7 key benefits of implementing a BYOD policy

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Thu, 19 Feb 2026 06:05:46 GMT https://www.techtarget.com/searchenterprisedesktop editor@techtarget.com <p>BYOD policies are no longer a fringe workforce accommodation. For many organizations, they are a response to cost pressure, hybrid work expectations and employee device preferences. The question for CIOs and CISOs is no longer whether employees will use personal devices for work, but whether the organization will govern that reality strategically.</p> <p>In a zero-trust, SaaS-driven environment, a <a href="https://www.techtarget.com/whatis/definition/BYOD-bring-you">BYOD</a> policy affects more than hardware budgets. It shapes identity controls, data segmentation, endpoint visibility and risk exposure. When designed correctly, BYOD can support cost discipline, workforce flexibility and sustainability goals. When poorly governed, it can expand the attack surface and <a href="https://www.techtarget.com/searchsecurity/tip/How-to-manage-BYOD-security-policies-and-stay-compliant">complicate compliance efforts</a>.</p> <p>The following benefits explain why many organizations formalize BYOD policies -- and where leadership should evaluate the tradeoffs.</p> <section class="section main-article-chapter" data-menu-title="7 benefits of implementing a BYOD policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7 benefits of implementing a BYOD policy</h2> <p>BYOD policies deliver value across cost, workforce flexibility and sustainability -- but only when governance maturity keeps pace with access and data risks.</p> <h3>1.       Lower upfront cost for hardware</h3> <p>The money saved from not purchasing a fleet of endpoints is perhaps the most obvious and easy-to-quantify benefit of a BYOD program. With BYOD in place, the burden of cost is shifted to the end users, but not in a way that drastically affects an end user's bottom line. After all, BYOD users will simply be adding functionality to the devices that they would own anyway.</p> <p>These cost savings are not only upfront but also on the timeline of a refresh cycle. Consider an example organization with an endpoint refresh cycle of three years. The organization will save hundreds of dollars by not purchasing a new device for each user operating a BYOD endpoint. Further, users would likely bring corporate-owned devices in for repairs if damaged, but the user will usually handle a damaged personal device.</p> <p>Some organizations could even consider passing on some of the savings to the end users by offering a BYOD stipend for a portion of the new device's cost if the device is truly critical to the user's day-to-day work.</p> <h4>2.       Increased employee satisfaction</h4> <p>This benefit is more difficult to quantify precisely, but users often report a better overall working experience if they don't need to carry around two smartphones -- or even laptops -- every day. Of course, each user might have a different preference for a device ownership program, but market research points to employees, in the aggregate, being more satisfied when they work using BYOD.</p> <p>Workforce surveys consistently show that employees prefer using familiar devices, particularly in hybrid and remote roles where mobility and convenience influence overall engagement.</p> <h3>3.       Improve user productivity</h3> <p>Organizations that formalize BYOD often report productivity gains, largely because employees work faster on devices and workflows they already know.</p> <p>Familiarity reduces onboarding friction and shortens the time required for employees to become productive on new roles or projects. In distributed teams, eliminating device constraints can also reduce informal workarounds that introduce security gaps.</p> <p>Productivity gains, however, assume mature identity management, conditional access policies and data segmentation to prevent unmanaged data exposure.</p> <p>If a user is familiar with Apple devices, it might be difficult to adapt to using an Android smartphone or a Windows desktop. The same applies to someone familiar with Windows and <a href="https://www.techtarget.com/searchmobilecomputing/definition/Android-OS">Google Android</a> -- corporate-owned Apple devices might present a learning curve. Even if a user is used to Android devices, moving from a Samsung-manufactured device to a Google-manufactured device could prove challenging.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> In a zero-trust, SaaS-driven environment, a BYOD policy affects more than hardware budgets. It shapes identity controls, data segmentation, endpoint visibility and risk exposure. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <h3>4.       A more connected workforce</h3> <p>Users that rely on their personal devices for work tasks are more likely to be able to access work materials at all times than users with a dedicated work device. If users have a dedicated work device, they are more likely to turn it off and put it fully away compared to an endpoint that also functions as a personal device.</p> <p>A BYOD program’s goal is not to trick users into checking their email and absentmindedly returning to work during their time off. However, in the event of timely tasks that need immediate approval or a work-related emergency, it's crucial to reach key employees immediately.</p> <p>In time-sensitive scenarios -- such as incident response, financial approvals or operational disruptions --  consistent device access can improve responsiveness without requiring employees to manage multiple endpoints.</p> <p>These benefits are also present with corporate-owned personally enabled (<a href="https://www.techtarget.com/searchmobilecomputing/definition/COPE-corpora">COPE</a>) endpoints, but only if users adopt those devices as their primary personal devices, which isn't always possible.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mobilecomputing-byod_vs_cyod_vs_cope_vs_cobo-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/mobilecomputing-byod_vs_cyod_vs_cope_vs_cobo-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mobilecomputing-byod_vs_cyod_vs_cope_vs_cobo-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/mobilecomputing-byod_vs_cyod_vs_cope_vs_cobo-f.png 1280w" alt="A chart showing multiple device ownership options for businesses and their differences." height="426" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>5.       Easier for employees to keep track of one device</h3> <p>The notion that one device is easier to keep track of than two is almost too obvious, but it's worth exploring why that is key for organizations. One of the dangers of allowing any smartphone -- personal or corporate-owned -- to access an organization's business data and internal services is the risk of that device falling into the wrong hands.</p> <p>From a governance perspective, formalizing BYOD reduces unmanaged device sprawl. Devices enrolled in mobile device management (MDM) platforms, equipped with remote wipe capabilities and governed through conditional access controls, provide more visibility than ad hoc personal device usage.</p> <p>A stolen or lost device can be catastrophic for an organization. Cybercriminals can gain access to internal data, change passwords to key accounts, view private communications and eventually elevate their privilege to access information beyond the user's permissions.</p> <h4>6.       Limit the reasons to use personal devices improperly</h4> <p>In an ideal world, organizations could prevent BYOD use until they deploy an official policy, but unfortunately, that isn't the reality. Whether for convenience or out of desperation in a time-sensitive situation, users will find workarounds to use personal devices if they truly want to.</p> <p>Many organizations still operate with informal or inconsistently enforced BYOD practices. A clearly communicated policy reduces shadow IT behavior and establishes guardrails for SaaS access, cloud storage usage and AI-enabled tools that may process sensitive corporate data.</p> <p>A well-communicated BYOD policy can mitigate both issues by providing a roadmap for securely handling work materials on a personal device.</p> <p>Formal governance helps prevent data from flowing between unmanaged personal apps and enterprise environments.</p> <h4>7.       Improve sustainability by limiting hardware-related emissions</h4> <p><a href="https://www.techtarget.com/searchcio/feature/3-tips-CIOs-can-use-for-more-sustainable-device-management">Sustainability considerations</a> increasingly influence IT procurement decisions. Because most device-related carbon emissions occur during manufacturing and distribution, reducing enterprise-issued hardware can meaningfully affect Scope 3 supply chain reporting.</p> <p>When calculating the sustainability impact of endpoint policies, practices that reduce device purchases -- or extend device lifecycles -- improve sustainability outcomes.</p> <p>Issuing smartphones to users with a similar endpoint for their personal lives is a practice that significantly increases an organization's overall carbon emissions. As organizations look for ways to quickly reduce their emissions without overhauling their entire day-to-day operations, implementing BYOD programs can provide that value if the user base is on board.</p> </section> <section class="section main-article-chapter" data-menu-title="Potential drawbacks of implementing a BYOD policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Potential drawbacks of implementing a BYOD policy</h2> <p>There are several reasons that organizations might not want to deploy a BYOD policy despite all the benefits that these programs offer. Managing these devices is one of the most common challenges associated with a BYOD policy.</p> <p>Organizations that adopt BYOD successfully typically pair it with zero-trust architecture, identity-based access enforcement, endpoint detection and response (EDR) tooling and containerization features that separate corporate and personal data.</p> <p>With a corporate-owned device, the organization gets to maintain full control of the device's settings and preset the device to block certain apps, functions or actions. However, a personally owned device presents more management challenges. Organizations can try to enact a comprehensive BYOD policy that gives them control over the device, but users might balk at this as an invasion of their privacy.</p> <p>Smartphone manufacturers have been adding BYOD-friendly features that separate a device's work and personal sides. Apple's User Enrollment feature allows organizations to control the aspects of an Apple device <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-enable-User-Enrollment-for-iOS-in-Microsoft-Intune">that are within a managed Apple ID</a> via mobile device management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobhttps:/www.techtarget.com/searchmobilecomputing/definition/mobile-device-managementile-device-management">MDM</a>) while ignoring anything on the device that is associated with a personal Apple ID.</p> <p>Google <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-work-profile-on-Android-devices">offers Android work profiles</a> to keep Android devices under the proper management while respecting user privacy. The organization gets to choose the apps and services to deploy on the work profile, and once the device is registered, the user can switch back and forth between the profiles as needed.</p> <p>Even with these controls, data leakage risks remain if identity governance, logging and monitoring practices are immature.</p> <p>There are also concerns about user preference and corporate culture when implementing BYOD. Some users might prefer a second device they can bring when needed but put away when they're off the clock.</p> </section> <section class="section main-article-chapter" data-menu-title="When BYOD may not be appropriate"> <h2 class="section-title"><i class="icon" data-icon="1"></i>When BYOD may not be appropriate</h2> <p>BYOD policies are not universally beneficial. Highly regulated industries, organizations managing sensitive intellectual property or enterprises with limited identity governance maturity may determine that corporate-owned devices offer stronger control and auditability. Leadership teams should assess regulatory exposure, incident response readiness and support capacity before expanding BYOD programs.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/g4TMM7FrmzI?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> BYOD can reduce hardware costs and improve workforce flexibility -- but it also expands governance, identity and security responsibilities. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1211896141.jpg https://www.techtarget.com/searchmobilecomputing/feature/Key-benefits-of-enacting-a-BYOD-policy Wed, 18 Feb 2026 15:06:00 GMT 7 key benefits of implementing a BYOD policy <p>Windows 11 desktops might experience problems to the point that IT has little choice but to reinstall Windows. In some of these instances, an ISO file is the best option.</p> <p>Determining how and when to use the ISO repair can be a bit more complicated. As a Windows administrator, you should learn about the benefits of using an ISO file to repair a desktop and how to properly apply the ISO install.</p> <section class="section main-article-chapter" data-menu-title="Why use an ISO file to repair a Windows desktop?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why use an ISO file to repair a Windows desktop?</h2> <p>There are several options for repairing a Windows 11 installation. Enterprise IT departments often resort to automatically reimaging the OS rather than attempting to repair it. Large organizations find this approach to be quicker and more cost-effective than repairing an ailing Windows system. However, if an organization lacks the infrastructure required to push a deployment image to a Windows 11 machine, repairing Windows 11 might be the best option.</p> <p>It's possible to repair a Windows 11 installation without having to resort to using an ISO file. To do so, click on <b>Settings</b> in the local desktop, and then make sure that the <b>System</b> option is selected. Next, click on <b>Recovery</b>, and then click the <b>Reset PC</b> button. From there, you can follow the prompts to <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-perform-a-factory-reset-on-a-Windows-11-desktop">complete the Windows reset process</a>.</p> <p>Although this is often the preferred technique for repairing Windows 11, it does have one major shortcoming. If the problems that are occurring within the Windows 11 OS are happening as a result of hard disk corruption, it's entirely possible that the files used to reset and repair Windows might also be corrupt. The same also holds true if the system was <a href="https://www.techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them">damaged by a malware attack</a>. In these cases, there are no guarantees that the files needed to repair the OS are still functioning.</p> <p>Using an ISO file to repair Windows enables you to fix the problem using known-functional copies of the Windows system files.</p> </section> <section class="section main-article-chapter" data-menu-title="How does an ISO repair install differ from a normal install?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does an ISO repair install differ from a normal install?</h2> <p>An ISO file is essentially just a DVD image file. At one time, it was common practice to install Windows from an installation DVD. However, it's now somewhat rare for PCs to be equipped with DVD drives. An ISO file can take the place of a DVD, thereby negating the need for physical installation media. To use an ISO file to repair Windows 11, the faulty machine must be at least somewhat functional. In extreme cases where the desktop's issues prevent you from completing the repair process, you might be able to <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-Windows-11-Safe-Mode-works-and-when-to-use-it">boot Windows 11 into Safe Mode</a> prior to attempting the repair.</p> <p>Regardless of whether you're installing Windows 11 from a physical DVD or from an ISO file, there's a significant difference between a normal installation and a repair installation. Typically, installing Windows results in a clean installation. Unless you're upgrading a prior version of Windows, the new Windows installation runs a default installation.</p> <p>In contrast, performing a repair installation reinstalls Windows 11 without overwriting anything important in the process. In other words, the Setup program does not format the system's hard disk. Windows 11 Setup also makes a concerted effort to preserve all the files, apps and settings that are present on the system. You should keep in mind that existing files, apps or settings could be what's causing the problem, so a repair install from an ISO file is not guaranteed to fix the problem.</p> </section> <section class="section main-article-chapter" data-menu-title="Using an ISO file to repair Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Using an ISO file to repair Windows 11</h2> <p>The first step of using an ISO file to repair Windows 11 is to <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-create-a-custom-ISO-for-Windows-10">find an ISO file</a> that meets your requirements. Many organizations maintain a collection of ISO files that are readily available for such situations. However, if you do not have an ISO file at your disposal, you can download a Windows 11 ISO file <a target="_blank" href="https://www.microsoft.com/software-download/windows11" rel="noopener">directly</a> from Microsoft. The nice thing about using the Windows 11 download site is that the ISO is based on the current Windows 11 release, meaning there probably aren't many updates that you need to install when you finish repairing Windows.</p> <p>As a best practice, it's a good idea to create a backup before attempting to repair Windows. Even though Windows 11 Setup is designed to preserve files, settings and apps, things can and occasionally do go wrong. It's also possible that the Setup process could end up deactivating your Windows license or other software licenses. As such, you might have to perform various cleanup tasks, such as entering a product key, when you're done.</p> <p>To get started, copy the ISO file to an empty folder on the computer that needs to be repaired. Next, right-click on the ISO file, and select the <b>Mount</b> command from the resulting shortcut menu. This causes the ISO file to be mounted as a virtual DVD drive. Windows assigns a drive letter to the virtual DVD drive, and all of the files contained within the ISO file are accessible through the drive mapping.</p> <p>With the ISO file mounted, double-click on the <b>Setup.exe</b> file. This causes Windows to launch Windows 11 Setup. Click <b>Next</b>, and Setup then performs a quick update check. When this check is completed, a prompt asking you to accept the <a href="https://www.techtarget.com/searchenterprisedesktop/tip/What-do-the-different-licenses-for-Windows-11-come-with">Windows 11 licensing terms</a> should appear. At this point, an additional, more time-consuming update check might occur.</p> <p>It's possible to skip the update check to save time, but this is generally a bad idea. Skipping the update check can lead to a situation in which the ISO file is older than the version of Windows that is installed on the PC. When that happens, the only option is to either restart Setup and download the updates or to perform a clean Windows installation rather than repair the system.</p> <p>At this point, the computer should show a screen confirming the action that Setup is about to take (Figure 1).