number: 000103639 and a UEFI BIOS with Secure Boot patched to address the GRUB2 Security Exploit c.f Dell Article Number: 000177589.

On the 28th of June Microsoft have responded to our feedback:

Microsoft Response:

Microsoft have released the first Dev Insider Preview Build of Windows 11. It looks like they have a traffic light system with:

  • Green: Meeting the original Windows 11 Hardware Requirements. i.e. 8th Generation Intel Processors, TPM 2.0 and newer.
  • Amber: Not Meeting Windows 11 Hardware Requirements but Meeting Minimum Requirements for the Windows Insider Program. Microsoft have stated that they will remove the CPU model and TPM 2.0 requirement for the Windows 11 Insider Preview. They will then use the Windows Insider Program to learn how Windows 11 performs across CPU models more comprehensively, informing any adjustments we should make to our minimum system requirements in the future.
    • Installation works on 6th and 7th Generation Intel Processors. I personally expect 6th Generation Intel (Skylake) to be the eventual minimum system requirements as these systems have a TPM 2.0 and a UEFI BIOS with Secure Boot (2020 GRUB2 Security Exploit Patched).
    • There have been some reporting a successful installation of the initial Windows 11 Dev Insider Preview on a system with a 4th Generation and 5th Generation Intel Processor however these systems lack a TPM 2.0 and although they have a UEFI with Secure Boot it is not patched for the 2020 GRUB2 Security Exploit as these CPU Models are at End of Life and therefore no longer receiving security patches from Intel (the last UEFI BIOS Update for the 4th Generation OptiPlex 7020 for example is in 2019 before the Security Exploit was discovered and patched). I suppose it will depend on the measured performance and overall ratio of systems in the Windows Insider Preview with these processors.
  • Red: Not Meeting Requirements for the Windows Insider Program. This is likely the case for 5th Generation Intel Processors and earlier that don't have a TPM Version 2.0 although the TPM requirement.

Windows 11 PC Check

Microsoft have released Windows 11 System Requirements:

They also have released a Windows 11 PC Check which will check your system for Windows 11 compatibility:

The PC Check App has been removed as Microsoft have acknowledged it was not detailed or accurate enough. They are reviewing the system requirements and will likely introduce an updated PC Check App at a later date.

The screenshots below are from the original PC Check App. However I go through the checks using the task manager and some basic command lines and explain the system requirements and the rationale for them in more detail.

Accept the License Agreement and select Install:

Select Finish and open the PC Check:

Select Check Now:

You will be informed whether your PC can run Windows 11 or not. If your PC can run Windows 11 you will be informed that the upgrade is free:

If you can't run Windows 11 you will be informed that you can keep using Windows 10 (until 2025 when Windows 10 reaches end of life):

Windows 11 64 Bit Only

The Processor and the UEFI + Secure Boot requirement pretty much mean there will only be a 64 Bit version of Windows 11. i.e. Microsoft no longer want to waste resources developing both a 64 Bit and 32 Bit version when the userbase for 32 Bit Windows is tiny and no OEMs have shipped hardware with 32 Bit drivers for a long time.

Most Linux distros have also dropped 32 Bit versions in 2020 for the same reasons. Dropping 32 Bit support and the elevated hardware requirements is likely the main rationale for a new Windows "Version" 11 i.e. not just another Windows 10 Version YYHX.

64 Bit Processor

You can press [Ctrl] + [Shift] + [Esc] to open up the Task Manager. Your CPU should be listed:

Microsoft initially included a list of supported processors. This list seems to only list (Q4 2017) and newer CPUs. For Intel, this list essentially only includes 8th Generation Intel Processors and newer.

You can search for more details about your processor in Google by using the keywords Intel ark followed by your processor model, in this case i7-8700.

These system requirements are a bit more elevated than I would have expected. Microsoft have already relaxed this system requirement stating they will support 7th Generation and are looking at this system requirement in more detail. I am running the Windows 11 Insider Preview on a 6th Generation Intel Skylake Processor and personally expect this to eventually be the minimum system requirement as these processors come with systems that have a TPM 2.0 and have a UEFI BIOS that is patched past 2020 addressing the GRUB2 Security Exploit which compromised earlier versions of Secure Boot (more details below).

5th (Broadwell) Generation and Earlier Generation Intel Processors will not satisfy the additional Security requirements (TPM 2.0 requirement and a Secure Boot with 2020 GRUB2 Security Exploit Patch).

Random Access Memory 4 GB or Superior

At least 4 GB of RAM is required again indicating that Windows 11 is likely 64 Bit only. I personally at this stage would recommend at least 8 GB of RAM:

Storage Drive 64 GB or Superior

Microsoft have stated that the minimum disk size is 64 GB, personally I think they should have upped it to 120 GB or 250 GB and made a SSD mandatory as the Windows user experience with Windows 10 has been very poor on a HDD and Microsoft should avoid letting this issue carry over to Windows 11.

However Microsoft have mentioned that some elevated feature based system requirements such as DirectStorage will require a NVMe SSD.

Windows Display Driver Model 2.0 or Later

The graphics card has to be compatible with DirectX 12 or later with WDDM 2.0 driver. You can check the DirectX Version by selecting the GPU tab in the Task Manager. If the DirectX Version is 12 or later your system should be compatible.

