Windows 11 Elevated System Requirements

Windows 11 PC Health Check

Microsoft have released Windows 11 System Requirements:

They also have released a Windows 11 PC Check for Windows Insider which will check your system for Windows 11 compatibility:

Accept the License Agreement and select Install:

Select Finish and open the PC Check:

Select Check Now:

You will be informed whether your PC can run Windows 11 or not. If your PC can run Windows 11 you will be informed that the upgrade is free:

If you can't run Windows 11 you will be informed what component(s) do not satisfy Windows 11 System Requirements:

System Requirements Microsoft Traffic Light Designation

Although the PC Health Check App now states what is supported and what is unsupported. Microsoft have actually split the system requirements into three categories. These use a traffic light colouring system where:

  • Green (all requirements satisfied).
    • 8th Gen and higher Processors.
  • Yellow (the Processor model and/or TPM 2.0 requirement are not satisfied but all other system requirements are satisfied).
    • 6th and 7th Generation Processors.
    • 5th Generation Processors (Not Tested).
  • Red category (not supported).
    • Systems without a UEFI Boot with Secure Boot patched for the 2020 GRUB2 Security Exploit.
    • 1st to 3rd Generation Processors.
    • 4th Generation Processors (Not Tested).

The PC Health Check App does not distinguish a Yellow and a Red system. The Windows 11 Insider Preview 22000 ISO does and performs its own check before allowing installation:

  • Red System: In the case of an OptiPlex 790 with a 2nd Generation Processor, the Installation Media informs me that I cannot install Windows 11. This is because this system has an early UEFI BIOS without Secure Boot and a 2nd Generation Processor.
  • Yellow System: In the case of an OptiPlex 7040 with a 6th Generation Processor or OptiPlex 7050 with a 7th Generation Processor. The installation media does not flag up any issues and Windows 11 installs without incident.

Microsoft made an on the fly statement regarding unsupported systems "not receiving future updates" which has been picked up by the media. This is likely to reference major future Feature Updates and not minor Quality Updates and be applicable to systems that are Red and not Yellow.

They have recently moved the Windows 11 Dev Channel away from being a testing ground for the upcoming Windows 11 Version 21H2 to begin work on the next development of Windows 11 i.e. towards the next Feature Update. In the Windows 11 Insider Preview Blog, for the next Dev Build they have reiterated that:

  • Yellow systems: Will (at least for now) continue receiving Windows Insider Preview Builds however they will have a yellow notification in the Windows Update → Windows Insider Settings, that the PC may not perform as well as expected and may have issues that Microsoft may not fix.
  • Red systems: Will instead get a red warning warning in the Windows Update → Windows Insider Settings, stating that the PC is ineligible for the Windows Insider Program, prompting them to roll back to Windows 10. 

See the following Windows 11 Insider Preview Build 22449 blog for more details:

In support of the Windows 11 hardware requirements, the minimum requirement for previewing Window 11 builds in our Windows Insider Program was set to match the overall requirements for Windows 11, with the exception for TPM 2.0 and CPU family/model – the yellow column in the chart below. These PCs will continue to receive Insider Preview builds normally depending on which channel they have opted their PC into.

Windows 11 64 Bit Only

The Processor and the UEFI + Secure Boot requirement pretty much mean there will only be a 64 Bit version of Windows 11. i.e. Microsoft no longer want to waste resources developing both a 64 Bit and 32 Bit version when the userbase for 32 Bit Windows is tiny and no OEMs have shipped hardware with 32 Bit drivers for a long time.

Most Linux distros have also dropped 32 Bit versions in 2020 for the same reasons. Dropping 32 Bit support and the elevated hardware requirements is likely the main rationale for a new Windows "Version" 11 i.e. not just another Windows 10 Version YYHX.

64 Bit Processor

You can press [Ctrl] + [Shift] + [Esc] to open up the Task Manager. Your CPU should be listed:

Microsoft initially included a list of supported processors. This list seems to only list (Q4 2017) and newer CPUs. For Intel, this list essentially only includes 8th Generation Intel Processors and newer.

You can search for more details about your processor in Google by using the keywords Intel ark followed by your processor model, in this case i7-8700.

These system requirements are a bit more elevated than I would have expected. Microsoft have already relaxed this system requirement stating they will support 7th Generation and are looking at this system requirement in more detail. I am running the Windows 11 Insider Preview on a 6th Generation Intel Skylake Processor and personally expect this to eventually be the minimum system requirement as these processors come with systems that have a TPM 2.0 and have a UEFI BIOS that is patched past 2020 addressing the GRUB2 Security Exploit which compromised earlier versions of Secure Boot (more details below).

5th (Broadwell) Generation and Earlier Generation Intel Processors will not satisfy the additional Security requirements (TPM 2.0 requirement and a Secure Boot with 2020 GRUB2 Security Exploit Patch).

Random Access Memory 4 GB or Superior

At least 4 GB of RAM is required again indicating that Windows 11 is likely 64 Bit only. I personally at this stage would recommend at least 8 GB of RAM:

Storage Drive 64 GB or Superior

Microsoft have stated that the minimum disk size is 64 GB, personally I think they should have upped it to 120 GB or 250 GB and made a SSD mandatory as the Windows user experience with Windows 10 has been very poor on a HDD and Microsoft should avoid letting this issue carry over to Windows 11.

However Microsoft have mentioned that some elevated feature based system requirements such as DirectStorage will require a NVMe SSD.

