As Microsoft’s end-of-support deadline for Windows 10 looms on October 14, a new study by ControlUp reveals a landscape of significant, if uneven, progress among enterprises migrating to Windows 11—a transition shaping IT strategy for organizations across the globe. With only four months remaining, just half of enterprise Windows endpoints have completed their migration, signaling both impressive gains and stubborn, often complex, roadblocks for IT leaders.
The ControlUp Windows 11 Readiness report, which analyzed data from over one million enterprise Windows endpoints, sets a cautiously optimistic tone. Migration rates have improved substantially year-over-year: while more than 82% of enterprise devices lacked Windows 11 a year ago, that figure now stands at 50%. This acceleration reflects enterprises’ urgency as the cutoff date approaches, yet it’s clear that massive numbers of machines still require migration—or replacement—before time runs out.
“It’s heartening to see the 50% mark, but with the clock ticking toward end of support, it’s not time to relax,” says Marcel Calef, Americas Field CTO at ControlUp. “Many enterprises still face significant hardware and planning challenges.” Calef’s warning is underpinned by hard numbers: as of June 2025, an estimated 500,000+ enterprise endpoints out of the one million surveyed remain on Windows 10. The ramifications of this are profound, as unsupported systems will face rapidly escalating security risks and compatibility issues post-deadline.
Microsoft’s end-of-support policy means Windows 10 devices will stop receiving security updates, bug fixes, and technical assistance—a situation that could expose laggard enterprises to cyberattacks and significant compliance risks. This is a particular concern in regulated sectors, such as healthcare and finance, where the stakes of unpatched vulnerabilities are higher.
For technology and education, a culture of rapid adoption and the lifecycle of devices may smooth the migration path, while investment in newer hardware is already part of annual budgeting in many tech and research-driven organizations.
In conversations with IT leaders, many cite supply chain disruptions, stretched internal teams, and competing digital transformation priorities as reasons for delayed upgrades. The urgency is amplified for companies with a distributed global footprint, forcing them to meet the highest bar for readiness or risk creating weak links in their global IT ecosystems.
“Large enterprises need holistic assessment tools to plan migrations—it’s not just about flipping a switch for a thousand users,” says Calef. He references ControlUp’s own Windows 11 readiness assessment as a solution, which provides instant evaluations for endpoint compatibility, flags machines requiring upgrades, and identifies those needing replacement, all from a unified dashboard.
Automation and analytics-driven approaches to endpoint management are increasingly essential. The volume and heterogeneity of devices, combined with hybrid work models and privacy regulations, mean that legacy spreadsheet-driven asset inventories are no longer fit for purpose. Instead, leaders are leaning heavily into cloud-based management platforms that surface actionable insights in real time.
In finance, while only 3% of devices must be replaced, the risk of unpatched hardware running obsolete operating systems could pose an outsized security liability—especially as threat actors increasingly target the financial sector’s digital infrastructure.
The only viable path for organizations with obsolete hardware is to phase out or replace noncompliant endpoints—a process that comes with budget, staffing, and training consequences. As one IT manager in a European healthcare network put it, “We can’t deploy Windows 11 to radiology workstations built a decade ago. But replacing those devices isn’t just a cost—it’s about managing sensitive data, specialized peripherals, and clinical uptime.”
The broader DEX movement is not confined to ControlUp. Vendors such as Microsoft with its Endpoint Manager (Intune), VMware Workspace ONE, and others have developed solutions to inventory, assess, and remediate upgrade-related issues in bulk. These tools go beyond migration, providing a holistic view of endpoint health, performance analytics, and user experience indicators.
Critically, such platforms also help IT teams discover and sunset “shadow IT”—machines, user groups, or applications flying under the radar, which might otherwise fall through the cracks during a large-scale OS upgrade.
The availability of automation, analytics, and specialized assessment tools also marks a step-change from previous OS upgrades. IT teams now have unprecedented visibility and control, mitigating risks and anticipating issues before they disrupt business operations.
It is also worth noting that the security improvements in Windows 11, while substantial, are only effective if organizations follow through on endpoint management best practices, including timely patching, user education, and decommissioning of legacy systems. The presence of unsupported endpoints—even in isolation—can undermine otherwise successful migrations.
Leading platforms, such as ControlUp’s DEX suite, Microsoft Endpoint Manager, and others, are rapidly expanding their offerings to include next-level automation, unified management across cloud and on-premises devices, and enhanced support for hybrid and remote work.
As organizations modernize their endpoint strategies, lessons learned from this cycle—about cross-functional communication, resource allocation, and risk management—will be critical as new platforms and operating systems iterate ever faster.
Failure, by contrast, may carry costs far beyond the IT department—implicating regulatory compliance, customer trust, and organizational reputation on the world stage. For IT leaders and professionals, there has rarely been a moment demanding more focus, expertise, and resolve.