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_1-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_1-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_1-f.jpg 1280w" alt="The dialog box from Windows 11 Setup indicating that the ISO is ready for installation." data-credit="Brien Posey" height="441" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The Windows 11 Setup utility showing the type of ISO install that the admin has chosen. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Notice that Setup is indicating that it installs Windows 11 Pro and keeps personal files and apps. This means that Setup is going to attempt to repair the Windows OS, but it will also try to preserve all the files, settings and apps that presently exist. If you decide that you don't want to preserve anything and prefer to simply overwrite the old copy of Windows with a clean install, you can click on the <b>Change what to keep</b> link and select the <b>Nothing</b> option from the screen that appears (Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_2-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_2-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_2-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_iso_repair_process_2-f.jpg 1280w" alt="The option to choose what aspects of the Windows 11 system to keep after the ISO install." data-credit="Brien Posey" height="441" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Windows 11 Setup displaying the ISO install type options. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>There's also an option to keep only personal files but not applications or settings. All you have to do is make your selection and click <b>Next</b>, followed by <b>Install</b>. Setup does the rest.</p> <p>Many organizations rely on distributed workforces, diverse hardware fleets and limited on‑site support -- all of which make traditional reimaging workflows harder to execute consistently. Having a reliable, repeatable repair method that preserves user data and minimizes downtime gives admins a useful middle ground between full redeployment and time‑consuming manual troubleshooting. As such, ISO‑based repair installs help IT maintain stability without disrupting productivity.</p> <p><i>Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.</i></p> </section> Wiping and reinstalling with a clean install is the simplest way to fix a broken Windows 11 desktop, but an ISO file repair can help save some of the desktop's settings and files. https://cdn.ttgtmedia.com/rms/onlineimages/pharma_g1358852671.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-to-repair-Windows-11-with-an-ISO-file Tue, 17 Feb 2026 14:00:00 GMT How to repair Windows 11 with an ISO file <p>Various operational and lifecycle scenarios may prompt IT teams to perform a factory reset on Windows 11 desktops or laptops.</p> <p>By definition, a factory reset restores the target PC to the same condition it was in when it first left the factory, removing user data, settings and installed applications. </p> <p>A factory reset is typically used as a last-resort remediation or lifecycle management step to return a device to a known baseline state. An IT administrator can do this quickly in a Windows 11 environment. Typical situations that call for a factory reset include the following:</p> <ul class="default-list"> <li>Prepping a device for reuse, sale or donation.</li> <li>Attempting to restore the PC to operation when less drastic repairs don't work (e.g., in-place upgrade repair installs or various Deployment Image Servicing and Management repairs).</li> <li>Recovering from malware and viruses to restore the PC to a known, good working -- and clean -- state.</li> <li>Providing a fresh start for PCs with persistent software problems or performance issues.</li> </ul> <p>Admins should understand that restoring a PC to factory settings essentially provides a clean slate. It allows them to start over and rebuild a problem PC or pass it outside the organization for resale or reuse.</p> <section class="section main-article-chapter" data-menu-title="Precautions to take before performing a factory reset"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Precautions to take before performing a factory reset</h2> <p>Not every device is immediately suitable for a factory reset, and failing to take proper precautions can result in permanent data loss or recovery complications. First, make an image-based backup, and then make sure you have the tools necessary to restore such a backup. This provides a fallback in case the factory reset fails to complete correctly and leaves the PC in a nonworking state.</p> <p><a href="https://www.techtarget.com/searchenterprisedesktop/tip/Top-Windows-10-backup-and-restore-utilities">Consider backup tools</a> such as Macrium Reflect X or EaseUS Todo Backup. These create bootable rescue media, typically stored on a USB flash or solid-state drive (SSD). If anything goes wrong with the factory reset, you can boot to this media and restore the PC to its pre-reset state using the backup image you made beforehand.</p> <p>Preserving data on the primary drive before initiating a factory reset is essential, particularly in enterprise environments where recovery windows and compliance requirements apply. The most convenient way to do that is via image backup. However, you can also use the built-in OneDrive-based Windows Backup, which is a more time- and labor-intensive process than using an image backup.</p> <p>Everything should turn out well if you can return things to where they were <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-reset-Windows-11-PC-from-BIOS">before you started the factory reset operation</a>. Most image backup tools will force you to save that image to another drive -- which is vital if you need to restore a Windows boot/system drive -- and provide tools to re-image the primary Windows drive from bootable media. Prudence dictates that you save image backups to an external drive, such as a USB-attached SSD or hard disk, to restore the image to a different PC if the source machine quits working entirely.</p> </section> <section class="section main-article-chapter" data-menu-title="Why perform a factory reset?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why perform a factory reset?</h2> <p>A factory reset is usually needed in one of two typical situations. The first is when a PC is decommissioned for sale or transferred to another user. The factory reset removes all changes since the PC left the factory, leaving it in a clean state for sale or handoff. Make sure to apply pending updates to the OS to make the PC current and secure. The reset returns to when it left the factory, which <a href="https://www.techtarget.com/searchenterprisedesktop/tip/3-tools-to-check-Windows-11-update-compatibility">may be one or more feature upgrades behind current production levels</a>.</p> <p>The second scenario is when a PC exhibits persistent performance, stability or behavioral problems that remain unresolved after standard repair techniques. There's little that an <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Use-an-in-place-upgrade-to-repair-Windows-10">in-place upgrade repair install</a> can't fix in Windows 11, but sometimes even that maneuver doesn't restore a PC to regular operation. When that happens, a <a href="https://www.techtarget.com/searchitchannel/definition/clean-install">clean install</a> or a factory reset is a potential next step toward Windows recovery. Thus, the factory reset can take the PC back to its earliest Windows state, possibly fixing whatever the root issue is.</p> </section> <section class="section main-article-chapter" data-menu-title="How to factory reset a Windows 11 PC"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to factory reset a Windows 11 PC</h2> <p>To start the factory reset process in Windows 11, click <b>Start</b> > <b>Settings</b> > <b>System</b> > <b>Recovery</b> (Figure 1). Then, select <b>Reset PC</b>.</p> <p>You can also start the <b>Reset PC</b> operation from the sign-in screen or use a recovery drive or installation media to enter recovery mode during boot-up. Press the shift key while selecting <b>Restart</b> to boot into local recovery mode.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_reset_1_h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_reset_1_h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_reset_1_h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_reset_1_h.jpg 1280w" alt="The 'Recovery' screen in the Windows 11 system settings." data-credit="Ed Tittel"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The option to reset the PC is under 'Recovery' in the 'System' section of settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>From there, the screen will show two options (Figure 2). The option you choose depends on how you plan to use the PC after resetting it. If it's a last-ditch repair operation, it's easiest to select <b>Keep my files</b> (this preserves files from your primary hard drive, especially those for user accounts Documents, Downloads, Music and other default folders). If you're prepping for sale or handoff, choose <b>Remove everything</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_reset_2_h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_reset_2_h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_reset_2_h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_reset_2_h.jpg 1280w" alt="The 'Choose an option' screen in 'Reset this PC' process, showing options to 'Keep my files' or 'Remove everything.'" data-credit="Ed Tittel"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Reset options let you keep personal files or get rid of everything. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>After clicking the desired option, you can choose how to reinstall Windows (Figure 3).</p> <p>Choosing <b>Cloud download</b> will download the Windows install file from Windows servers in the cloud. This option is safest if you think your local installation is corrupt or damaged.</p> <p>Choosing <b>Local reinstall </b>will download the Windows install file from the current Windows files on your PC. This option is faster but not immune to local issues. Unless the local Windows drive is compromised, however, it should work. For best results, choose the <b>Cloud download</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_reset_3_h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_reset_3_h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_reset_3_h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_reset_3_h.jpg 1280w" alt="The screen showing 'Cloud download' and 'Local reinstall' as the options for how you can reinstall Windows." data-credit="Ed Tittel"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. You can download the Windows install image from the cloud or from your Windows drive. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>After choosing either reinstall option, the screen will show <b>Additional settings</b>. To continue the process without changing settings, click <b>Next</b>.</p> <p>If you want to make changes, click <b>Change settings</b>. From there, you can clean the drive completely by toggling <b>Yes</b> under <b>Clean data?</b> or download Windows from the cloud by toggling <b>No</b> under <b>Download Windows? </b>(Figure 4).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_reset_4_h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_reset_4_h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_reset_4_h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_reset_4_h.jpg 1280w" alt="The 'Choose settings' screen, which appears if you select 'Change settings' at the previous step." data-credit="Ed Tittel"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. If you click 'Change settings' in the preceding step, you can revisit options here. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Once you confirm your choices, a final confirmation screen will appear. After you select <b>Reset</b>, the process will begin (Figure 5). This is your final chance to cancel the reset. If you allow this step to proceed and don't click <b>Cancel </b>at any point, you can no longer reverse the reset process. You'll have to let it complete and then restore a backup to return to where you started.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_reset_5_h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_reset_5_h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_reset_5_h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_reset_5_h.jpg 1280w" alt="The 'Preparing to reset' screen, showing how ready the PC is for reset and giving the option to cancel." data-credit="Ed Tittel"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 5. The reset process does some preparation work before it reboots the PC. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Finally, the PC reboots and runs the Windows install that drives the chosen <a target="_blank" href="https://support.microsoft.com/en-us/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5#WindowsVersion=Windows_11" rel="noopener">reset operation</a>.</p> <p>Once the OS is in place, the installer will run through several prompts to complete the installation. These include prompts for country or region, language, keyboard layout and privacy settings. Logging in to a Microsoft account completes the process. Once the out-of-box experience finishes, the Windows 11 desktop will be in the same state as when it left the factory. If you plan to sell or hand off the PC to someone else, it's ready to go. If you plan to return it to its original user, substantial work remains to restore the user's preferences and customizations.</p> <p>For IT teams, a factory reset should be treated as a controlled recovery or transition step rather than a routine troubleshooting action. When executed with proper backups and planning, it can return a system to a stable baseline without introducing unnecessary operational risk.</p> <p><b>Editor's note:</b> <em>This article was updated to improve the reader experience.</em></p> <p><em>Ed Tittel is a 30-plus year IT veteran who has worked as a developer, networking consultant, technical trainer and writer.</em></p> </section> A factory reset may be needed for Windows 11 devices with ongoing performance issues or when reassigned, helping IT reduce data loss and recovery risks. https://cdn.ttgtmedia.com/rms/onlineimages/wfh_a299201055.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-to-perform-a-factory-reset-on-a-Windows-11-desktop Tue, 10 Feb 2026 12:56:00 GMT How to perform a factory reset on a Windows 11 desktop <p>Windows 11 is now the standard desktop OS for new enterprise devices, but not every existing PC is eligible to upgrade. Hardware requirements introduced with Windows 11 continue to exclude many older systems, making compatibility checks essential before deployment.</p> <p>Although Windows 11 shares many architectural similarities with Windows 10, its stricter hardware requirements continue to block upgrades on older systems. Microsoft continues to recommend against upgrading unsupported hardware to Windows 11, noting that such systems may not receive feature or <a href="https://www.techtarget.com/searchsecurity/tip/5-enterprise-patch-management-best-practices">security updates</a> reliably.</p> <section class="section main-article-chapter" data-menu-title="Key Windows 11 hardware requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key Windows 11 hardware requirements</h2> <p>All the details concerning Windows 11 specifications and requirements are <a href="https://www.microsoft.com/en-us/windows/windows-11-specifications?r=1" target="_blank" rel="noopener">available from Microsoft</a>. A select few are likely to pose compatibility issues for older PCs. Older PCs must support the following features or capabilities:</p> <ul class="default-list"> <li><strong>System firmware.</strong> Requires Unified Extensible Firmware Interface and must be Secure Boot capable.</li> <li><strong>Trusted Platform Module.</strong> Must run TPM version 2.0 or better. <ul class="default-list"> <li>This does not require discrete TPM circuitry. Newer Intel, AMD and Azure Resource Manager (ARM)/Qualcomm CPUs support TPM 2.0 via firmware emulation.</li> </ul> </li> <li><strong>CPU requirements. </strong> <ul class="default-list"> <li><strong></strong> <strong>Intel.</strong> Must be eighth-generation CPU or newer, with minor seventh-generation exceptions for certain Microsoft Surface PCs.</li> <li><strong></strong> <strong>AMD.</strong> Must be Epyc 72xx or better, or Ryzen 2300X CPU or better -- including most Ryzen 3 and 5 models.</li> <li><strong>ARM/Qualcomm.</strong> Must be Snapdragon 7c or 8xx, or MS SQ1 or SQ2 model.</li> </ul> </li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Tools to assess Windows 11 update readiness"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tools to assess Windows 11 update readiness</h2> <p>Microsoft continues to offer the PC Health Check app, available through the Microsoft Store, that works on individual PCs, one at a time. To find the app, type "PC Health Check" into the <strong>Start Menu</strong> search box (Figure 1).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_1.jpg 1280w" alt="The PC Health Check app in the Start Menu." data-credit="Ed Tittel" height="344" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Simply type 'PC Health Check' in the Windows 10 Start Menu to launch the app. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If the version of PC Health Check on a target PC is outdated, Microsoft will update the app before it runs. When the PC Health Check app opens, click <strong>Check now</strong> to run the Windows 11 system requirements assessment (Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_2.jpg 1280w" alt="The opening screen for the PC Health Check app." data-credit="Ed Tittel" height="120" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Click 'Check now' to launch the compatibility assessment. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Click <strong>See all results</strong> in the resulting pop-up to get to the PC Health Check window and find out whether the target PC meets Windows 11 requirements (Figure 3).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_3.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_3_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_3_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_3.jpg 1280w" alt="The screen showing the results of the PC Health Check." data-credit="Ed Tittel" height="235" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The Surface Pro 3 PC in this example, purchased in 2014, fails because it's running a fourth-generation Intel CPU (i7-4650U). </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>IT organizations might use third-party Windows 11 compatibility assessment tools on corporate PCs because the PC Health Check doesn't work with policy-based PC management. On such PCs, the native Microsoft tool's check produces only an error result (Figure 4).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_4.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_4_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_4_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_4.jpg 1280w" alt="The notification that PC Health Check results are not available on a PC because it is centrally managed." data-credit="Ed Tittel" height="256" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Centrally managed PCs don't work well with the PC Health Check. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>For PCs that can't properly run the PC Health Check tool, there are a few third-party tools that IT admins can try. <a href="https://github.com/rcmaehl/WhyNotWin11" target="_blank" rel="noopener">WhyNotWin11</a> is a project available on GitHub that runs as a standalone Windows application. It reports on a series of checks that it runs on target PCs, such as CPU compatibility and storage availability. The application lists the requirements for Windows 11 and identifies which ones the target PC does and does not meet (Figure 5).