Windows Display Driver Model 2.0 or Later

The graphics card has to be compatible with DirectX 12 or later with WDDM 2.0 driver. You can check the DirectX Version by selecting the GPU tab in the Task Manager. If the DirectX Version is 12 or later your system should be compatible.

You can also press [Windows] and [ r ] and type in dxdiag.

Select Yes and then select the Display Tab. The driver model should list the WDDM Version:

Unified Extensive Firmware Interface with 2020 Patched Secure Boot

To give Windows 11 a stronger baseline security looks like a Unified Extensive Firmware Interface (UEFI) with Secure Boot is mandatory. A UEFI Boot allows more than 4 partitions on the Boot Drive and therefore Windows 11 will use multiple recovery partitions reducing the likelihood of Boot Issues which plagued earlier Windows versions.

An updated Secure Boot requirement will greatly remove the likelihood of preboot malware from crippling a Windows installation. Windows 11 will therefore likely only work on Dell systems manufactured in 2016 hardware or later.

Secure Boot was released in 2012 however there was a GRUB2 Security Exploit in 2020 that rendered Secure Boot essentially useless. For more details see

OEMs released UEFI BIOS Updates for 6th Generation Intel Processors (2016 hardware or newer) and later to address this Security Exploit. Older systems manufactured before this time (Intel designated end of life systems) were not patched and therefore be unlikely to pass the Windows 11 elevated Secure Boot requirement system requirement.

Finally this will also simplify the installation procedure and lead to general consistency when it comes to creating a Bootable USB. My installation guides had to cover the nuances in the UEFI BIOS Setup when it came to creating a bootable USB for Windows 7/8.x and 10.

To check if you have a UEFI BIOS with Secure Boot. To check this type in [Windows] + [ r ] and then msinfo32:

Check to see if your BIOS Mode is UEFI and if Secure Boot is On. Also check to see the Version/Date. If it is after May 2020 you will likely have Secure Boot which addresses the GRUB2 Security Exploit. If it is before this time, check your OEMs drivers and downloads page to see if your system has a newer UEFI BIOS Update and Update to the latest version and then recheck the Version/Date. If it is still older than May 2020, you will likely be below the Secure Boot requirements for Windows 11.

You can check to see if Secure Boot is enabled in the UEFI BIOS Setup. Power up your Dell and press [F2] to enter the UEFI BIOS Setup. Expand the Secure Boot tab, check that Secure Boot is Enabled (if Secure Boot is Enabled your system will use a UEFI only Boot without Legacy ROMs):

Trusted Platform Module 2.0 or Later

Microsoft have stated that your computer requires a Trusted Platform Module (TPM) of Version 2.0 or later. A TPM is a component soldered onto the systems motherboard, that securely generates a cryptographic key. The cryptographic key is used as a security feature currently used for Bitlocker Device Encryption, Windows Hello, Measured Boot and Credential Guard.

The TPM was designed with the potential for much more but wasn't really realised as Windows 10 supported older hardware without this technology. Likely Microsoft will link the TPM to the Microsoft Store for the purposes of software license enforcement. i.e. software may use the computers unique TPM and a Microsoft Account for Product Activation.

OEM licenses for example will be tied to the computer and multiple computer licenses may only be activated on a handful of unique TPMs at a single time. Users will be able to associate Windows Devices (with unique TPMs) to their Microsoft Account. The intent is likely to make the Microsoft Store more flexible and actually useable for the full array of software available for Windows i.e. with the ability to provide executable programs (.exes) and not just the Metro Apps like in Windows 8.x or Universal Windows Platform Apps in Windows 10 that were more geared towards Windows Phone.

Microsoft have also purchased GitHub, which is an online (mainly open source) software repository and are following in Linux footsteps with command line base software installations. System administrators will therefore be able to setup a new Windows installation with a command line based script to download and install the latest version of all the required software packages towards the end of the Windows installation.

It is likely these software avenues will be expanded to commercial software vendors and the TPM will be used for product licensing/product activation/product evaluation periods.

Dell have stated that all 6th Generation Intel Systems have a TPM 2.0 included. For more details see:

Note the TPM Version 2.0 may have to be enabled in the UEFI BIOS setup for 6th Generation and 7th Generation Intel Processors as these systems have factory defaults that set the TPM to version 1.2 by default. TPM Version 1.2 (a software TPM) was the standard when these systems were sold but with Windows 11, Version 20 (a hardware TPM) will have to be used.

For a Dell system you will need to press [F2] during power up to enter the UEFI BIOS setup. Go to the Security Tab. Highlight the TPM 2.0 subtab. Ensure TPM 2.0, Attestation, Key Storage, SHA 256 are checked and at the bottom that Enabled is checked.

For a Lenovo system you will need to press [F1] during power up to enter the UEFI BIOS setup. Go to the Security Tab. Highlight Trusted Computing Group (TCG) Feature Setup. Then change the TCG setup from a Discrete TPM to a Firmware TPM.

To check your TPM version, press [Windows] and [ r ] and type in tpm.msc:

The specification version will be listed, it should be 2.0 or higher:

Microsoft Account

It seems Windows 11 Home must be setup using an internet connection and Microsoft Account. Likely Windows 11 Pro will allow use of a Local Account as tertiary OEMs such as scientific or medical instrument manufacturers tend to purchase computers from secondary OEMs (Dell, Lenovo or HP), the primary OEMs being the chip manufacturers (Intel and AMD). Tertiary OEMs tend to preinstall software to control normally specialised hardware on a Local Account as they don't have the end users email and password.