.png){kind=logo}
Windows 10 hits end of support on 14 October 2025. If a device can’t move to Windows 11, you’re looking at Extended Security Updates or leaving users on an ageing OS. Neither is a great long-term plan.
The biggest blocker you’ll meet is TPM 2.0. Without TPM 2.0 (and Secure Boot/UEFI), upgrading to Windows 11 is not straightforward. The good news: you don’t need to go device by device or tenant by tenant in Intune. Eido surfaces this information for you in one place, as it's a property on each device.
TPM 2.0 isn’t just a box-tick. It underpins BitLocker, credential protection and Windows 11’s security model. Plenty of devices technically support it but ship with firmware TPM disabled, or need a BIOS update before they’ll report 2.0. That’s why an early sweep is worth its weight so procurement, engineering and comms can move in lockstep and you’re not scrambling next summer.
With Eido, you connect all your Intune tenants once and get an estate-wide readout. Navigate to Reports and take a look at the TPM Version and TPM Specification fields. That’s your first pass list of Windows 11 blockers.
From there, add UEFI as a column so you’re not fixing one issue only to discover another later. Save the whole thing as a segment (e.g., Win11-Blockers) so it updates as devices enrol or change state. You’ll have a single source of truth you can export for client updates, CAB meetings, and budget asks. Everything needed is on this report for TPM, with Secure Boot info coming soon.
Not every red flag needs new hardware. Read the list like this:
Eido also shows the device make and model, allowing you to see at a high level devices by make and model on our dashboards. Once you’ve identified a specific model that can’t be upgraded, you can filter on it in the Devices view. This feature is super helpful for locating devices that need to be replaced or understanding how to go about upgrading the firmware version (e.g., via Intune using Entra group membership).
Nothing derails a project like “new” non-compliant machines appearing mid-flight. In Eido, you can set an alert for devices with TPM < 2.0 or TPM absent at a high level. While this alert isn't currently available at such granular detail, you can still route notifications for any device issues to Teams/Slack or automatically create a ServiceNow ticket. This ensures that new builds and late joiners don’t reintroduce risk while you're closing the gap.
Stakeholders don’t want raw inventory; they want “are we safe?” and “what will it cost?”. Eido’s export gives you:
That combination tends to unlock procurement faster than a spreadsheet of serial numbers ever will.
Two gotchas bite most teams: assuming “TPM present” equals 2.0 (it doesn’t, check the version), and forgetting VMs(they need vTPM just like physical devices need TPM). The third is human: doing a one-off audit, fixing half the list, and moving on. Keep the segment and alerts live until your readiness number reads where you want it, then leave the alert in place to catch regressions.
If you’re managing multiple tenants, this is exactly the kind of cross-estate job Eido was built for. Connect your tenants, pull the encryption report view, and you’ll know how far you are from the October 2025 line.
.png)
.png)
System Center Dudes and Eido are partnering to bring you the complete package for Intune
Eido is sponsoring Workplace Ninjas UK 2025
Eido Partners with EBF to Deliver Game-Changing Intune Reporting Solutions to EBF Customers.
We're thrilled to announce that Eido.cloud will be sponsoring the MMS 2024 Flamingo Edition, taking place this October in sunny Florida!
.png)
Just dived into Windows 11 Version 24H2—here's our take on the coolest new features that every sysadmin and IT pro needs to know about!
We are super excited to sponsor the Workplace Ninjas UK event in Manchester, focusing on Microsoft technologies. We hope to see you there!
.png)
Why IT Pro's and Managers should choose Microsoft Intune as their go-to MDM solution.
.png)
Deploy and manage BitLocker across your organization using Microsoft Intune, ensuring enhanced data security through encryption and key recovery.
The blog post explains how to easily set up and deploy WiFi profiles with Microsoft Intune, enabling secure and automatic network access for users and devices across an organization.
.png)