Source: GlobeNewswire Half of Enterprise Windows Endpoints Have Not Yet Migrated to Windows 11, According to ControlUp Study
The ControlUp Windows 11 Readiness report, which analyzed data from over one million enterprise Windows endpoints, sets a cautiously optimistic tone. Migration rates have improved substantially year-over-year: while more than 82% of enterprise devices lacked Windows 11 a year ago, that figure now stands at 50%. This acceleration reflects enterprises’ urgency as the cutoff date approaches, yet it’s clear that massive numbers of machines still require migration—or replacement—before time runs out.“It’s heartening to see the 50% mark, but with the clock ticking toward end of support, it’s not time to relax,” says Marcel Calef, Americas Field CTO at ControlUp. “Many enterprises still face significant hardware and planning challenges.” Calef’s warning is underpinned by hard numbers: as of June 2025, an estimated 500,000+ enterprise endpoints out of the one million surveyed remain on Windows 10. The ramifications of this are profound, as unsupported systems will face rapidly escalating security risks and compatibility issues post-deadline.
Microsoft’s end-of-support policy means Windows 10 devices will stop receiving security updates, bug fixes, and technical assistance—a situation that could expose laggard enterprises to cyberattacks and significant compliance risks. This is a particular concern in regulated sectors, such as healthcare and finance, where the stakes of unpatched vulnerabilities are higher.
Industry Disparities: Winners and Laggards
A closer look at the ControlUp findings reveals pronounced gaps between sectors—and within organizations of various sizes:- Education and Technology sectors lead the migration race, with 77% and 73% of endpoints respectively running Windows 11.
- Healthcare and Finance sectors are behind, at just 41% and 45% migration respectively.
For technology and education, a culture of rapid adoption and the lifecycle of devices may smooth the migration path, while investment in newer hardware is already part of annual budgeting in many tech and research-driven organizations.
Regional Variations Paint a Complex Picture
Zooming out to a global view, ControlUp’s study underlines distinct regional differences:- Americas have only 43% of endpoints upgraded to Windows 11, lagging Europe (70%) and other global regions (66%).
- Yet 87% of devices in the Americas are Windows 11-ready, highlighting a gap between technical capability and project execution.
In conversations with IT leaders, many cite supply chain disruptions, stretched internal teams, and competing digital transformation priorities as reasons for delayed upgrades. The urgency is amplified for companies with a distributed global footprint, forcing them to meet the highest bar for readiness or risk creating weak links in their global IT ecosystems.
Scale and Complexity: The Plight of Large Enterprises
ControlUp’s data spotlights a stark challenge for larger organizations—those with over 10,000 Windows devices. Here, just 42% of endpoints have made the switch. Scale magnifies every challenge: more endpoints mean more legacy hardware, more variability in device roles, and more entanglement with legacy software suites that may not be Windows 11-compatible.“Large enterprises need holistic assessment tools to plan migrations—it’s not just about flipping a switch for a thousand users,” says Calef. He references ControlUp’s own Windows 11 readiness assessment as a solution, which provides instant evaluations for endpoint compatibility, flags machines requiring upgrades, and identifies those needing replacement, all from a unified dashboard.
Automation and analytics-driven approaches to endpoint management are increasingly essential. The volume and heterogeneity of devices, combined with hybrid work models and privacy regulations, mean that legacy spreadsheet-driven asset inventories are no longer fit for purpose. Instead, leaders are leaning heavily into cloud-based management platforms that surface actionable insights in real time.
The Untold Challenge: Hardware Readiness and Replacement
Perhaps the trickiest part of the move to Windows 11 is hardware compatibility. Microsoft’s stringent requirements—including mandates for TPM 2.0, Secure Boot, and more modern processor architecture—exclude a sizable fraction of in-use enterprise endpoints. ControlUp’s research makes this concrete: 19% of healthcare devices require replacement to support Windows 11. This issue is compounded by persistent supply chain kinks and shifting device lifecycle policies since the global disruptions of the early 2020s.In finance, while only 3% of devices must be replaced, the risk of unpatched hardware running obsolete operating systems could pose an outsized security liability—especially as threat actors increasingly target the financial sector’s digital infrastructure.
The only viable path for organizations with obsolete hardware is to phase out or replace noncompliant endpoints—a process that comes with budget, staffing, and training consequences. As one IT manager in a European healthcare network put it, “We can’t deploy Windows 11 to radiology workstations built a decade ago. But replacing those devices isn’t just a cost—it’s about managing sensitive data, specialized peripherals, and clinical uptime.”
Windows 11 Upgrade Readiness: Tools and Market Solutions
In response to this singular challenge, the market for endpoint management tools has expanded rapidly. ControlUp positions its own solution, the Windows 11 Readiness Assessment tool, as a remedy—enabling IT teams to instantly audit endpoint compatibility and build tailored upgrade roadmaps. This tool is integrated into ControlUp for Desktops, a platform designed for end-to-end Digital Employee Experience (DEX) management across both physical and cloud-based endpoints.The broader DEX movement is not confined to ControlUp. Vendors such as Microsoft with its Endpoint Manager (Intune), VMware Workspace ONE, and others have developed solutions to inventory, assess, and remediate upgrade-related issues in bulk. These tools go beyond migration, providing a holistic view of endpoint health, performance analytics, and user experience indicators.