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_5.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_5_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_5_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_5.jpg 1280w" alt="The screen showing results in WhyNotWin11." data-credit="Ed Tittel" height="420" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>WhyNotWin11 shows an incompatible CPU and a missing TPM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The <a href="https://github.com/jbcarreon123/Win11CompChk" target="_blank" rel="noopener">Windows 11 Compatibility Check</a> is another project available on GitHub that takes the form of a <a href="https://www.techtarget.com/searchwindowsserver/definition/batch-file">batch file</a> and runs inside an administrative command prompt or PowerShell window on target PCs. It also works on centrally managed PCs to produce a list of which Windows 11 requirements a target PC does and does not meet (Figure 6). To perform the check, start CMD.exe at the directory where Win11CompChk.bat resides and run the file, or do likewise in a PowerShell session.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_upgrade_6.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_upgrade_6_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_upgrade_6_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_upgrade_6.jpg 1280w" alt="The screen showing results in WhyNotWin11." data-credit="Ed Tittel" height="522" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The Win11CompChk.bat file provides a little more detail about what's missing. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Automating compatibility checks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Automating compatibility checks</h2> <p>Both WhyNotWin11 and Windows 11 Compatibility Check can run remotely via PowerShell scripts or batch files. They each support an export facility to save results and send them to a central collection point. IT administrators must embed those scripts with data to identify the PCs that the results address -- machine name or some other unique identifier such as asset ID or vendor ID -- so they can distinguish one computer from another after the compatibility data's collection. The results from these tools help IT teams identify which portions of their PC fleet remain eligible for Windows 11 and which devices require replacement. With <a href="https://www.techtarget.com/searchenterprisedesktop/feature/End-user-computing-trends-to-watch">Windows 10 now out of support</a>, compatibility data plays a critical role in identifying upgrade-eligible devices and prioritizing hardware refresh decisions.</p> <p>Windows 11 compatibility checks are less about whether to upgrade and more about understanding the current state of the device fleet. Results from these tools help inform replacement priorities, risk exposure and near-term endpoint decisions.</p> <p><em>Ed Tittel is a 30-plus-year IT veteran who has worked as a developer, networking consultant, technical trainer and writer.</em></p> </section> Before upgrading to Windows 11, IT should verify device compatibility. Tools like PC Health Check and third-party utilities identify hardware readiness. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1199243271.jpg https://www.techtarget.com/searchenterprisedesktop/tip/3-tools-to-check-Windows-11-update-compatibility Tue, 10 Feb 2026 00:00:00 GMT 3 tools to check Windows 11 update compatibility <p>For most enterprises, Linux hasn't been part of serious desktop planning conversations for years. That's starting to change -- not because Linux suddenly became fashionable again, but because Windows 10 is going away, and the replacement comes with strings attached.</p> <p>Browser-based <a href="https://www.techtarget.com/searchcloudcomputing/feature/Top-SaaS-Examples-and-Applications-for-Businesses">SaaS applications</a> flattened a lot of day-to-day differences between desktops. Email looks the same. Collaboration tools behave the same. For many users, that was enough to stop caring about which OS sat underneath.</p> <p>That assumption holds -- to a point.</p> <p>The renewed interest in Linux desktops shows where its limits begin to appear.</p> <p>A recent article outlines <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Why-2026-might-bring-more-Linux-desktops-to-the-enterprise">why Linux is becoming credible again</a> as an enterprise workstation option. The timing matters. With Windows 10 retiring and Windows 11 introducing new hardware requirements and upgrade costs, many organizations are reassessing whether another forced refresh actually delivers value.</p> <p>The appeal of Linux isn't that it makes the OS irrelevant; it's that OS decisions have become consequential again.</p> <section class="section main-article-chapter" data-menu-title="Linux as an escape hatch, not a fashion statement"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Linux as an escape hatch, not a fashion statement</h2> <p>For most enterprises, renewed interest in Linux desktops has very little to do with enthusiasm for Linux itself. It starts with Windows 10 going away -- and with what comes next.</p> <p>Windows 11 brings tighter hardware requirements, shorter upgrade windows and fewer places to pause. For organizations that would rather not replace functioning devices on someone else's timetable, Linux becomes a way to slow the clock.</p> <p>That change shows up first in control, not cost. Linux makes it easier to see what the OS is doing, what data it collects and how much flexibility remains around device lifespans. Hardware requirements are less prescriptive. Upgrade paths are easier to defer or sequence. Teams regain some discretion over when desktops change and why.</p> <p>Sustainability considerations tend to follow. Extending desktop lifecycles is simpler when refresh decisions are not tied to a single OS roadmap. Energy efficiency improves incrementally rather than through forced replacement cycles. For organizations with <a href="https://www.techtarget.com/sustainability/feature/ESG-strategy-and-management-Complete-guide-for-businesses">environmental, social and governance goals</a>, Linux doesn't solve the problem -- but it removes one of the pressures that makes it harder.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The appeal of Linux isn't that it makes the OS irrelevant; it's that OS decisions have become consequential again. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="Where SaaS actually fits"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Where SaaS actually fits</h2> <p><a href="https://www.techtarget.com/searchvirtualdesktop/feature/Comparing-DaaS-vs-SaaS-and-how-they-work?Offer=ab_MeteredFormCopyEoc_ctrl">SaaS is different from desktop-as-a-service</a> because it is application-specific rather than desktop-specific. Most SaaS tools are delivered through the browser, which makes the OS far less important for day-to-day application use.</p> <p>That shift is what changes the Linux equation.</p> <p>Reduced hardware requirements make Linux more approachable for nontechnical users than it once was. SaaS addresses historic barriers -- application availability, deployment complexity, updates and compatibility -- through simplification rather than platform loyalty.</p> <p>Linux still makes some organizations uncomfortable -- not because of a single, stated objection, but because of accumulated habits that support models built around Windows, procurement assumptions and years of muscle memory. What's different now is that SaaS removes enough friction that those habits matter less. Cost pressure, simpler deployment and browser-first workflows do the work quietly, without anyone needing to champion Linux explicitly.</p> <div class="extra-info"> <div class="extra-info-inner"> <p></p> <h3 class="splash-heading">What CIOs often assume about enterprise Linux desktops</h3> <p>When Linux enters desktop planning discussions, it rarely arrives as a formal proposal. More often, it shows up at the edges -- as a question about refresh timing, device lifespans or whether another Windows upgrade is actually necessary.</p> <p>Years of SaaS adoption shape those conversations. When most work happens in the browser, the desktop OS starts to feel less important. As long as applications behave the same, differences in look and feel seem tolerable.</p> <p>Licensing usually fades even further into the background. It is treated as something to sort out later, once the architecture is already in place.</p> <p>Linux unsettles that sequence -- not by fading into the background, but by reintroducing the OS as something organizations can influence directly. The question stops being how to work around the OS -- and starts being who controls it, and for how long.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="What this means for CIOs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What this means for CIOs</h2> <p>Linux desktops are not becoming viable because enterprises suddenly love Linux. They are becoming viable because SaaS softened application dependence at the same time Windows 11 hardened OS consequences.</p> <p>Linux isn't winning because enterprises fell in love with it. It's showing up again because the alternatives became more expensive, more restrictive and harder to justify. In that context, Linux doesn't have to be perfect; it just has to be workable.</p> <p><i>James Alan Miller is a veteran technology editor and writer who leads Informa TechTarget's Enterprise Software group. He oversees coverage of ERP & Supply Chain, HR Software, Customer Experience, Communications & Collaboration and End-User Computing topics.</i></p> </section> As Windows 10 retires and SaaS reduces OS dependence, Linux desktops are re-emerging as a viable enterprise option driven by cost, control, privacy and hardware flexibility. https://cdn.ttgtmedia.com/rms/onlineimages/clock-time12.jpg https://www.techtarget.com/searchenterprisedesktop/feature/When-SaaS-softens-the-OS-but-doesnt-erase-it Fri, 06 Feb 2026 14:25:00 GMT When SaaS softens the OS -- but doesn't erase it <p>Windows 11 desktops can get stuck in a reboot loop that makes it impossible for users to work, and sometimes it's unclear why the problem occurs or how to fix it.</p> <p>This can hinder productivity to the point that affected users must find another machine to work on until IT can solve the problem. Consequences can include unplanned downtime, increased help desk volume, <a href="https://www.techtarget.com/searchdatabackup/tip/How-to-prevent-data-loss-Strategies-for-better-data-protection">loss of unsaved work</a> and elevated security risk when users switch devices.</p> <p>In managed environments, reboot loops often emerge after updates, configuration changes or hardware stress, but the underlying cause isn't always obvious. As an IT administrator, you might have to coordinate multiple strategies to properly address restart issues.</p> <p>The best approach is to determine which category of issue -- software, hardware or system configuration -- is most likely responsible based on how and when the restarts occur. By prioritizing the right troubleshooting steps, IT can restore access quickly and avoid unnecessary disruption.</p> <section class="section main-article-chapter" data-menu-title="What can cause Windows 11 to keep restarting?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What can cause Windows 11 to keep restarting?</h2> <p>It can be difficult to track down the root causes of a reboot issue, especially if the problem occurs on some managed computers and not others. You should consider a wide range of possibilities during the troubleshooting process, including the following:</p> <ul type="disc" class="default-list"> <li><b>Improper Group Policy settings.</b> If admins have misconfigured Group Policies or failed to properly update them, a system might experience reboot issues.</li> <li><b>Inappropriate system settings.</b> A few system configuration settings can cause a Windows 11 computer to keep restarting. For example, reboot problems can occur if users are overly aggressive with the power management settings or disable the Secure Boot function. Automatic restarts and fast startups, which are enabled by default, can also contribute to reboot issues.</li> <li><b>System instability.</b> Problems at the system level, such as missing or corrupt OS files, can cause restart loops. Third-party apps can sometimes lead to reboot issues as well, especially if users installed or updated them recently. Even a Windows update can cause restart problems, as can <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Windows-11-upgrade-issues-that-desktop-admins-should-know">upgrading from Windows 10 to Windows 11</a>.</li> <li><b>Malfunctioning hardware.</b> Hardware drivers and peripheral devices can create restart issues. Potential causes include failing storage devices -- especially if they affect OS or application files -- and hardware overheating, which often worsens with high-intensity workloads.</li> <li><b>Malware infection.</b> A malware infection can cause a computer to keep restarting. A reboot problem can even be one of the only <a href="https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them">signs that malware has infected a computer</a>.</li> </ul> <p>There can be other sources for the issue as well, but these common causes give admins a few places to start when dealing with persistent rebooting. The causes are not necessarily mutually exclusive, however. Multiple factors can contribute to a Windows 11 reboot loop. This makes early symptom patterns especially useful when deciding where to focus troubleshooting first.</p> </section> <section class="section main-article-chapter" data-menu-title="What to do if Windows 11 keeps restarting"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What to do if Windows 11 keeps restarting</h2> <p>Because there are so many reasons why Windows 11 might keep restarting, there are also many steps admins can take to resolve reboot issues. You should look at three broad areas to identify the source of the problem: software environment, hardware environment and system settings. By assessing the desktop through these three categories, IT can determine what the best way to solve the issue is -- whether that's pausing updates, replacing the local drive or changing Group Policy settings, for example.</p> <p>Whether trying to address reboot issues directly or working with a user remotely, you should understand how to use Safe Mode to access the Windows system. If the restart issue prevents the user from booting normally into the computer, most troubleshooting steps will require the use of Safe Mode, which is a diagnostic and troubleshooting operating environment. It runs a pared-down version of the OS to help isolate and identify system issues.</p> <p>You can use Safe Mode to carry out several tasks, such as updating drivers, removing hardware components, uninstalling new apps or scanning for malware -- in other words, addressing some of the possible causes of a Windows 11 reboot loop.</p> <h3>Assess the software environment</h3> <p>When restart loops begin immediately after updates, app installs or OS upgrades, a problem with the software environment is the most likely culprit.</p> <p>There is no single approach to take with software-related issues, and it will likely come down to some trial and error to discover the underlying cause. In some situations, though, the problem might be readily apparent. For example, it might have started right after applying a Windows update or installing a new app.</p> <p>If the cause isn't clear, a good place to start is with Windows Update. Even if you centrally control updates on managed desktops, you might need to assess an individual computer to determine whether a specific update has been properly installed. If you access the managed computer directly, you can check for updates or view the update history through the <b>Windows Update</b> feature in <b>Settings</b> (Figure 1).</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_restart_1.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_restart_1_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_restart_1_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_restart_1.png 1280w" alt="The 'Windows Update' screen in the Windows 11 system settings." data-credit="Robert Sheldon" height="242" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The desktop's update history is available under 'Windows Update' in settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Here, you can see if an update failed. If it did, check whether any temporary files have been left behind in the software distribution folder. You might need to delete the files before trying to run the update again.</p> <p>In some cases, a successful update still appears to be the root of the reboot problem. If this occurred, you can uninstall the update through the <b>Update history</b> utility. If the computer then boots up normally, this at least helps get the computer operational and gives you more time to figure out why the update might be causing problems.</p> <p>You can also consider placing controls on when your organization's managed Windows 11 computers should restart after an update. For this, you can use Group Policy settings or an MDM tool to set restart policies that will take effect after an update.</p> <p>Temporarily deferring updates can also help resolve startup issues. Under Windows Update, users have the option to pause updates for <a target="_blank" href="https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe#WindowsVersion=Windows_11" rel="noopener">up to three weeks</a>.</p> <p>Another option for addressing reboot issues is to restore the computer to a specific point in time. This is only possible if Windows has automatically created restore points on the system or if IT has done so manually. When working on an individual computer, you can use the System Restore utility to revert the system to a specific restore point.</p> <p>If you suspect that a recently installed application might be causing the reboot problem, uninstalling the app and rebooting the computer might address the issue. If working directly on the computer, you can use the <b>Apps & features</b> screen to uninstall the suspected application (Figure 2).</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_restart_2.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_restart_2_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_restart_2_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_restart_2.png 1280w" alt="The 'Apps & features' screen, with the option to uninstall an app highlighted." data-credit="Robert Sheldon" height="223" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Under 'Apps & features,' you can view and uninstall applications. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Consider using the Deployment Image Servicing and Management (DISM) tool and the System File Checker (SFC) to scan the Windows 11 computer as well. The DISM scan should run before the SFC scan. Together, these tools enable IT to identify and replace missing or corrupted Windows 11 system files. However, it's important to fully understand how these tools work before running either type of scan. DISM requires a healthy component store or a valid repair source, and on managed networks, it can fail without proper update access.