You can also press [Windows] and [ r ] and type in dxdiag.

Select Yes and then select the Display Tab. The driver model should list the WDDM Version:

Unified Extensive Firmware Interface with 2020 Patched Secure Boot

To give Windows 11 a stronger baseline security looks like a Unified Extensive Firmware Interface (UEFI) with Secure Boot is mandatory. A UEFI Boot allows more than 4 partitions on the Boot Drive and therefore Windows 11 will use multiple recovery partitions reducing the likelihood of Boot Issues which plagued earlier Windows versions.

An updated Secure Boot requirement will greatly remove the likelihood of preboot malware from crippling a Windows installation. Windows 11 will therefore likely only work on Dell systems manufactured in 2016 hardware or later.

Secure Boot was released in 2012 however there was a GRUB2 Security Exploit in 2020 that rendered Secure Boot essentially useless. For more details see

OEMs released UEFI BIOS Updates for 6th Generation Intel Processors (2016 hardware or newer) and later to address this Security Exploit. Older systems manufactured before this time (Intel designated end of life systems) were not patched and therefore be unlikely to pass the Windows 11 elevated Secure Boot requirement system requirement.

Finally this will also simplify the installation procedure and lead to general consistency when it comes to creating a Bootable USB. My installation guides had to cover the nuances in the UEFI BIOS Setup when it came to creating a bootable USB for Windows 7/8.x and 10.

To check if you have a UEFI BIOS with Secure Boot. To check this type in [Windows] + [ r ] and then msinfo32:

Check to see if your BIOS Mode is UEFI and if Secure Boot is On. Also check to see the Version/Date. If it is after May 2020 you will likely have Secure Boot which addresses the GRUB2 Security Exploit. If it is before this time, check your OEMs drivers and downloads page to see if your system has a newer UEFI BIOS Update and Update to the latest version and then recheck the Version/Date. If it is still older than May 2020, you will likely be below the Secure Boot requirements for Windows 11.

You can check to see if Secure Boot is enabled in the UEFI BIOS Setup. Power up your Dell and press [F2] to enter the UEFI BIOS Setup. Expand the Secure Boot tab, check that Secure Boot is Enabled (if Secure Boot is Enabled your system will use a UEFI only Boot without Legacy ROMs):

Trusted Platform Module 2.0 or Later

Microsoft have stated that your computer requires a Trusted Platform Module (TPM) of Version 2.0 or later. A TPM is a component soldered onto the systems motherboard, that securely generates a cryptographic key. The cryptographic key is used as a security feature currently used for Bitlocker Device Encryption, Windows Hello, Measured Boot and Credential Guard.

The TPM was designed with the potential for much more but wasn't really realised as Windows 10 supported older hardware without this technology. Likely Microsoft will link the TPM to the Microsoft Store for the purposes of software license enforcement. i.e. software may use the computers unique TPM and a Microsoft Account for Product Activation.

OEM licenses for example will be tied to the computer and multiple computer licenses may only be activated on a handful of unique TPMs at a single time. Users will be able to associate Windows Devices (with unique TPMs) to their Microsoft Account. The intent is likely to make the Microsoft Store more flexible and actually useable for the full array of software available for Windows i.e. with the ability to provide executable programs (.exes) and not just the Metro Apps like in Windows 8.x or Universal Windows Platform Apps in Windows 10 that were more geared towards Windows Phone.

Microsoft have also purchased GitHub, which is an online (mainly open source) software repository and are following in Linux footsteps with command line base software installations. System administrators will therefore be able to setup a new Windows installation with a command line based script to download and install the latest version of all the required software packages towards the end of the Windows installation.

It is likely these software avenues will be expanded to commercial software vendors and the TPM will be used for product licensing/product activation/product evaluation periods.

Dell have stated that all 6th Generation Intel Systems have a TPM 2.0 included. For more details see:

Note the TPM Version 2.0 may have to be enabled in the UEFI BIOS setup for 6th Generation and 7th Generation Intel Processors as these systems have factory defaults that set the TPM to version 1.2 by default. TPM Version 1.2 (a software TPM) was the standard when these systems were sold but with Windows 11, Version 20 (a hardware TPM) will have to be used.

For a Dell system you will need to press [F2] during power up to enter the UEFI BIOS setup. Go to the Security Tab. Highlight the TPM 2.0 subtab. Ensure TPM 2.0, Attestation, Key Storage, SHA 256 are checked and at the bottom that Enabled is checked.

For a Lenovo system you will need to press [F1] during power up to enter the UEFI BIOS setup. Go to the Security Tab. Highlight Trusted Computing Group (TCG) Feature Setup. Then change the TCG setup from a Discrete TPM to a Firmware TPM.

To check your TPM version, press [Windows] and [ r ] and type in tpm.msc:

The specification version will be listed, it should be 2.0 or higher:

Microsoft Account

It seems Windows 11 Home must be setup using an internet connection and Microsoft Account. Likely Windows 11 Pro will allow use of a Local Account as tertiary OEMs such as scientific or medical instrument manufacturers tend to purchase computers from secondary OEMs (Dell, Lenovo or HP), the primary OEMs being the chip manufacturers (Intel and AMD). Tertiary OEMs tend to preinstall software to control normally specialised hardware on a Local Account as they don't have the end users email and password.