Critically, such platforms also help IT teams discover and sunset “shadow IT”—machines, user groups, or applications flying under the radar, which might otherwise fall through the cracks during a large-scale OS upgrade.
Why Migration Matters: Security, Productivity, and Compliance
Windows 11 is not just a cosmetic refresh. Microsoft’s flagship OS offers a raft of new security features, productivity enhancements, and IT management capabilities, including:- Next-gen security: Features such as Windows Hello, hardware-enforced stack protection, and virtualization-based security raise the bar for endpoint resilience.
- Productivity suites: Integration with Microsoft 365, Copilot AI assistant, and improved UI/UX elements can lead to measurable gains in employee efficiency.
- IT simplification: A more consistent, cloud-first approach to endpoint configuration and update management.
Critical Analysis: Strengths, Shortcomings, and Risks
Notable Strengths
The report highlights impressive progress in less than a year: to move from just 18% of devices on Windows 11 to 50% is a testament to concerted enterprise efforts, often requiring cross-departmental coordination and significant outlays for hardware, software, and training. The leading sectors—education and technology—demonstrate that aggressive planning pays off, reaping the benefits of new security and management capabilities before the sunset date.The availability of automation, analytics, and specialized assessment tools also marks a step-change from previous OS upgrades. IT teams now have unprecedented visibility and control, mitigating risks and anticipating issues before they disrupt business operations.
Key Weaknesses and Risks
Nevertheless, several risks stand out:- Pace and resource misalignment: With only four months left and 50% still to migrate, last-minute bottlenecks are likely, especially among larger enterprises. This may strain IT teams and increase the risk of rushed, error-prone upgrades.
- Hardware replacement burden: The requirement to replace significant percentages of endpoints, particularly in healthcare (almost one-fifth), may simply be unattainable for some organizations within the available window. Budgets, procurement cycles, and disposal policies will all be tested.
- Regional consequences: In the Americas, the gap between readiness (87%) and action (43%) is worrisome. Procrastination or execution bottlenecks could see many organizations enter the unpatched “danger zone” after the deadline.
- Potential for fragmentation: Multinationals with uneven upgrade trajectories risk operational fragmentation and increased attack surface, particularly if one geography or business unit falls behind.
Unverified and Emerging Challenges
While ControlUp’s claims are grounded in extensive measurement of managed devices, the precise breakdowns may not reflect the entire enterprise universe, particularly where devices are unmanaged or where organizations run mixed environments not captured in vendor-specific telemetry. Independent studies from sources such as Gartner and IDC indicate broadly similar migration challenges, though their precise numbers sometimes diverge slightly from vendor reports.It is also worth noting that the security improvements in Windows 11, while substantial, are only effective if organizations follow through on endpoint management best practices, including timely patching, user education, and decommissioning of legacy systems. The presence of unsupported endpoints—even in isolation—can undermine otherwise successful migrations.
What Enterprises Should Do Now
With time running out, the best practices emerging from the data are clear:- Run a comprehensive readiness assessment for all endpoints using automated tools. Inventory not just hardware, but mission-critical peripherals and legacy software.
- Prioritize upgrades for high-risk and high-impact devices, such as those in the IT backbone, customer-facing roles, or handling sensitive data.
- Plan staged rollouts, testing in representative environments before full deployment. Avoid “big bang” migrations unless operational disruption can be safely absorbed.
- Communicate proactively with users to set expectations, deliver training, and minimize productivity dips.
- Engage with procurement and finance teams early to expedite hardware replacements—delays in the pipeline can be fatal to timelines.
- Lean on partners and managed service providers as needed—particularly for regions or units lagging on internal resources.
- Prepare contingency plans, such as licensing for Microsoft’s ESU, while recognizing that these are only short-term stopgaps.
Looking Ahead: Post-Migration Realities
Even after the migration deadline, IT teams face ongoing challenges. The shift to Windows 11 is only one waypoint in the broader trend toward Autonomous Endpoint Management (AEM), where analytics, automation, and real-time monitoring help preempt and remediate issues before employees are affected.Leading platforms, such as ControlUp’s DEX suite, Microsoft Endpoint Manager, and others, are rapidly expanding their offerings to include next-level automation, unified management across cloud and on-premises devices, and enhanced support for hybrid and remote work.
As organizations modernize their endpoint strategies, lessons learned from this cycle—about cross-functional communication, resource allocation, and risk management—will be critical as new platforms and operating systems iterate ever faster.
Conclusion
The mass migration to Windows 11 is one of the most consequential IT projects of the decade. The latest ControlUp data paints a picture of remarkable progress paired with ongoing, high-stakes complexity. For the half of enterprises still in the midst of transition, the message is clear: urgent, methodical action is required. Success will be measured not only in endpoint counts, but in the security, productivity, and resilience gains realized in the next wave of digital transformation.Failure, by contrast, may carry costs far beyond the IT department—implicating regulatory compliance, customer trust, and organizational reputation on the world stage. For IT leaders and professionals, there has rarely been a moment demanding more focus, expertise, and resolve.
Source: GlobeNewswire Half of Enterprise Windows Endpoints Have Not Yet Migrated to Windows 11, According to ControlUp Study