</p> <p>You should also scan the computer for malware infections, which can lead to reboot issues and result in even more serious consequences. The approach IT teams take here will depend on how they've <a href="https://www.techtarget.com/searchsecurity/tip/5-ways-to-achieve-a-risk-based-security-strategy">implemented security protection</a> on their networks and desktops.</p> <p>Another software-related option for addressing reboot issues is to reset Windows, which returns the OS to its original factory settings. To do this, navigate to Start > Settings > System > Recovery. After selecting<b> Reset this PC</b>, you can choose whether or not to retain personal files (Figure 3). In either case, you should back up the files before resetting Windows.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_restart_3.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_restart_3_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_restart_3_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_restart_3.png 1280w" alt="The 'Choose an option' screen in the factory reset process, showing options to 'Keep my files' or 'Remove everything.'" data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. When performing a factory rest, you can choose to keep personal files or remove everything. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>You should not reset Windows until you've tried all other options, including those related to hardware and system settings. If resetting Windows doesn't work, you might need to reinstall the OS, effectively starting from scratch.</p> <h3>Assess the hardware environment</h3> <p>Hardware-related reboot loops often appear under sustained workloads, during charging or when connected to external devices such as docks or GPUs.</p> <p>For example, a hardware driver can cause reboot issues if it's corrupted or outdated. An administrator working directly on a Windows 11 PC can use the Device Manager to update drivers or remove a device that might be causing issues.</p> <p>In addition to the drivers, you should test other aspects of the hardware. For example, a peripheral device might be causing the reboot problem. For this reason, it's a good idea to unplug external devices when troubleshooting a system. You should also monitor hardware components -- particularly CPUs and graphics cards -- for <a href="https://www.techtarget.com/searchstorage/post/Understand-SSD-overheating-and-what-to-do-about-it">signs of overheating</a>. Overheating can cause a system to continually restart, attempting to avoid any damage to the hardware.</p> <p>You should also run diagnostics against the power supply to ensure that it's delivering sufficient voltage to the computer and operating within recommended parameters. Additionally, make sure that there are no problems with the local drive that might be causing random restarts. To do this, you can <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-scan-and-repair-disks-with-Windows-10-Check-Disk">use the Check Disk (CHKDSK) utility</a> to check the file system and the volume's metadata for logical and physical errors.</p> <p>The CHKDSK utility locates bad sectors and physical disk errors and attempts to recover readable information, which might include data that the OS is trying to access. In some cases, running a scan to check for errors can resolve reboot issues. However, if bad sectors are behind the problem, it might be time to replace the drive.</p> <h3>Assess the system settings</h3> <p>Configuration-related causes are common on managed systems and are often worth checking early, especially when restarts occur without clear software or hardware triggers.</p> <p>For example, misconfigured Group Policies can cause reboot issues. So can policies that are not properly updated, which can occur when updating Windows or migrating from Windows 10 to Windows 11. IT must properly configure and update Group Policies on managed computers as necessary.</p> <p>A Windows 11 computer can also run into reboot issues if Secure Boot has been disabled for any reason. You can verify whether Secure Boot is enabled through the system summary available in the <b>System Information</b> app (Figure 4). The <b>Secure Boot State</b> feature should be set to <b>On</b>. If it's not, you'll need to update the Unified Extensible Firmware Interface settings.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_restart_4.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_restart_4_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_restart_4_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_restart_4.png 1280w" alt="The 'System Information' screen, with the 'Secure Boot State' option and its status highlighted." data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. Under 'System Information,' you can enable the 'Secure Boot State' feature. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Another troubleshooting option is to disable the automatic restart feature on the <b>Startup and Recovery</b> screen (Figure 5). The <b>Automatically restart</b> option is enabled by default, so restart issues might occur no matter what the underlying problem is, making it difficult to diagnose. If you disable this feature, the computer might instead display an error message or perform some other behavior that can help isolate the problem.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_restart_5.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_restart_5_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_restart_5_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_restart_5.png 1280w" alt="The 'Startup and Recovery' screen, showing different options to check off for 'System startup' and 'System failure.' " data-credit="Robert Sheldon" height="368" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 5. You can disable the 'Automatically restart' option under 'Startup and Recovery.' </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>You can also disable fast startup, which enables Windows to boot up more quickly after the computer shuts down. This feature sometimes causes issues, including repeated bootups. By disabling it, you can at least determine whether this might be part of the problem.</p> <p>Additionally, check whether users have configured <a href="https://www.techtarget.com/whatis/definition/clock-speed">overclocking</a> on any of the hardware. If so, you should disable it. On laptop computers, you should review the power management settings, particularly as they pertain to the battery. In some cases, such as when performing resource-intensive operations, the power options might be causing the reboot issue.</p> <p>When reviewing the configuration settings, make one change at a time and check whether it alters the restart behavior. If it doesn't, revert the setting and move on. This strategy helps isolate the cause while minimizing unintended effects on managed systems.</p> <p>More often than not, restart loops in Windows 11 don't just have one obvious cause. A targeted, symptom-driven approach to troubleshooting can reduce downtime and limit unnecessary escalation.</p> <p><b>Editor's note:</b><i> This article was updated in February 2026 to reflect technology changes and to improve the reader experience.</i></p> <p><i>Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.</i></p> </section> When a Windows 11 desktop keeps restarting, there are a few factors that might be behind the issue. IT administrators should understand all the possible causes and how to solve them. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1199243271.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-to-fix-Windows-11-when-it-keeps-restarting Thu, 05 Feb 2026 17:00:00 GMT How to fix Windows 11 when it keeps restarting <p>Outdated IT systems are one of the biggest sources of cybersecurity risk for modern organizations. These assets often contain security weaknesses that make businesses susceptible to a wide range of attacks. Many attacks involve the exploitation of unpatched vulnerabilities.</p> <p>To minimize the risk of security incidents, IT teams must ensure that the software running on their managed infrastructure receives security patches and updates promptly and regularly. Patching is critical to minimize app disruptions and ensure business continuity. Additionally, patching helps ensure consistency and compatibility of systems across the environment, strengthen data governance and align IT ops with regulatory requirements.</p> <p>That said, manual patch management can be a challenging endeavor. It's labor-intensive and time-consuming. It also increases the potential for errors, thus leading to system breakdowns and operational interruptions. These errors might also introduce new vulnerabilities into the organization's IT ecosystem. IT teams can mitigate these challenges by using tools that fully automate the <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Use-this-10-step-patch-management-process-to-ensure-success">patch management process</a> without adding undue complexity to their endpoint and network management responsibilities.</p> <p>There are many patch management products on the market today, so finding the right one can be difficult. Here are 12 patch management products chosen partly because of their popularity and because they represent diverse approaches to endpoint management. Comparing the different approaches can help organizations identify which ones align best with their unique structures and workflows. The descriptions are based on vendor documentation. This list is not a ranking; companies appear in alphabetical order.</p> <section class="section main-article-chapter" data-menu-title="1. Absolute Security Cyber Resilience Platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Absolute Security Cyber Resilience Platform</h2> <p>Absolute Security Cyber Resilience is an endpoint management and security platform that combines IT administration, security vulnerability scanning and patch management into a single cloud-based system. Formerly known as Syxsense, the platform was <a target="_blank" href="https://www.channelfutures.com/mergers-acquisitions/absolute-security-gets-additional-capabilities-with-syxsense-purchase" rel="noopener">acquired</a> by Absolute Security in 2024. Cyber Resilience can patch Windows, macOS and Linux systems, whether on-premises, connected remotely or in the cloud. It supports both physical and virtual environments. It can also patch third-party software such as Java, Google Chrome or Adobe products -- all from a single console.</p> <p>With the Cyber Resilience patch management software, IT can scan and prioritize patching based on exposed security risks. Admins have full access to information about device health, enabling them to quickly address potential gaps. They can also access information about which patches have been released and their severity, then determine which devices are vulnerable and need updating. Cyber Resilience patch deployments are fully automated. However, admins can choose which patches to deploy, when to deploy them and which devices to patch.</p> <p>Cyber Resilience records all patching activity for reviewing and auditing purposes. The platform also provides extensive reporting capabilities that range from high-level overviews to detailed reports that can be filtered and customized. For example, admins can generate reports about the security health of their third-party apps or virtualized server farms. Potential customers should contact Absolute directly for details about its subscription plans and how the products are licensed.</p> <p><i>Suitable for: </i>Organizations looking for a unified endpoint security platform that can automatically identify and address risks and vulnerabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Atera"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Atera</h2> <p>Atera is a cloud-based remote monitoring and management (<a href="https://www.techtarget.com/searchitchannel/definition/RMM-software-remote-monitoring-and-management-software">RMM</a>) platform that comes in separate versions for IT departments and MSPs. The platform provides services such as IT automation, custom scripting, network discovery, ticketing, reporting, real-time alerts and patch management. Administrators can automatically identify and deploy patches on macOS and Windows servers and workstations from a centralized interface. They can also reboot remote systems if necessary.</p> <p>Atera can patch OSes, apps and hardware drivers. It supports common third-party software such as Chrome, Zoom, Java, Dropbox, Microsoft Office and Adobe products. IT can create automation profiles for installing or updating patches at scale, while excluding specific patches when necessary. A single profile can also include other tasks along with patching, such as installing a software bundle, upgrading a Windows version or managing storage disks.</p> <p>The Atera platform offers several comprehensive reports specific to patching. For example, IT can generate a report based on Microsoft knowledge bases and then install missing patches with a single click directly from that report. Admins can also view details about patch statuses and logged actions.</p> <p>Atera offers four subscription plans for the IT department version -- Professional, Expert, Master and Enterprise -- the first three of which are available as either monthly or annual subscriptions. The Enterprise plan requires a discussion with Atera's sales department. All four plans support patch management.</p> <p><i>Suitable for:</i> SMBs and MSPs looking to automatically apply Windows, macOS, other OS and other software patches on an unlimited number of end-user devices.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Automox"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Automox</h2> <p>Automox is a cloud-native systems management platform that automates patching, compliance and configuration of local, remote and cloud-hosted endpoints. The platform supports Windows, macOS and Linux systems and provides a single console for managing OS and third-party app patching and updates. In addition, Automox can automatically inventory hardware and software, offering full visibility into both authorized and unauthorized apps installed on managed devices.</p> <p>The platform can identify missing patches in the three OSes and a wide range of applications. It provides native support for products such as Adobe Acrobat Reader, Citrix Workspace, Dropbox, Inkscape, Office 365, Notepad++, Slack and more. Admins can view pending patches and then approve or reject them. They can also access details about individual patches.</p> <p>Automox enables admins to create custom scripts that provide granular control over configuration and patch management processes. IT can schedule patching for specific times or configure it to occur automatically every time a device connects to the internet. Automox also includes notification and reporting capabilities, which IT can set up according to its organization's specific requirements.</p> <p>Automox is available in three subscription plans: Patch, for patch management; Essentials, which adds IT automation for endpoint device configurations; and Enterprise, which augments the Essentials package with multi-organization management, plug-and-play automation scripts and other advanced features.</p> <p><i>Suitable for: </i>Distributed organizations looking to securely patch and manage their Windows, macOS and Linux devices on hundreds of software titles from a single pane of glass.</p> </section> <section class="section main-article-chapter" data-menu-title="4. GFI LanGuard"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. GFI LanGuard</h2> <p>GFI LanGuard is endpoint protection software that enables admins to <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Patch-management-vs-vulnerability-management-Key-differences">assess vulnerabilities</a> and patch software on local and remote desktops, servers and VMs. Admins can also scan their networks for missing patches and other vulnerabilities. LanGuard supports Windows, macOS and Linux devices, as well as third-party apps from over 50 vendors, including Adobe, Apple, Google, Microsoft, Mozilla and Oracle.</p> <p>Admins can set up LanGuard to scan their networks automatically or perform scans on demand. Other IT capabilities include the following:</p> <ul class="default-list"> <li>Deploy patches from the central interface or deploy agents to individual machines that carry out the patching operations, thereby distributing the processing load.</li> <li>Control which patches to install.</li> <li>Automatically download missing patches.</li> <li>Roll back patch updates if problems occur.</li> </ul> <p>LanGuard also provides a web-based reporting interface that lets admins export reports to formats such as PDF, RTF or CSV. They can also schedule reports to be automatically sent by email. For large networks, IT can deploy multiple LanGuard instances and generate aggregated reports based on data from those instances.</p> <p>GFI licenses LanGuard on an annual, per-node basis, with pricing dependent on the number of nodes and whether the product is purchased with other GFI products. The per-node price drops substantially at the 50- and 250-node thresholds.</p> <p><i>Suitable for</i>: SMBs with on-premises or hybrid infrastructure looking for a user-friendly patch management and network auditing tool that provides deep visibility into the entire IT network and its vulnerabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="5. ITarian"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. ITarian</h2> <p>ITarian is a cloud-based IT management platform for MSPs. It offers four primary services: RMM, IT service management, service desk and patch management. Admins can also use it for IT automation and scripting, remote access and control, and asset and inventory management. The patch management feature supports both the Windows and Linux OSes, as well as over 400 third-party apps. IT can scan devices for missing patches and automate each stage of the patch management process, including patch downloads.</p> <p>ITarian makes it possible to identify which endpoints contain vulnerabilities, tag those endpoints and create policies for automatically deploying patches at scheduled times to specific endpoint groups. Admins have the following capabilities:</p> <ul class="default-list"> <li>Create custom tags to organize endpoints according to business requirements.</li> <li>Deploy patches based on severity, vendor or type.</li> <li>Schedule deployments by time, group, computer or other criteria.</li> <li><a href="https://www.techtarget.com/searchsecurity/answer/Testing-a-security-patch">Test patches</a> before approving them for deployment.</li> </ul> <p>ITarian provides in-depth reports on the hardware, software and patch update history of managed devices. The central interface offers a single-pane view of endpoint statistics and patch statuses and identifies which endpoints contain vulnerabilities so they can be quickly patched. ITarian tracks and manages patches on endpoint systems in real time and provides reports about applied or missing patches, as well as failed deployments.</p> <p>Organizations can use ITarian for up to 50 endpoints for free. After that, subscription fees are on a per-device basis.</p> <p><i>Suitable for: </i>SMBs and MSPs looking for a cloud-based, policy-driven patch management platform for Windows and Linux endpoints, bundled with other IT management capabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Kaseya VSA"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Kaseya VSA</h2> <p>Kaseya VSA is RMM software with features such as alerting, discovery, automation and patch management. Admins can use the platform to deploy, update and patch Windows, macOS and Linux computers and third-party apps. VSA provides fully automated patch management. Its approach is configurable, policy-driven, location-independent and optimized for bandwidth. VSA uses agent-executed scripts to automate patching operations and other processes.