What’s New for Feds in Windows 11?

Microsoft has unveiled the next generation of its Windows software, called Windows 11, that has a new “start menu” and other features.

Microsoft has unveiled the next generation of its Windows software, called Windows 11, that has a new “start menu” and other features. Mark Lennihan/AP

Hybrid work environments seem to have influenced the design and features of Windows 11.

By now everyone has probably started to see commercials on TV, YouTube and many other places for Windows 11. The new operating system is slowly becoming available for free to anyone running Windows 10 whose computer meets the minimum specifications for the new OS. The question is whether feds should consider upgrading or stick with Windows 10.

The minimum specifications required to run Windows 11 are at least a 1 GHz processor with two or more cores and a 64-bit processor. You will also need 4G of RAM and 64G of storage space. As with everything else, having better hardware will result in better performance. Those who are close to the minimum specifications should probably stick with Windows 10, especially if their systems are performing well right now. There have been reports of slow performance on borderline systems after making the upgrade.

And you don’t have to decide on Windows 11 right now. Microsoft says that Windows 10 will be supported through 2025, so you have some time before you may be forced to make the switch. Given that most federal agencies would probably choose stability over features, they may want to wait a couple of months or even longer before jumping into the Windows 11 user pool and let the early adopters work out all the little bugs and foibles that come with any new operating system.

Microsoft sent me a factory-new Surface Go 3 tablet with a fresh build of Windows 11 to evaluate the performance of the new operating system, and to check out the new security and usability features that federal employees, and especially those working in a hybrid environment, might find most useful. In addition to the Surface Go 3 tablet, which has an i3 processor and 8G of RAM, Windows 11 was also installed as an upgrade on several machines in the test lab with various configurations.

Installation times were about the same as when adding any new OS going back to Windows 7. On the clean Surface Go 3, it took about 10 minutes to get the tablet set up, and then about 45 minutes to download and install all the security and Windows updates that the new device was missing when it shipped from the factory. For lab machines that were upgrading from Windows 10, the installation process took a lot longer, but the updates (which are clearly shared with Windows 10 for now) took almost no time at all because they were all up to date before Windows 11 was installed.

Teaming Up with a Hybrid Workforce

The fact that a majority of federal employees, along with many others, are working in so-called hybrid environments where they divide their time between a traditional office and a home office, seems to have influenced the design and features of Windows 11.

One of the most noticeable additions in this area is the fact that Microsoft Teams is now integrated directly into the operating system. Given the fact that a majority of government agencies tapped into Teams to help network employees at the start of the pandemic, and the National Institute for Standards and Technology and other federal agencies now offer guidance on how to safely use that tool, seeing it integrated directly into Windows 11 will only simplify the situation. 

In fact, the Microsoft Teams chat function is a default icon sitting at the middle of the new taskbar at the bottom of the Windows 11 homepage. So you can load that up when the device boots and directly keep in touch with all of your coworkers without having to load up the rest of the suite. On the backend, Microsoft is working to make Teams more accessible to those using Mac, Android and iOS devices too, so the community of Teams users will likely grow. Integration with the OS also gives administrators the ability to pre-configure Team settings and security for agency-owned devices deploying with Windows 11.

Virtual Desktops for the Masses

Configuring virtual desktops with Windows 10 was always possible, but required some advanced skills to do it right and safely. Windows 11 makes it easy for users to configure virtual desktops with almost no training required.

The advantage for federal employees using their personal devices for work is that they can easily set up one virtual desktop for their work, another for their private use, and maybe others for specific needs like their kid’s schoolwork or their personal gaming habits. Each virtual desktop can have its own permissions, applications and security settings, so it’s pretty easy to keep your work and personal life separate, which is not always so straightforward in a hybrid work environment.

Access to Accessibility  

Government has always been one of the biggest supporters of people with disabilities, as evidenced by Section 508, which must be considered for most government purchases. Windows 11 makes many accessibility features a native part of the operating system now, so there is no need to wrestle with third-party applications and wonder about compatibility.

The most useful of these new accessibility features is the fact that voice typing and commands are fully supported across the entire OS. A lot of little subtle changes have also been made, like putting more space between the icons for touchscreen users, so you don’t have to be quite so accurate if you have some mobility issues.

