Microsoft has released a new version of its PC Health Check app to help Windows 10 users find out if their hardware supports an upgrade to Windows 11 in line with Microsoft's strict hardware requirements.
The new version of the PC Health Check app is available to members of the Windows Insiders program.
The app will come in focus after Microsoft releases Windows 11 to the general public on October 5. The app checks for things like whether the hardware supports Trusted Platform Module 2.0 and that it is enabled, as well as whether the processor, storage and memory or RAM meets Windows 11 minimum requirements.
SEE: Windows 11: Here's how to get Microsoft's free operating system update
Windows 11 minimum hardware requirements are turning into a prickly issue for Microsoft because they're seen by some as really restrictive and exclude 7th Gen Intel Core CPUs and first-generation AMD Zen processors.
Microsoft has been testing a new version of the PC Health Check app with Windows Insiders since last month. To get the upgrade immediately, users will need hardware with at least 4GB of memory and 64GB of storage.
Then there's hardware terms that many people will be flummoxed by: UEFI secure boot must be enabled; the graphics card must be compatible with DirectX 12 or later, with a WDDM 2.0 driver; and a Trusted Platform Module (TPM) 2.0 must be included and enabled.
As ZDNet's Ed Bott noted recently, Intel's Core 7820HQ is the only supported mainstream CPU, which happens to ship with Microsoft's Surface Studio 2.
There are methods to get Windows 11 on hardware that doesn't meet the minimum requirements, but you'll need to be curious, aware of the risks and technically adept to do it. If a PC isn't officially supported, it might not receive security patches and may malfunction, Microsoft has warned.
Hence, Microsoft released a revamped version of the PC Health Check app to help users navigate what looks to be the biggest OS version leap for some time. It's worth noting that there are about one billion Windows 10 PCs and many of those are on hardware that don't meet Windows 11 minimum hardware requirements.
Microsoft knows its requirements are going to be a challenge for Windows 10 users, many of whom will stare blankly at the mention of TPM, let alone TMP 2.0. TPM is a hardware-level security feature that underpins core Windows protections like Windows Hello biometrics authentication for its push, with FIDO2 certification for Windows, towards a Windows 10/11 world without passwords.
While TPM 2.0 is a minimum requirement and is available on most PCs shipped since around 2016 (Microsoft made TPM 2.0 a requirement for new Windows 8 PCs in 2013), Microsoft last month published a support note explaining how to enable TPM 2.0 on hardware capable of running it.
Some PCs can run TPM 2.0, but haven't been configured to use it – and Microsoft knows most people won't know how to enable it. Thanks to the diversity of Windows hardware, there's no single answer it can offer to Windows users, who most likely will have to ask Lenovo, HP, Dell, and Asus to find out how to enable it.
SEE: Windows 11 FAQ: Release date, requirements, price -- plus when and how to upgrade
"In some cases, PCs that are capable of running TPM 2.0 are not set up to do so. If you are considering upgrading to Windows 11, check to ensure TPM 2.0 is enabled on your device," Microsoft warns.
"If you are unfamiliar with this level of technical detail, we recommend that you consult your PC manufacturer's support information for more instructions specific to your device," it adds.
Microsoft recommends technically adept folk use the Windows Security app or the Microsoft Management Console to resolve Windows 11 TMP 2.0 issues.
Why is TPM 2.0 so important for Windows 11? Dave Weston, Microsoft's director of enterprise and OS security, explains it's a critical piece in mitigating phishing attacks that target multi-factor authentication for credential theft that's subsequently used in ransomware attacks. Weston admits TPM 2.0 is not a "cure all" solution, but argues it is a pretty good "Swiss-army knife" when enabled.
"Windows Hello bound to the TPM is a FIDO2 authenticator which is the INDUSTRY (Apple, Google) standard for preventing phishing with MFA/passwordless. Guess which 2 of the 3 top ransomware vectors this helps with?? I know educating on the internet can be futile, I'll keep trying," he explained on Twitter.