</p> <p>The policy-based approach helps standardize software maintenance through profiles, which enable IT to manage patch approvals, scheduling and installation. Admins also can do the following:</p> <ul class="default-list"> <li>Use scripts to automate software and patch deployment across all endpoints, whether on or off the network.</li> <li>Override patches.</li> <li>View patch histories.</li> <li>Prevent patches from being applied during certain time windows.</li> <li>Deny specific patches to a subset of machines.</li> </ul> <p>As part of the patch update process, admins can schedule regular network scans and analyses to identify software vulnerabilities. VSA supports over 100 third-party applications out of the box, such as Citrix Workspace, FileZilla Client, Inkscape, TeamViewer and many others. IT can patch endpoints across multiple locations and domains, including home-based user devices. Potential customers should contact Kaseya for licensing information.</p> <p><i>Suitable for:</i> MSPs and medium to large organizations looking to remotely and continuously monitor and patch distributed endpoints with policy-driven automation and rapid auto-remediation.</p> </section> <section class="section main-article-chapter" data-menu-title="7. ManageEngine Patch Manager Plus"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. ManageEngine Patch Manager Plus</h2> <p>ManageEngine Patch Manager Plus is a comprehensive patch management platform available as a cloud service or on-premises. It provides automated <a href="https://www.techtarget.com/searchwindowsserver/tip/The-Microsoft-patch-management-guide-for-admins">patch deployment on Windows</a>, macOS and Linux endpoints, with support for both server and desktop systems, including VMs and roaming devices. Patch Manager Plus supports over 1,100 third-party applications. Although most of these are Windows software, the platform can also handle many macOS and Linux apps.</p> <p>IT can use the centralized web interface to scan endpoints to detect missing patches, as well as test patches before deploying them. ManageEngine also provides prebuilt, tested and ready-to-deploy packages to help simplify patching of third-party apps. In addition, admins can customize deployment policies to meet their specific business requirements. They can specify which installation and reboot options to perform on an endpoint when deploying a patch, software update or service pack.</p> <p>Patch Manager Plus includes auditing and dynamic reporting capabilities to help analyze and fix vulnerabilities. The platform provides real-time metrics that IT can view through patch status dashboards and patch management reports.</p> <p>Patch Manager Plus is available in two editions: Professional and Enterprise. The cost for both depends on the number of devices and whether it is the on-premises or cloud edition. For the most part, the two deployment options offer similar functionality. Specifically, the Enterprise edition includes everything provided with the Professional edition, plus features like scheduled remote shutdowns, automated patch testing and updates for drivers, BIOS and antivirus. A free 30-day trial for both editions is also available.</p> <p><i>Suitable for: </i>Organizations looking to scalably and automatically patch multiple servers, OSes, laptops, workstations and apps with flexibility for cloud or on-premises deployment.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Microsoft Configuration Manager"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Microsoft Configuration Manager</h2> <p>Microsoft Configuration Manager -- formerly System Center Configuration Manager -- is now <a href="https://www.techtarget.com/searchwindowsserver/tip/SCCM-vs-Intune-A-closer-look-at-the-capabilities-of-each">part of the Microsoft Intune brand</a>, which also includes Intune, Endpoint Analytics and Autopilot. Configuration Manager is an on-premises system for managing desktops, laptops and servers on the local network or connected through the internet. Among its other capabilities, Configuration Manager can perform software updates.</p> <p>Configuration Manager contains tools and resources for tracking and applying software updates to client computers. It integrates with Windows Server Update Services (<a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-Update-Services-WSUS">WSUS</a>) to manage updates, and it connects to Microsoft Update to retrieve update metadata. Admins can schedule or manually start synchronizations with Microsoft Update. They can also scan for update compliance on client computers before deploying any updates. Configuration Manager provides a wizard for easily implementing deployment packages that contain the software updates.</p> <p>The updating capabilities in Configuration Manager are geared primarily to Microsoft software. However, admins can use the Third-Party Software Update Catalogs feature in the Configuration Manager console to subscribe to third-party catalogs, publish their updates to a software update point and then deploy the software to client computers.</p> <p>Configuration Manager licensing can be somewhat confusing, and organizations should carefully review Microsoft's licensing requirements or talk to a Microsoft representative before deciding how to proceed.</p> <p><i>Suitable for: </i>Medium to large Windows-centric organizations looking for on-premises patch management and update deployment for corporate-connected PCs, Macs and mobile devices, including cloud-based endpoints.</p> </section> <section class="section main-article-chapter" data-menu-title="9. NinjaOne Patch Management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>9. NinjaOne Patch Management</h2> <p>NinjaOne Patch Management is part of the NinjaOne IT ops platform, which includes a suite of cloud-based services that support remote management and monitoring. With NinjaOne Patch Management, admins can patch Windows, macOS and Linux operating systems, as well as over 135 third-party Windows apps. Managed endpoints can be on or off the corporate network, as long as they have an internet connection.</p> <p>NinjaOne Patch Management automates patch ID, approval, deployment and reporting. Admins have complete control over how each endpoint is patched. They can approve and schedule patch deployments to meet their specific needs. They can also define patch policies that help to optimize and automate endpoint patching at scale. Additionally, IT can perform ad hoc deployments when needed. The platform offers a single pane of glass for identifying and remediating software vulnerabilities.</p> <p>With NinjaOne Patch Management, admins get real-time visibility into patch statuses so they can quickly determine which devices are vulnerable. They can also generate and share reports with detailed information about endpoint compliance.</p> <p>NinjaOne subscription fees are monthly, per-device, with subscribers charged only for what they need. Prospective customers should contact the company directly for a customized quote.</p> <p><i>Suitable for: </i>SMBs and MSPs looking for a cloud-based patch management tool with real-time reporting and automated workflows for multi-platform patching.</p> </section> <section class="section main-article-chapter" data-menu-title="10. SecPod Saner Patch Management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>10. SecPod Saner Patch Management</h2> <p>SecPod Saner Patch Management is one of the components included in the Saner endpoint security platform, a suite of cloud-based tools that provide vulnerability and compliance management, asset exposure, endpoint controls, patch management and other services. Saner Patch Management makes it possible to automatically patch Windows, macOS and Linux servers and workstations, as well as update over 550 third-party apps. Admins access these capabilities from a centralized, cloud-based console <a href="https://www.techtarget.com/searchsecurity/tip/Types-of-access-control">with role-based access control</a>.</p> <p>With Saner Patch Management, IT can automate end-to-end patch-related tasks such as scanning endpoints, prioritizing patches, downloading patches and scheduling deployments. The service provides new patches from supported vendors within 24 hours after release, helping minimize security risks. The patches are pretested and ready for deployment. Admins can also test new patches or roll back deployments if there are problems with a patch.</p> <p>Saner Patch Management can perform continuous scans to verify real-time patch compliance. Admins can customize the scans to meet the needs of their specific environments. The centralized console provides a unified view of the managed endpoints, making it easier to identify noncompliant systems. The console also offers auto-generated reports and an integrated audit log. For information about subscription rates and plans, interested parties should contact SecPod directly.</p> <p><i>Suitable for</i>: SMBs looking for continuous, automated and precise Windows patch management, plus patching for Linux, macOS and third-party apps from a single console.</p> </section> <section class="section main-article-chapter" data-menu-title="11. SolarWinds Patch Manager"> <h2 class="section-title"><i class="icon" data-icon="1"></i>11. SolarWinds Patch Manager</h2> <p>SolarWinds Patch Manager is patch management software that targets Microsoft products and third-party apps. It works with and extends Microsoft WSUS and Configuration Manager to patch both physical and virtual servers and workstations, including offline machines. The tool provides prebuilt and pretested packages for applications, including third-party apps. This enables IT to automate patching operations, which helps simplify patch management processes, from researching updates to deploying them in endpoint environments.</p> <p>Patch Manager gives admins extensive control over the patching process. Using the software, IT can perform the following actions:</p> <ul class="default-list"> <li>Specify which servers and workstations need patches, targeting endpoint systems based on criteria such as OSes or IP ranges.</li> <li>Control which patches to deploy and when to deploy them.</li> <li>Create different patching schedules for different endpoint groups.</li> <li>Create packages that define specific actions to take before or after patch deployment.</li> </ul> <p>Patch Manager offers a centralized web interface for all patch management tasks. The interface includes a patch status dashboard and built-in reports. For example, admins can view details about patch compliance, the latest available patches, the top missing patches or a general health overview. They can also build custom reports to meet specific business needs. SolarWinds does not publicly list the pricing for Patch Manager. However, organizations can contact a sales representative to receive a customized quote.</p> <p><i>Suitable for: </i>Medium to large Windows-centric organizations looking for centralized, automated patch management with advanced scheduling and reboot control for Microsoft and third-party apps on physical and virtual servers and workstations.</p> </section> <section class="section main-article-chapter" data-menu-title="12. SysAid"> <h2 class="section-title"><i class="icon" data-icon="1"></i>12. SysAid</h2> <p>SysAid Patch Management is an asset manager feature integrated into SysAid's line of IT service management (<a href="https://www.techtarget.com/searchitoperations/definition/ITSM">ITSM</a>) software products, which includes Help Desk, ITSM and ITSM AI. The patch management feature uses OEM technology to support Windows server and desktop computers, as well as third-party apps such as Mozilla Firefox, Google Chrome, Java and 7-Zip.</p> <p>The SysAid Patch Management software is a fully automated patch manager that's configurable and highly scalable. It uses a formal change management process to <a href="https://www.techtarget.com/searchsecurity/tip/Security-patch-validation-and-verification">approve patch deployment and audit the patching process</a>, which helps to ensure that patching operations are documented and that security patches and updates are properly applied. Admins can also customize the Patch Management policies and manually manage patches for individual assets or groups of assets.</p> <p>IT teams can use Patch Management in both on-premises and cloud environments. A SysAid agent collects the scan results from the OEM agent's patch and transfers them to the SysAid server through Windows Server's Remote Desktop Services. Patch Management is an optional component in SysAid Help Desk, ITSM and ITSM AI that requires its own annual subscription license. It can only be used for assets with active licenses.</p> <p><i>Suitable for:</i> SMBs -- particularly those that already use or plan to use SysAid ITSM tools -- looking to keep Windows-based servers and PCs up to date and audit the patching process.</p> </section> <section class="section main-article-chapter" data-menu-title="How to choose a patch management tool"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to choose a patch management tool</h2> <p>Many patch management products are now available, and choosing one is no small task. IT admins and decision-makers can find the most suitable tool for their organization by considering four key factors.</p> <p>The first factor to consider is fleet size. Fleet size refers to the total number of endpoints to patch and maintain, including client devices, servers and VMs. More endpoints means greater patching complexity and higher potential for security exposure. To minimize complexity and risk, it's crucial to select a patch management tool that can support a diverse and growing environment without performance degradation.</p> <p>The next important factor is integration with the organization's existing security ecosystem. The tool should be compatible with existing vulnerability scanners, antivirus software, endpoint detection and response and other tools. Seamless integration and compatibility across these tools can streamline patch management and other security processes.</p> <p>Another crucial factor is <a href="https://www.techtarget.com/searchsecurity/tip/Automated-patch-management-Best-practices-for-success">automation capabilities</a>. The best tools automate a major part of the patch management process, including patch discovery, testing and deployment. These capabilities simplify patching across environments and ease the burden on busy IT teams.</p> <p>IT teams should also consider a tool's reporting and analytics features. The chosen tool should include dashboards and customizable reports that provide real-time visibility into patching status and pending patches. These insights can help teams identify and address issues before they can escalate. Additionally, audit trails and compliance reports are useful to highlight and remediate compliance issues.</p> <h3>Implementing a new patch management tool</h3> <p>Before introducing a tool into the broader IT ecosystem, it's a good idea to <a href="https://www.techtarget.com/searchcio/feature/How-to-run-a-successful-IT-pilot-program">run a pilot</a>. Running a pilot before a full-scale rollout enables IT teams and decision-makers to test the tool's functionality, drive user adoption and minimize compatibility issues across the environment.</p> <p>To maximize the chances of a successful pilot, define clear objectives, create a detailed test plan and get real users to test-run the product. By adopting these practices, IT can ensure that the tool will work well in the future and deliver tangible security benefits.</p> <p><b>Editor's note:</b> <i>This article was originally written by Robert Sheldon in February 2020. Rahul Awati updated this article in February 2026 to reflect technology changes.</i></p> <p><i>Rahul Awati is a PMP-certified project manager with IT infrastructure experience spanning storage, compute and enterprise networking.</i></p> <p><i>Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.</i></p> </section> These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right product for your needs. https://cdn.ttgtmedia.com/rms/onlineimages/security_a299192530.jpg https://www.techtarget.com/searchenterprisedesktop/tip/12-best-patch-management-software-and-tools Thu, 05 Feb 2026 15:30:00 GMT 12 best patch management software and tools for 2026 <p>When CIOs embark on desktop modernization, desktop as a service, or <a href="https://www.techtarget.com/searchvirtualdesktop/definition/desktop-as-a-service-DaaS">DaaS</a>, often looks like the most flexible foundation. Abstract the desktop from the device, centralize management and deliver a consistent user experience regardless of hardware or operating system.</p> <p>In Windows-centric environments, that flexibility largely holds. Virtual desktops can be pooled, scaled and adjusted over time without forcing early architectural commitments. Desktop modernization remains something leaders can evolve incrementally.</p> <p>Once Macs enter the picture, that flexibility narrows quickly -- and often irreversibly.</p> <p>As detailed in <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understanding-the-DaaS-options-for-Macs"><i>Understanding the DaaS options for Macs</i></a>, Apple devices can easily access Windows-based virtual desktops through native clients or browser-based access, but delivering macOS itself as a virtual desktop is another matter. The constraint isn't performance or cloud maturity. It's licensing.</p> <p>Apple's macOS licensing tightly couples the OS to Apple hardware and restricts shared, service-provider-style use. That immediately undermines the economics that make DaaS attractive in the first place. Centralization and resource sharing -- the core cost levers of desktop modernization -- only work when desktops can be pooled, reused and scaled efficiently.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">What CIOs often assume about desktop modernization</h3> <p>Before committing to DaaS as the foundation for desktop modernization, many CIOs bring a familiar mental model with them. Endpoint choice doesn't feel like it should meaningfully affect the virtual desktop approach. Desktop OSes are assumed to be largely interchangeable. Licensing considerations tend to follow architecture decisions, not drive them. That framing usually holds in Windows-heavy environments. It breaks down much faster once Macs are part of the equation.</p> </div> </div> <section class="section main-article-chapter" data-menu-title="When desktop modernization turns into early lock-in"> <h2 class="section-title"><i class="icon" data-icon="1"></i>When desktop modernization turns into early lock-in</h2> <p>This is where desktop modernization hardens earlier than many CIOs expect.</p> <p>Bringing Macs into the environment doesn't just add another endpoint. It quietly splits the desktop strategy in two. Windows users can be folded into centralized DaaS models, while Mac users stay anchored to physical devices, different support paths and a separate cost structure.</p> <p>There are ways to work around that split, but none of them really put the genie back in the bottle. <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Why-2026-might-bring-more-Linux-desktops-to-the-enterprise">Linux-based virtual desktops</a> sidestep some licensing issues, but they're still a stretch for most nontechnical users. Browser-based access helps Macs reach Windows desktops, but it doesn't change the underlying reality that macOS itself sits outside the shared virtual desktop pool.</p> <p>None of this suggests Macs don't belong in the enterprise. But CIOs should recognize what they are deciding when Macs are widely deployed as part of a desktop modernization initiative. Once that choice is made, part of the workforce is effectively segmented away from the broader virtual desktop strategy.