Haptic feedback has also been added to the digital pen for Microsoft tablets running Windows 11 like the Surface Go 3 provided for this evaluation. Users can feel and hear feedback through the pen when using it with certain applications. And gesture support has also been added for devices with touchscreens, which means less typing on a keyboard or having to bring up a virtual keyboard if you are using your Windows 11 device in tablet or slate mode.

Zero-Trust Ready 

Many federal agencies are moving towards a zero-trust environment, and it’s an underpinning of the cybersecurity strategy put forward by the Biden administration. Windows 11 includes several features that should help devices running it more easily integrate into a zero-trust network.

Most of these features exist on the backend of a Windows 11 device, so users are unlikely to see them or even know about them, though network administrators and security teams certainly will. The biggest one is the fact that Windows 11 supports Microsoft Azure Attestation, or MAA, by default. 

MAA is used to evaluate a hardware platform against agency policies to ensure that the binaries running there haven’t been tampered with or changed by malware or malicious users. Devices also have to prove that they have all the appropriate security protocols and requirements enabled. This should allow Windows 11 devices to easily integrate into zero-trust networking environments as agencies bring them online. Windows 11 won’t enable zero trust by itself but can act as a critical component of any highly secure network.

Playing in the Sandbox

Windows 11 also comes with a sandbox application for testing programs that users feel might be suspicious, or it can also be used by those developing new applications to see how they perform without risking the entire platform.

It’s not active by default, and not easy to get to, but it’s still notable that Microsoft included such a powerful tool as part of the new OS, even if the overwhelming majority of users will probably never find or use it. To enable it, you have to hit the Windows Key and R at the same time, and then type “optionalfeatures.exe” into the command line. Check to enable Windows Sandbox at the bottom of the list that pops up. Then you need to reset the computer.

Once active, you can select it like any other program from the command line. You then need to install any program you want to test in the sandbox into the new sandbox environment. You can’t use the sandbox with programs that are already active on the desktop. You need to do a fresh install of any tested program directly into the sandbox. Nothing within the sandbox has any access to real system resources, the registry or .dll files. When you close the sandbox, all instances and everything the tested program did will disappear forever. If malware exists, it won’t be able to leave the sandbox and penetrate the rest of the device.

It would be nice if Microsoft would make the new sandbox a little more user-friendly, and the company may do that at some point in the future, but even now it’s nice to see such an advanced tool included with the new OS.

Performance Testing 

In terms of benchmarking and performance, there was almost no difference between systems running Windows 10 that were upgraded to Windows 11. Users likely won’t notice any difference on most machines before and after the upgrade. 

The one exception to keep in mind is that systems that are on the cusp of being able to run Windows 11 might experience slower performance. Some of the Windows 11 security features require a bit more from of their device’s processors, so performance might take a bit of a dive on borderline systems.

Should Agencies Upgrade?

Windows 11 began rolling out on Oct. 5, though some users probably won’t get their invite until the middle of next year. Agencies and large government organizations can probably work out a special installation plan from Microsoft. But should they?

In general, the Windows 11 version that was tested was very stable. The little Surface Go 3 is hardly a powerhouse, with just an Intel i3 processor. And yet, it was able to do everything that was asked of it, even having multiple windows open while taking advantage of some of the new features like Teams Chat. Systems that were upgraded to the new OS didn’t generally perform better or worse when going from Windows 10 to Windows 11.

So the upgrade question may come down to the new features, and especially for government, the security enhancements. The biggest advantage for government is probably support for MAA right out of the box. Agencies looking to implement a zero-trust network can check off one of those many boxes on that complex road by simply providing Windows 11 devices to their users and phasing out less secure ones. However, zero trust is a long journey, and if an agency is not ready for that step, then there is little need to rush to Windows 11 right now. 

All of the usability features in the new OS are impressive, and things like virtual desktops can be really helpful for hybrid workers moving between environments. But it’s a case of want versus need. For now, if an agency wants to upgrade, then Windows 11 has a lot of nice features that federal employees will appreciate. And when they need to upgrade, such as when zero-trust networking finally fully takes off, then Windows 11 is ready to support those efforts.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau. Twitter: @LabGuys

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.