Windows - Configuration - Windows 11 Feature Update

What the Windows 11 Feature Update Worklet does

This Automox Worklet™ performs an in-place Windows 11 Feature Update on Windows 10 endpoints using Microsoft's Windows Installation Assistant utility. The Worklet first validates that your endpoint meets all Windows 11 hardware requirements, then downloads and executes the upgrade silently.

The Worklet checks CPU compatibility against Microsoft's supported processor lists (Intel 8th generation or newer, AMD Ryzen 2000 series or newer, or Qualcomm Snapdragon 850 and newer). It verifies Trusted Platform Module (TPM) 2.0 is present and enabled, confirms Secure Boot is active, and validates minimum storage (64GB) and memory (4GB) requirements.

Once validation passes, the Worklet downloads the Windows Installation Assistant and initiates the upgrade process. The cached upgrade is stored on your endpoint and typically requires several hours to complete, depending on bandwidth. Your endpoints will reboot automatically once the upgrade is fully staged.

Why upgrade to Windows 11

Windows 11 delivers significant security improvements over Windows 10, including mandatory Secure Boot enforcement, enhanced kernel protections, and improved threat mitigation. Microsoft's support timeline for Windows 10 extends only to October 2025, making timely upgrades essential for maintaining a compliant and secure infrastructure.

Your IT operations team benefits from automated validation that prevents failed upgrades. The Worklet eliminates manual hardware compatibility checks by programmatically verifying CPU generation, TPM status, and boot configuration. This reduces support tickets from upgrade failures and maintains consistent deployment across your endpoint fleet.

Windows 11 introduces productivity improvements including Snap Layouts, virtual desktops, and enhanced task switching that increase user efficiency. Your organization gains native support for DirectStorage, advanced gaming features, and improved ARM64 compatibility for future endpoint deployments.

How Windows 11 feature upgrade works

1. Evaluation phase: The Worklet checks the current OS version. If the endpoint runs Windows 11 build 22000 or higher, it is marked compliant and the Worklet exits. For Windows 10 endpoints, the Worklet runs the Windows 11 eligibility check. It validates TPM 2.0 presence and activation, verifies the CPU is on Microsoft's supported processor list (Intel 8th gen or newer, AMD Ryzen 2000 or newer, Qualcomm Snapdragon 850 or newer), confirms Secure Boot is enabled via UEFI, checks disk size exceeds 64GB, and totals all RAM modules to confirm at least 4GB capacity. If all checks pass, the endpoint is flagged for remediation. If any check fails, the Worklet exits without remediation and logs the specific failure reason.

2. Remediation phase: The Worklet re-runs the eligibility check to confirm the endpoint still qualifies for upgrade. Upon passing validation, it downloads the Windows Installation Assistant from Microsoft (https://go.microsoft.com/fwlink/?linkid=2171764) and executes it silently with specific parameters (/quietinstall, /skipeula, /auto upgrade). The Assistant caches the full Windows 11 installation media locally under C:\$WINDOWS.~BT\, which consumes approximately 23GB of storage. Log files are saved to C:\Win11UpgradeTemp\Logs\. After caching completes, the Windows Installation Assistant displays a one-minute reboot notification before automatically restarting your endpoint to finalize the upgrade.

Windows 11 upgrade requirements

• Windows 10 x64 edition as the base operating system

• PowerShell 5.0 or higher

• CPU on Microsoft's supported processor list: Intel 8th generation or newer (Coffee Lake+), AMD Ryzen 2000 series or newer, AMD Threadripper (all models), AMD EPYC 2nd gen or newer, Qualcomm Snapdragon 850 or newer, or Intel Core Ultra processors

• Trusted Platform Module (TPM) 2.0 that is both enabled and activated in firmware

• Secure Boot enabled via UEFI firmware

• Minimum 64GB primary storage drive (larger endpoints with multiple drives must have at least 64GB on Disk 0)

• Minimum 4GB total system RAM (the Worklet sums all installed memory modules to validate this requirement)

• TLS 1.2 support for downloading the Windows Installation Assistant (the Worklet automatically enables TLS 1.2 if required)

• Sufficient internet bandwidth for downloading approximately 5GB-6GB upgrade media during the caching phase

• Scheduled maintenance window allowing several hours for caching and automatic reboot

Expected state after Windows 11 upgrade

Upon successful completion, your endpoint will be running Windows 11 with build 22000 or higher. You can verify successful installation by checking the installed applications list in Control Panel or by searching for the application in the Start menu. The upgrade preserves your user profiles, installed applications, and system configuration. The Worklet exit code reflects only the completion of the caching and staging phases; the actual upgrade finalization occurs after the automatic reboot, which is not captured in the Automox Activity Log.

You can verify a successful upgrade by checking the Windows version on the endpoint (Settings > System > About will display Windows 11). Detailed upgrade logs are available in C:\$WINDOWS.~BT\Sources\Panther\ on the endpoint, including setupact.log (all setup actions) and setuperr.log (any errors encountered). If your endpoint required TLS 1.2 enablement, it will remain enabled after the upgrade. Note that failed eligibility checks do not proceed to remediation, allowing you to address hardware limitations before attempting the upgrade on non-qualifying endpoints.

How to validate windows 11 feature update changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for windows 11 feature update.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Co-Author, Test-CPUCompatibility, Get-CimInstance.

4. Validate remediation effects from script operations such as Co-Author, Test-CPUCompatibility, Get-CimInstance, then rerun evaluation for compliance.