</p> <p>Desktop modernization still matters. But in mixed environments, the window for flexibility closes sooner -- and more quietly -- than many leaders anticipate.</p> <p><i>James Alan Miller is a veteran technology editor and writer who leads Informa TechTarget's Enterprise Software group. He oversees coverage of ERP & Supply Chain, HR Software, Customer Experience, Communications & Collaboration and End-User Computing topics.</i></p> </section> Desktop modernization looks flexible at the outset, but Macs introduce constraints that lock organizations into parallel desktop models far earlier than CIOs typically anticipate. https://cdn.ttgtmedia.com/rms/onlineimages/strategy_a56806043.jpg https://www.techtarget.com/searchenterprisedesktop/feature/Desktop-decisions-harden-earlier-than-CIOs-expect Wed, 04 Feb 2026 14:07:00 GMT Desktop decisions harden earlier than CIOs expect <p>A black screen is a frustrating issue for Windows 11 users to encounter, and it can create cascading delays for IT support teams responsible for restoring access quickly.</p> <p>Black screen issues in Windows 11 can be difficult to resolve. It's not because the fixes themselves are particularly complicated, but because of the time it can take to try different troubleshooting methods. Black screen errors, sometimes known as the black screen of death, can occur for many reasons, such as Windows updates, faulty applications, outdated drivers or malware infections.</p> <p>As an IT administrator or desktop support professional, you'll have to narrow down the possible causes and prioritize fixes based on how and when the black screen appears.</p> <p>The steps below are not strictly linear. In many enterprise environments, the fastest resolution comes from matching the troubleshooting step to when the black screen occurs -- for example, before login, after login or only when using an external display. Use the steps that best fit the symptoms you're seeing, rather than working through each one sequentially.</p> <section class="section main-article-chapter" data-menu-title="What can cause a Windows 11 black screen?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What can cause a Windows 11 black screen?</h2> <p>A black screen in Windows 11 can sometimes resolve itself before you ever figure out the cause. It might take many instances of trial and error to resolve the issue. When trying to identify what's behind Windows 11 black screens, you should consider the following possibilities:</p> <ul type="disc" class="default-list"> <li><b>Windows OS.</b> The operating system itself can be the cause of Windows 11 black screens. This is usually the result of <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Windows-11-upgrade-issues-that-desktop-admins-should-know">faulty Windows updates</a>, but corrupt or missing system files can also play a role.</li> <li><b>Applications and drivers.</b> An outdated or malfunctioning application or driver can lead to black screen errors. Graphics drivers are particularly suspect when it comes to these errors.</li> <li><b>Configurations.</b> Misconfigured settings can sometimes cause black screen issues. For example, the projection settings might be incorrect, or there might be a problem with the boot configuration data (BCD) store.</li> <li><b>Hardware.</b> Internal components and peripheral devices can also cause black screens. For instance, a physical connection such as a monitor's cable might be loose, or the graphics card might not be in the right position.</li> <li><b>Malware.</b> A <a href="https://www.techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them">malware infection</a> might cause a system to behave erratically, and that erratic behavior can include black screens.</li> </ul> <p>At best, black screen errors are an inconvenience that wastes time and causes user frustration. But it seldom stops there. Black screens can lead to lower productivity, the loss of unsaved work and even the permanent loss of data. To prevent these risks, be sure to troubleshoot and solve black screen issues as soon as possible.</p> </section> <section class="section main-article-chapter" data-menu-title="How to troubleshoot and fix a Windows 11 black screen"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to troubleshoot and fix a Windows 11 black screen</h2> <p>If the system cannot reach the Windows login screen, most advanced troubleshooting steps require access to the Windows Recovery Environment (WinRE).</p> <p>If the black screen prevents you from logging in normally, accessing the system <a target="_blank" href="https://support.microsoft.com/en-us/windows/windows-recovery-environment-0eb14733-6301-41cb-8d26-06a12b42770b" rel="noopener">through the WinRE</a> provides advanced recovery options such as Safe Mode and Startup Repair. In fact, many of the black screen troubleshooting steps are easiest to accomplish within WinRE.</p> <p>The WinRE is a companion OS installed alongside the regular Windows 11 OS. It provides options for accessing, controlling and repairing the Windows 11 environment. However, getting to the WinRE can be difficult when you can't access the PC through the normal means. In this situation, you must use a workaround. Turn the computer off and then on several times. Each time you turn it off, hold the power button for about 10 seconds. After it's off, turn it back on. As soon as Windows launches, turn it off again. After the third restart, the computer should display the WinRE <b>Automatic Repair</b> screen. From there, click <b>Advanced options</b>, which takes you to the <b>Choose an option</b> screen (Figure 1).</p> <p>The <b>Choose an option</b> screen lets you choose from the various options available for working within WinRE.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_1.jpg 1280w" alt="The 'Choose an option' screen in WinRE, showing options to continue to Windows 11, use a device, troubleshoot or turn off the PC." data-credit="Robert Sheldon" height="383" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. You can open troubleshooting options from the 'Choose an option' screen in WinRE. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In most cases, you should select <b>Troubleshoot</b> to access the features you need when dealing with Windows 11 black screens. Clicking this option opens the <b>Troubleshoot</b> screen, where you can choose to either reset the PC or access more advanced features.</p> <p>Next, select <b>Advanced</b> <b>options</b>. At the <b>Advanced</b> <b>options</b> screen, you can access startup settings, open the command prompt, uninstall updates and more (Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_2.jpg 1280w" alt="The 'Advanced options' screen in WinRE, showing 'Startup Repair,' 'Startup Settings' and other troubleshooting options." data-credit="Robert Sheldon" height="401" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. From the 'Advanced options' screen, you can access many of the troubleshooting strategies for fixing a black screen error. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Clicking the <b>Startup Settings</b> option opens the first <b>Startup Settings</b> screen, which includes only one option: <b>Restart</b>.</p> <p>Clicking <b>Restart</b> launches the second <b>Startup Settings</b> screen (Figure 3). This screen presents the three Safe Mode options, as well as options to enable or disable functions such as debugging and automatic restart.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_3.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_3_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_3_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_3.jpg 1280w" alt="The second 'Startup Settings' screen, showing a numbered list of startup options." data-credit="Robert Sheldon" height="426" width="558"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. The second 'Startup Settings' screen lists various startup options with the corresponding number keys from which to choose. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In most cases with black screen errors, you should go to Safe Mode from here. Safe Mode provides a pared-down operating environment for diagnosing and resolving performance issues such as black screens.</p> <p>WinRE is one of the best tools available for troubleshooting Windows 11 black screen issues and other problems with the underlying computer. When attempting to address black screen errors, you should try these seven steps, performing them in the order that seems most appropriate to your circumstances.</p> <h3>1. Restart the computer</h3> <p>Whether the black screen issue began before or after login, you should first try to restart the computer. Sometimes all it takes is a simple reboot to get the system back on track. This step is most useful when the black screen appears intermittently or immediately after a recent update or restart.</p> <p>If you can't restart the computer the normal way, try to access the power button by pressing <b>Ctrl + Alt + Delete</b>. This should bring up a mostly blank screen showing a list of options, with the power button in the bottom right corner (Figure 4).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_4.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_4_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_4_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_4.jpg 1280w" alt="A black screen with a list of menu options in the center and icons in the bottom right corner." data-credit="Robert Sheldon" height="342" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. The power button icon should be in the bottom right corner of the screen that appears after you press Ctrl + Alt + Delete. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If this approach doesn't work, press and hold the power button until the computer shuts down. After that, try booting the computer normally. If this doesn't resolve the problem, work through the other steps.</p> <h3>2. Update, reset or remove applications</h3> <p>Black screens that occur after login -- especially when a cursor is visible -- often point to File Explorer, a startup application or a recently updated app.</p> <p>In some cases, an application is the cause of black screen errors. However, it's not always third-party applications. <a href="https://www.techtarget.com/searchenterprisedesktop/news/252526389/Latest-Windows-11-update-adds-tabbed-File-Explorer">File Explorer in Windows 11</a> can also cause black screen issues. For this reason, you should try to restart Explorer, especially if the black screen appears after login. For this, you'll need to open Task Manager, which you might be able to access by pressing <b>Ctrl + Alt + Delete</b>.</p> <p>If you can reach Task Manager, you can restart Explorer by selecting <b>Windows Explorer</b> in the Task Manager window and moving your cursor to click <b>Restart </b>(Figure 5). Another option is to open <b>explorer.exe </b>as a new task in Task Manager.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_5.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_5_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_5_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_5.png 1280w" alt="The Task Manager in Windows 11, with 'Windows Explorer' and its process information highlighted." data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 5. Windows Explorer has been a common source of problems in the new OS, so you might need to restart the app in Task Manager. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If restarting Explorer doesn't work or isn't possible, confirm that Explorer is properly included in the Winlogon settings in the registry. You can do this in Safe Mode, if necessary. <a href="https://www.techtarget.com/searchwindowsserver/tip/Command-line-options-for-Regeditexe">Open the Registry Editor</a> and navigate to <b>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</b>. From there, make sure that the <b>Value data</b> for the <b>Shell</b> value under the Winlogon subkey is set to <b>explorer.exe </b>(Figure 6).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_6.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_6_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_6_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_6.png 1280w" alt="The Windows 11 Registry Editor, with the Winlogon subkey selected and 'Edit String' prompt open." data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 6. You can check the 'Shell' value for Winlogon in the Registry Editor. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If the black screen issue started after the installation of a new app, you might need to uninstall the app in Safe Mode. You should be able to launch Safe Mode even if a faulty application is causing black screen errors. Once in Safe Mode, use the <b>Apps & features</b> option to remove the application.</p> <h3>3. Verify system configurations and settings</h3> <p>On systems that use multiple displays, docking stations or custom boot configurations, it's common for black screen issues to stem from misconfigurations.</p> <p>Incorrect projection settings are a possible reason for black screen errors. If the black screen doesn't prevent the PC from displaying the projection settings, you can access them with the command <b>Win + P</b> (Figure 7). Correcting any misconfigured settings might fix the black screen problem.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_7.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_7_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_7_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_7.png 1280w" alt="A close-up of the projection settings menu in Windows 11." data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 7. Changing the projection settings might resolve the black screen issue. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>You might also be able to resolve black screen issues by rebuilding the BCD store, which can sometimes become misconfigured or corrupted. The BCD contains information about boot applications and boot application settings. Microsoft provides the <b>bootrec</b> command-line utility to troubleshoot and repair Windows BCD (Figure 8). This includes rebuilding the BCD store. However, you should be familiar with the <b>bootrec</b> utility and how the command options work before rebuilding the BCD.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_8.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_8_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_8_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_8.jpg 1280w" alt="The command prompt window for bootrec." data-credit="Robert Sheldon" height="308" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 8. You can use the bootrec command-line utility to rebuild the BCD store. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The Deployment Image Servicing and Management (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Windows-Deployment-Image-Servicing-and-Management-DISM">DISM</a>) tool and the System File Checker (SFC) can also be helpful when troubleshooting Windows 11 black screen issues. You should run the DISM scan first, and then run the SFC scan. Together, these tools can help identify and replace missing or corrupted Windows 11 system files, which can sometimes cause black screen problems.</p> <h3>4. Examine the hardware devices and their connections</h3> <p>In managed Windows environments, problems with hardware or drivers -- display drivers, in particular -- are one of the most common causes of persistent black screen issues.</p> <p>You should update, disable or uninstall drivers wherever you suspect they might be causing problems. To do this, use Device Manager when in Safe Mode. If you're updating a driver, you'll likely need to use Safe Mode with Networking.</p> <p>The display driver is often behind black screen errors, so it's usually a good place to start when evaluating hardware drivers. In some cases, you might be able to resolve black screen issues by simply restarting the graphics driver in a normal Windows environment. To do this, press <b>Win + Ctrl + Shift + B</b>.</p> <p>If you don't think a driver is the cause of the black screen, you should look to the hardware itself. First, unplug any peripherals that aren't necessary and then restart the computer to see if that helps. If that doesn't work, check all physical connections, unplugging them and then reconnecting them as necessary. Make sure that all graphics cards sit firmly in their respective slots and that all internal components are free from dirt and dust. If a spare is available, you can try replacing the monitor as well. It can also be useful to run diagnostics against the memory, storage and other components to verify that they're operating properly.</p> <h3>5. Scan for malware</h3> <p>If the desktop has been exhibiting other unusual behavior besides the black screen, malware is a likely cause.</p> <p>Computers sometimes experience black screen problems because of a malware infection. For this reason, you should scan the system to ensure that there are no signs of infection. Malware can cause far more damage than just black screens, so you must identify and <a href="https://www.techtarget.com/searchsecurity/Ultimate-guide-to-incident-response-and-management">deal with any possible malware infections</a> as quickly as possible.</p> <h3>6. Add or remove Windows updates</h3> <p>In some cases, you can address black screen issues by applying a Windows update that might have failed or been deferred. If you have direct access to the computer that's experiencing problems, you can use the <b>Windows Update</b> feature in Settings to view the update history and check and install any pending updates (Figure 9).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_9.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_9_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_9_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_11_black_screen_9.png 1280w" alt="The 'Windows Update' screen in the Windows 11 system settings." data-credit="Robert Sheldon"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 9. You can install pending updates through the 'Windows Update' screen in settings. You can only uninstall updates through 'Advanced options' in WinRE, however. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If you're using Safe Mode for troubleshooting, you won't be able to run Windows Update in that environment. Instead, install the updates after restarting Windows normally.</p> <p>Black screen errors might be the result of a recent Windows update. If the problems started after an update, you can use the <b>Uninstall Updates</b> option in WinRE to roll back the update.</p> <p>From WinRE, you can choose to roll back the last quality update or feature update. If you want to do both, you should do only one at a time and restart the computer normally after each one to see whether it fixed the problem.</p> <p>IT support teams should also be sure to align update installation and rollback with organizational patching and change management policies.</p> <h3>7. Repair, restore or roll back Windows</h3> <p>You can use other WinRE options to try to address black screen issues as well. One of these is Startup Repair, which can help fix problems with the Master Boot Record, partition table or boot sector. It will also remove the most recent update if it immediately preceded a startup failure. When you click the <b>Startup Repair</b> option in WinRE, the repair feature automatically starts diagnosing the system.</p> <p>You can also use WinRE to roll the computer back to a specific point in time, assuming that there are restore points on the computer. The <a href="https://www.techtarget.com/searchwindowsserver/definition/System-Restore">System Restore</a> utility makes it possible to revert the system to a restore point that was created before the black screen issues started. This won't remove any personal data, but it will remove any updates, drivers or apps that users have installed since the time of the restore point.</p> <p>If you're unable to resolve black screen issues through other approaches, you might need to reset Windows 11, which returns the OS to its original factory settings. To get started, select <b>Reset this PC</b> in WinRE, which will take you to the <b>Choose an option</b> screen. Here, you can choose to either retain personal files or remove all personal files, settings and applications.</p> <p>If resetting the OS doesn't work, the last troubleshooting option is to reinstall Windows 11, which means reinstalling all applications and reconfiguring all settings. It might be possible to roll back to Windows 10, but only if the Windows 11 upgrade occurred within the past 10 days. However, you might still be able to install Windows 10 rather than Windows 11 if you determine that reinstallation is the only viable option.</p> <p>When troubleshooting Windows 11 black screen issues, the goal is to restore user access as quickly as possible while minimizing unnecessary disruption. Matching the troubleshooting approach to the symptoms enables IT teams to prioritize the most effective actions under real-world constraints. This further helps reduce downtime, standardize response and lower the likelihood of recurrence across managed environments.</p> <p><b>Editor's note:</b><i> This article was updated in February 2026 to reflect technology changes and to improve the reader experience.</i></p> <p><i>Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.</i></p> </section> A black screen can be a symptom of several issues with a Windows 11 desktop. Knowing where to look for the source of the problem can simplify the troubleshooting process. https://cdn.ttgtmedia.com/rms/onlineimages/strategy_a268589527.jpg https://www.techtarget.com/searchenterprisedesktop/tip/Steps-to-fix-a-black-screen-in-Windows-11 Mon, 02 Feb 2026 14:00:00 GMT 7 steps to fix a black screen in Windows 11 <p><a href="https://www.techtarget.com/searchenterprisedesktop/definition/unified-endpoint-management-UEM"></a></p> <p>Unified endpoint management (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/unified-endpoint-management-UEM">UEM</a>) products have become necessary in nearly all larger organizations as they incorporate more types of endpoints into their workflows.</p> <p>UEM systems are the only realistic option for coping with device sprawl, especially in organizations that allow users to work from personal devices. While capabilities vary from one product to the next, UEM products enable organizations to manage and secure various device types -- even if those devices are running different <a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OSes</a>.</p> <p>A single UEM product can potentially manage a variety of laptops, desktops, phones and tablets. This device management consolidation helps maintain identity and access management (<a href="https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system">IAM</a>) consistency and ensures that policies are applied to devices in a uniform manner. Applying detailed audit trails, device health checks and automated policy enforcement across corporate-owned and BYOD devices is essential for maintaining regulatory compliance.</p> <p>UEM software can also improve help desk efficiency by enabling capabilities such as automated patching and app deployment while also enabling remote access to devices.</p> <p>Explore the six leading UEM products of 2026, chosen for their popularity and appearance in rating reports from Gartner and similar market studies. This list is not ranked and appears in alphabetical order.</p> <section class="section main-article-chapter" data-menu-title="Compare key UEM tool features and capabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Compare key UEM tool features and capabilities</h2> <p>When choosing a UEM product, there are several important factors to consider:</p> <ul type="disc" class="default-list"> <li><b>OS support.</b> One of the most important considerations is what OSes the tool supports. A UEM product will only be useful if it supports the devices and OSes the organization uses. For example, if an organization uses Windows PCs and <a href="https://www.techtarget.com/searchmobilecomputing/definition/Android-OS">Google Android</a> phones, then, at a minimum, the chosen UEM tool needs Windows and Android management capabilities. Otherwise, the organization will have to adopt an additional management tool that can handle the unsupported OS, thereby increasing both cost and management complexity.</li> <li><b>Security and privacy.</b> The product's security and privacy features are critical factors to consider. Nearly all UEM products keep managed devices secure, but the actual <a href="https://www.techtarget.com/searchsecurity/tip/Types-of-endpoint-security">security capabilities vary</a> from one UEM product to another.</li> <li><b>Device management.</b> A UEM tool must also provide a consistent management experience across all devices. If an organization has a policy requiring a certain password length, for example, the UEM software should enable the organization to define that policy in one place and apply the policy to all relevant devices, regardless of OS. Creating one policy for iOS devices and a separate policy that does the same thing for Android devices makes device management more difficult and costly.</li> <li><b>App and software management.</b> Most UEM products enable IT to deploy apps to managed devices. However, not all UEM tools support all types of applications. Ideally, an organization should look for a UEM product that will let it automatically push applications to all its managed devices. Additionally, some UEM software lets organizations create their own enterprise app store from which users can deploy apps to their devices without IT intervention.</li> <li><b>Deployment and enrollment.</b> Before a UEM product can manage a device, that device needs to be enrolled. IT should closely examine what's involved in the enrollment process, as users will likely register their own devices. Most modern UEM products provide a simple web portal through which users can answer a few basic questions and have their devices enrolled automatically. This approach can help reduce costs, since users won't need to contact the help desk for assistance.</li> <li><b>IAM.</b> Organizations should consider whether a product relies on its own proprietary identity provider or if it can integrate with the existing directory service. It's also important to consider whether a product supports role-based access control (<a href="https://www.techtarget.com/searchsecurity/definition/role-based-access-control-RBAC">RBAC</a>) and the granularity of permissions. If a UEM product requires a proprietary identity provider, the organization must maintain separate, parallel identities for its users. This increases cost and complexity.</li> <li><b>Pricing.</b> It's important to know what a UEM product costs. UEM tools are typically subscription-based, but ancillary products might be necessary to get the most use out of a UEM product.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="1. IBM Security MaaS360"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. IBM Security MaaS360</h2> <p>IBM Security MaaS360 with Watson helps secure and manage various device types, from desktops to wearables. MaaS360 heavily emphasizes helping organizations with their <a href="https://www.techtarget.com/whatis/definition/BYOD-bring-your-own-device">BYOD</a> efforts. It also uses <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-Artificial-Intelligence">AI</a> to detect and surface actionable insights.</p> <h3>Supported OSes</h3> <p>IBM's list of supported operating systems includes the following:</p> <ul type="disc" class="default-list"> <li><a href="https://www.techtarget.com/searchmobilecomputing/definition/iOS">Apple iOS</a>, macOS and iPadOS.</li> <li>Google Android and ChromeOS.</li> <li>Microsoft Windows.</li> <li>Various ruggedized, wearable and IoT devices.</li> </ul> <h3>Security and privacy</h3> <p>MaaS360 uses an AI-powered tool to identify and generate security insights and <a href="https://www.techtarget.com/searchsecurity/definition/threat-detection-and-response-TDR">detect and remediate threats</a> like malware, risky device configuration settings and malicious apps. It can also detect when an end-user device has been jailbroken or rooted.</p> <h3>Device management</h3> <p>IBM Security MaaS360 is a cloud-based SaaS tool for managing endpoint devices. Like other UEM offerings, MaaS360 provides a dashboard that lets various devices be managed side by side through a single-pane-of-glass interface.</p> <h3>App and software management</h3> <p>IT can use MaaS360 to create an app catalog to deploy apps to managed devices. Supported app types include the following:</p> <ul type="disc" class="default-list"> <li>Internal applications that the organization develops for internal use.</li> <li>Purchased applications bought from an app store for the organization's use.</li> <li>Public apps listed in a public app store.</li> </ul> <h3>Deployment and enrollment</h3> <p>IBM Security MaaS360 supports several common types of device enrollment. These <a target="_blank" href="https://www.ibm.com/docs/en/maas360?topic=portal-configuring-directory-enrollment-settings-in-maas360" rel="noopener">include</a> Apple Configurator, Apple Automated Device Enrollment (ADE), Samsung Knox Mobile Enrollment, Android Enterprise zero-touch and QR code enrollment, Windows Out-Of-Box Experience and others.</p> <h3>IAM</h3> <p>MaaS360 works with IBM Security Verify, IBM's IAM service, with options for single sign-on (<a href="https://www.techtarget.com/searchsecurity/definition/single-sign-on">SSO</a>) and conditional access management.</p> <h3>Pricing</h3> <p>IBM uses subscription-based pricing for its MaaS360 software. In addition to a 30-day free trial, the company offers four different pricing plans, each charged per device, per month. The Essentials plan starts at $2.80 per client device, per month, with the price increasing to $3.50 for the Deluxe plan. IBM's Premier plan starts at $4.38, and the Enterprise plan sells for $6.30.</p> <h3>Use case</h3> <p>IBM's MaaS360 is a good option for organizations that want AI-driven analytics and advice. IBM also tends to focus on vertical industries, including financial services, healthcare, retail, and distribution and supply chain management.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Ivanti UEM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Ivanti UEM</h2> <p>Ivanti UEM is designed to help organizations with a diverse collection of devices operate at scale. The software lets IT perform management actions, such as policy enforcement or software deployment, across many devices with a few clicks. The right reporting capabilities can help admins more easily spot issues needing their attention.</p> <h3>Supported OSes</h3> <p>Ivanti's ability to manage a device depends on the availability of a management agent for the device's OS. The product has a long list of supported OSes and broadly covers the following platforms:</p> <ul type="disc" class="default-list"> <li>Apple iOS and macOS.</li> <li>Google Android and ChromeOS.</li> <li>Microsoft Windows.</li> <li>Linux.</li> <li>Rugged devices.</li> </ul> <h3>Security and privacy</h3> <p>Ivanti delivers endpoint security through Ivanti Endpoint Security, which is licensed separately. While Ivanti Endpoint Security is probably best known for its <a href="https://www.techtarget.com/searchenterprisedesktop/definition/patch-management">patch management</a> and antivirus capabilities, it can do much more. For example, the software can prevent unauthorized apps from running on devices and can even prevent the use of removable media.</p> <p>Ivanti also has another tool to protect mobile devices. Ivanti Neurons for Mobile Threat Defense guards against <a href="https://www.techtarget.com/searchsecurity/definition/zero-day-vulnerability">zero-day vulnerabilities</a> and more common threats, such as phishing attacks and malicious URLs.</p> <h3>Device management</h3> <p>Ivanti's preferred tool for device management is Ivanti Endpoint Manager. It provides a single view that shows all managed devices, regardless of type, OS migrations, patch management, software deployment and other similar tasks. The dashboard also includes rich reporting capabilities and a remote-control feature that can control <a href="https://www.techtarget.com/searchvirtualdesktop/tip/6-steps-for-when-remote-desktop-credentials-are-not-working">remote device troubleshooting</a>.</p> <h3>App and software management</h3> <p>The Ivanti UEM platform deploys AppConnect apps to managed devices. AppConnect apps are containerized apps packaged using the AppConnect SDK, AppConnect Cordova Plugin or App Wrapper for iOS and Android. Another Ivanti product, AppStation, provides application access for both managed and unmanaged devices.</p> <h3>Deployment and enrollment</h3> <p>Ivanti supports common device enrollment types, including Apple's ADE, Android Enterprise zero-touch enrollment and Knox Mobile Enrollment. Additionally, Ivanti enables its customers to restrict devices based on enrollment type.</p> <h3>IAM</h3> <p>Ivanti regulates access to its software by using RBAC, which Ivanti refers to as <i>role-based administration</i>. Ivanti lets IT create custom roles that can restrict admins based on factors such as geographic location or department. While the software does allow the use of local users and groups on <a href="https://www.techtarget.com/searchwindowsserver/tip/SCCM-vs-Intune-A-closer-look-at-the-capabilities-of-each">Windows machines</a>, IT can also configure it to work with Active Directory (AD) users and groups.</p> <h3>Pricing</h3> <p>Ivanti uses a subscription-based licensing model with three plans available -- Secure UEM Professional, Secure UEM Professional Plus and Secure UEM Premium -- but requires potential customers to contact its sales department for a quote. Ivanti is known for its a la carte pricing model, where the overall licensing cost is determined by what tools and features are needed.</p> <h3>Use case</h3> <p>Ivanti UEM is notable for its simplicity-focused design. It's a good choice for organizations that want to minimize mouse clicks as they manage devices.</p> </section> <section class="section main-article-chapter" data-menu-title="3. ManageEngine Endpoint Central"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. ManageEngine Endpoint Central</h2> <p>ManageEngine Endpoint Central is a UEM tool that can assist with device management, device patching, data security, remote intelligence and ransomware protection.</p> <h3>Supported OSes</h3> <p>Endpoint Central supports a variety of OSes, including iOS, macOS, iPadOS and tvOS. Additionally, the software supports Windows, Linux, ChromeOS and Android.</p> <h3>Security and privacy</h3> <p>To <a href="https://www.techtarget.com/searchsecurity/tip/Insider-threat-hunting-best-practices-and-tools">prevent insider threats</a> and other types of security incidents, Endpoint Central offers privilege management and app monitoring. The software can also control access to sensitive data at the device level. Additionally, the software includes threat detection and remediation capabilities as well as a data loss prevention feature.</p> <h3>Device management</h3> <p>Endpoint Central is designed for centralized MDM, but it goes a step beyond the basics. Unlike some of the other UEM products, Endpoint Central can perform automated OS deployment and can even deploy device drivers.</p> <h3>App and software management</h3> <p>Endpoint Central can deploy apps to devices and gives admins the ability to allow or block specific apps and use rule-based filtering.</p> <h3>Deployment and enrollment</h3> <p>Endpoint Central supports bulk enrollment using a CSV file, or users can enroll their own devices. Admins can invite users to enroll their devices by email or text message.</p> <h3>Pricing</h3> <p>Manage Engine does not publicly disclose pricing for its Endpoint Central software. The company does, however, offer a 30-day free trial.</p> <h3>Use case</h3> <p>ManageEngine's Endpoint Central is a feature-rich product that incorporates numerous security and management tools. It's well-suited to organizations that want to handle all device-related tasks with a single tool.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Microsoft Intune"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Microsoft Intune</h2> <p><a href="https://www.techtarget.com/searchitchannel/definition/Microsoft-Intune">Intune</a> is Microsoft's cloud-based UEM platform that lets organizations <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-mobile-device-management-policy-for-your-org">manage corporate and personally owned devices</a> of various types. Admins can use Intune to apply security policies to devices and manage the apps installed on them.</p> <h3>Supported OSes</h3> <p>Microsoft Intune supports a wide range of device OSes, including the following:</p> <ul type="disc" class="default-list"> <li>Apple iOS, macOS and iPadOS.</li> <li>Google Android and ChromeOS.</li> <li>Microsoft Windows.</li> <li>Linux.</li> </ul> <h3>Security and privacy</h3> <p>Microsoft Intune contains an Endpoint Security node that serves as a collection of tools for device security. These tools can check the status of devices or configure devices based on established security baselines. These baselines are collections of security best practices that IT can apply as a policy to devices. The Endpoint Security node can also apply tightly focused policies -- such as antivirus and encryption -- to devices. Additionally, these tools enable admins to set user and device requirements through a compliance policy.</p> <h3>Device management</h3> <p>Like other UEM tools, Intune provides a consolidated view of managed devices. The management console lets IT perform various management actions, such as synchronizing the device, resetting its passcode or performing a <a href="https://www.techtarget.com/searchmobilecomputing/definition/remote-wipe">remote wipe</a>. Notably, some of the available device actions are device-type-specific.</p> <h3>App and software management</h3> <p>Microsoft Intune works with four different types of apps. These include custom applications, apps from the store, built-in apps and apps on the web.</p> <h3>Deployment and enrollment</h3> <p>Microsoft Intune supports several different types of device enrollments. These include Android Enterprise zero-touch enrollment, Apple Configurator and Knox Mobile Enrollment.</p> <h3>IAM</h3> <p>Microsoft Intune is designed to work with AD and Entra ID (formerly known as Azure AD), so it recognizes AD users and groups. Access to Microsoft Intune is provided through RBAC. And while IT can define custom roles, nine built-in roles provide various levels of access.</p> <h3>Pricing</h3> <p>Microsoft Intune is subscription-based, but Microsoft's licensing options for Intune are somewhat complex. Intune is currently offered in three plans -- Plan 1, Plan 2 and Intune Suite -- with Plan 2 and Intune Suite acting as add-ons to Intune Plan 1 with additional subscription fees. Additionally, Intune is bundled and included in several Microsoft 365 subscription plans.</p> <h3>Use case</h3> <p>Microsoft Intune is a good all-around UEM tool. While it does support cross-platform device management, it's especially suitable for organizations that have standardized around the Microsoft ecosystem.</p> </section> <section class="section main-article-chapter" data-menu-title="5. NinjaOne"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. NinjaOne</h2> <p>NinjaOne offers a suite of products that can help organizations manage all their devices, servers and VMs through a single interface. The platform specializes in scalability and helps automate common IT device management tasks.</p> <h3>Supported OSes</h3> <p>NinjaOne supports cross-platform management for Windows, macOS and Linux devices. The company offers a separate tool for MDM.</p> <h3>Security and privacy</h3> <p>Organizations can use NinjaOne to increase their security by using the software's native patch management and auto-remediation capabilities. The company's MDM software offers additional security capabilities, such as remote wipe and passcode reset.</p> <h3>Device management</h3> <p>NinjaOne's Endpoint Management software provides capabilities such as hardware and software inventory, software and OS deployment, monitoring and alerting for support issues, and endpoint task automation.</p> <h3>App and software management</h3> <p>IT can use NinjaOne for OS and app deployment to devices. While the software distribution capabilities can be tied to onboarding or device setup, it can also be used for managing software upgrades.</p> <h3>Deployment and enrollment</h3> <p>For the organization's MDM software, zero-touch deployment, QR code-based enrollment or bulk enrollment are all device enrollment options.</p> <h3>IAM</h3> <p>NinjaOne provides IAM through RBAC, letting IT assign permissions based on administrator roles. The platform supports integration with external identity providers through SSO and <a href="https://www.techtarget.com/searchsecurity/tip/Must-know-IAM-standards">System for Cross-domain Identity Management for user provisioning</a>. NinjaOne also supports multifactor authentication to help secure administrative access.</p> <h3>Pricing</h3> <p>NinjaOne doesn't publicly disclose pricing for its products, requiring prospective customers to fill out a form to request a quote. However, a free trial is available.</p> <h3>Use case</h3> <p>NinjaOne is a good choice for organizations seeking to gain additional visibility into their devices. It's also a compelling option for those that want to automate tedious IT tasks.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Omnissa Workspace One"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Omnissa Workspace One</h2> <p>Omnissa Workspace One, formerly VMware Workspace One, is a UEM tool for managing devices and the apps running on them, regardless of where those devices reside. Workspace One also has security features that make it easy to identify devices that don't comply with an organization's security policies.</p> <h3>Supported OSes</h3> <p>Supported OSes for Omnissa Workspace One include the following:</p> <ul type="disc" class="default-list"> <li>Apple iOS and macOS.</li> <li>Google Android and ChromeOS.</li> <li>Linux.</li> <li>Microsoft Windows.</li> </ul> <h3>Security and privacy</h3> <p>Omnissa Workspace One provides a foundation for <a href="https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network">zero-trust security</a>. In addition to enabling end-to-end security across devices, users and apps, Omnissa supports conditional access and generates machine learning based on insights and automations.</p> <h3>Device management</h3> <p>Like other UEM tools, Omnissa Workspace One uses a single-pane-of-glass interface to manage devices. This dashboard makes it easy to identify devices suffering from a particular problem. For example, the dashboard shows compromised devices, devices with no passcode and devices that aren't encrypted.</p> <h3>App and software management</h3> <p>Omnissa's tools can manage various application types on managed devices, including internal, purchased and public apps.</p> <h3>Deployment and enrollment</h3> <p>Workspace One supports several different enrollment workflows. For example, there are two main options for mobile devices. The first option is for users to download the Workspace One Intelligent Hub app from the Android, iOS or Windows app store and then use the app to complete enrollment. The second option is an email-based auto-discovery process that completes the enrollment by directing the user to a self-service portal.</p> <h3>IAM</h3> <p>Like other UEM products, Omnissa Workspace One uses RBAC to manage administrative access. Omnissa supplies numerous predefined administrative roles as a way of helping organizations ensure that admins are assigned exactly the permissions they need. If necessary, administrators can define custom roles.</p> <h3>Pricing</h3> <p>Omnissa offers various subscription plans for Workspace One. There are three Essentials plans -- Mobile, Desktop and UEM -- along with an Enterprise Edition. The Enterprise Edition is the most expensive option and costs $10 per device or $15 per user, per month. The mobile Essentials plan is the cheapest at $3.00 per device or $5.40 per user, per month.</p> <h3>Use case</h3> <p>Omnissa is ideal for organizations that support a mixture of corporate-owned and BYOD devices and need to be able to manage any app on any device.</p> </section> <section class="section main-article-chapter" data-menu-title="How to choose a UEM provider"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to choose a UEM provider</h2> <p>With so many tools to choose from, an organization might be hard-pressed to decide on one. Fortunately, there are ways to narrow down the choices.</p> <p>First, make sure that the tool works with the organization's existing identity stack and aligns with any <a href="https://www.techtarget.com/searchsecurity/tip/IT-security-frameworks-and-standards-Choosing-the-right-one">cybersecurity requirements</a>. The centralized management console should be easy to use and designed to reduce the administrative load. Additionally, the tool should support all the devices and OSes in use throughout the organization.</p> <p>Once an IT leader has narrowed down the list of devices by examining these criteria, they can sign up for product demos or free trials to better determine which product is the best fit for their organization's unique needs.</p> <p><b>Editor's note:</b><i> This article was updated in January 2026 to reflect technology changes and to improve the reader experience.</i></p> <p><i>Brien Posey is a 15-time Microsoft MVP with two decades of IT experience. He has served as a lead network engineer for the U.S. Department of Defense and as a network administrator for some of the largest insurance companies in America.</i></p> </section> UEM software is vital for helping IT manage every type of endpoint an organization uses. Explore some of the top vendors and how their features compare. https://cdn.ttgtmedia.com/rms/onlineimages/strategy_a268589527.jpg https://www.techtarget.com/searchenterprisedesktop/tip/Top-unified-endpoint-management-software-vendors Thu, 29 Jan 2026 15:30:00 GMT Top 6 unified endpoint management software vendors in 2026 <p><b>Executive summary:</b> End-user computing has become a material driver of business risk and operational resilience. Decisions once treated as tactical -- endpoint management, access control and desktop platforms -- now have long-term security, cost and governance implications. As disruption accelerates across infrastructure, identity and workforce models, EUC leaders must align technology choices with a more resilient, risk-aware operating model heading into 2026.</p> <p>End-user computing (EUC) is entering a transformative phase, shaped by rapid advances in AI, identity-centric architectures and the aftershocks of major platform shifts such as the VMware acquisition.</p> <p>As organizations move beyond Windows 10 end of support and adapt to Windows 11, the EUC landscape is fragmenting into specialized tracks. These tracks demand tailored strategies for knowledge workers, frontline teams and regulated environments. Meanwhile, identity governance, observability and app modernization are moving from best practice to baseline requirements. For CIOs and EUC leaders, the year ahead is less about incremental upgrades and more about making foundational decisions that will define operational resilience, security posture and UX for years to come.</p> <p>Technology leaders should know these four key EUC trends for 2026, why they matter and how to adapt their strategies to drive future-ready outcomes.</p> <section class="section main-article-chapter" data-menu-title="1. AI-driven EUC operations become the default"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. AI-driven EUC operations become the default</h2> <p>In 2026, AI copilots, agentic workflows, digital employee experience (DEX) analytics and automated remediation will fundamentally reshape EUC. The most significant shift is from reactive troubleshooting to predictive operations that anticipate and resolve problems before they affect users.</p> <p>AI copilots now serve as embedded assistants for both end users and IT teams, providing real-time guidance and automating routine tasks. <a href="https://www.techtarget.com/searchenterpriseai/tip/A-technical-guide-to-agentic-AI-workflows">Agentic workflows</a> are reducing manual intervention and streamlining support processes.</p> <p>Advanced DEX analytics platforms continuously monitor endpoint health, user sentiment and app performance. When they detect anomalies, automated remediation tools can resolve issues instantly or escalate only the most complex cases to human engineers.</p> <p>The transition to predictive operations means fewer break/fix incidents and a more resilient EUC environment. AI models use historical and real-time data to forecast device failures, app crashes or performance bottlenecks.</p> <p>This shift can provide benefits in the following areas:</p> <ul type="disc" class="default-list"> <li><b>Support volume.</b> Automated remediation and predictive analytics can reduce ticket volumes, freeing IT resources for higher-value work.</li> <li><b>Operational costs.</b> Fewer escalations and faster resolution translate to significant cost savings, especially for organizations with large, distributed workforces.</li> <li><b>DEX/UX.<i> </i></b>Proactive support and self-healing endpoints drive higher user satisfaction, lower downtime and improved productivity.</li> </ul> <p>IT teams will also need to reevaluate how they manage security and access. Traditional role-based access control is static and often grants persistent administrative rights, increasing risk. In contrast, AI-driven agent orchestration <a href="https://www.techtarget.com/searchsecurity/tip/Benefits-and-challenges-of-zero-standing-privileges">enforces zero standing privileges</a> (ZSP) and just-in-time (JIT) credential access. Privileges are granted dynamically, only for the duration and scope necessary for the remediation task. Then, they're revoked. This substantially reduces the attack surface and aligns EUC operations with modern security frameworks.</p> <h3>Decision points for EUC leaders</h3> <ul type="disc" class="default-list"> <li>Evaluate AI and automation capabilities in the organization's current EUC tool set.</li> <li>Prioritize platforms that offer integrated DEX analytics and automated remediation.</li> <li>Plan for operational change management and retrain support teams for AI-augmented workflows.</li> <li>Update security policies to use ZSP and JIT access models.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="2. Identity-first EUC with Microsoft Entra as the control plane"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Identity-first EUC with Microsoft Entra as the control plane</h2> <p>As organizations diversify their device portfolios and embrace hybrid work, identity has emerged as the primary architecture layer for EUC. Rather than anchoring security and access around devices or OSes, EUC leaders are shifting to <a href="https://www.techtarget.com/searchsecurity/feature/identity-new-perimeter-enterprise-security">identity-centric models</a> that unify access, governance and compliance across all endpoints and platforms.</p> <p>The proliferation of cloud apps, remote work and BYOD has made traditional perimeter-based security and OS-specific controls insufficient. Identity provides a consistent, scalable way to manage who gets access to what, regardless of device type, location or platform.</p> <p>Microsoft Entra has become the de facto control plane for identity-driven EUC, extending far beyond basic authentication. Capabilities include the following:</p> <ul type="disc" class="default-list"> <li><b>Conditional access.</b> Dynamic, <a href="https://www.techtarget.com/searchwindowsserver/tip/Test-conditional-access-with-Microsoft-Entra-ID-What-If-tool">context-aware policies</a> that grant or block access based on user risk, device health, location and session context.</li> <li><b>Device trust.</b> Integration with device management tools to ensure only compliant, trusted devices can access sensitive resources, regardless of OS.</li> <li><b>Compliance evaluation.</b> Continuous assessment of device posture, app usage and user behavior against organizational policies and regulatory requirements.</li> <li><b>Access governance.</b> Centralized management of permissions, entitlements and lifecycle events across Windows 11, Android Enterprise, ChromeOS Flex, macOS and VDI/DaaS environments.</li> </ul> <p>Entra's architecture is built for zero trust. Identity-based controls ensure that every access request is authenticated, authorized and continuously evaluated. This minimizes lateral movement and reduces the blast radius of potential breaches.</p> <p><iframe title="Identity-based vs. OS-specific EUC controls" aria-label="Table" id="datawrapper-chart-4FsLP" src="https://datawrapper.dwcdn.net/4FsLP/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="754" data-external="1"></iframe></p> <p> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </p> <p>AI agents also present a new layer of risk. As organizations deploy AI copilots and automated workflows, these agents gain access to sensitive data, systems and decision-making authority. However, traditional identity and access management systems were designed for human users, not autonomous software agents.</p> <p>This creates the following issues:</p> <ul type="disc" class="default-list"> <li><b>AI sprawl.</b> The proliferation of AI agents can lead to <a href="https://www.techtarget.com/searchsecurity/tip/What-is-identity-sprawl-and-how-can-it-be-managed">identity sprawl</a>, where each agent requires its own credentials, permissions and governance, thereby multiplying the attack surface.</li> <li><b>Rogue AI threats.</b> Malicious or poorly governed AI agents can act as insider threats, exfiltrating data or making unauthorized changes at machine speed.</li> <li><b>Governance gaps.</b> Without comprehensive identity governance for non-human actors, organizations risk losing visibility and control over what AI agents can access and do.</li> </ul> <p>To protect against these threats, extend identity governance frameworks to cover both human and AI/automation identities. Enforce least privilege principles and ZSP for all agents, using JIT access and continuous monitoring. IT teams should audit and review AI agent activity as rigorously as they would for privileged end users.</p> <h3>Decision points for EUC leaders</h3> <ul type="disc" class="default-list"> <li>Center EUC architecture around identity, not device or OS.</li> <li>Use Microsoft Entra for unified conditional access, device trust and compliance management.</li> <li>Align access policies with zero-trust principles such as continuous verification, least privilege and adaptive controls.</li> <li>Extend identity governance and monitoring to all AI and automation agents, not just humans.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="3. Post-VMware EUC replatforming"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Post-VMware EUC replatforming</h2> <p>Broadcom's acquisition of VMware has triggered a seismic shift in the EUC landscape. Once a stable pillar for VDI and unified endpoint management, VMware's EUC portfolio -- particularly Horizon and Workspace One -- now faces major strategic and financial headwinds.</p> <p>Organizations are reevaluating VMware EUC -- <a href="https://www.techtarget.com/searchvirtualdesktop/opinion/Who-owns-Omnissa-and-whats-next-for-this-vendor">now named Omnissa</a> -- for the following reasons:</p> <ul type="disc" class="default-list"> <li><b>Licensing model upheaval.</b> Under Omnissa, licensing costs for Horizon and Workspace One have increased significantly. Organizations accustomed to predictable Capex now face volatile, usage-based Opex. This makes budgeting and cost control more complex.</li> <li><b>Reduced flexibility.</b> Many customers <a target="_blank" href="https://arstechnica.com/information-technology/2024/10/a-year-after-broadcoms-vmware-buy-customers-eye-exit-strategies/" rel="noopener">report</a> less favorable contract terms, limited support tiers and fewer customization options.</li> <li><b>Strategic uncertainty.</b> The rebranding process has created uncertainty about long-term support and investment.</li> </ul> <p>As the company recalibrates, displaced customers might consider other cloud-based competitors, including Citrix, Azure Virtual Desktop, Amazon WorkSpaces and niche VDI/DaaS providers.</p> <p>The move to hybrid environments requires platforms that can manage and secure endpoints across multiple domains. IT leaders should look at their existing infrastructure to assess the current state and compare Omnissa pricing to alternative platforms. Be sure to factor hidden migration costs into this comparison. Calculate business continuity, compliance and support risks of staying versus leaving. Shortlist competitive tools based on feature fit, ecosystem compatibility, scalability and future roadmaps.</p> <p>Plan for 2026 migration and execution in the following areas:</p> <ul type="disc" class="default-list"> <li><b>Profile moves.</b> Plan and execute user profile migrations to new platforms.</li> <li><b>App packaging.</b> Repackage and validate applications for the target VDI or DaaS environment. Consider platform compatibility for legacy apps.</li> <li><b>VDI image rebuilds.</b> Develop, test and deploy new desktop images to ensure security and performance.</li> <li><b>Support retraining.</b> Upskill IT and support teams for new tools and workflows.</li> <li><b>Compliance resets.</b> Revalidate compliance posture and update audit processes for the new environment.</li> <li><b>Integration considerations.</b> Ensure seamless integration with backup tools, automation workflows and networking models to avoid operational blind spots.</li> </ul> <p>Resolving the post-VMware EUC challenge is a complex, multi-year journey. Quick lifts might be possible for non-critical workloads. Large-scale migrations demand careful planning, phased execution and ongoing optimization.</p> <h3>Decision points for EUC leaders</h3> <ul type="disc" class="default-list"> <li>Treat 2025 as the strategic evaluation year. Don't rush, but don't delay foundational analysis.</li> <li>Allocate resources for a 2026 migration/execution phase, including budget for hidden costs and retraining.</li> <li>Build a migration playbook that addresses technical, operational and compliance requirements.</li> <li>Engage stakeholders early -- especially security, compliance and end-user support teams.</li> <li>Prioritize platforms with strong integration ecosystems for backup, automation and networking.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="4. Windows 11 hardening after Windows 10 end of support"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Windows 11 hardening after Windows 10 end of support</h2> <p>Windows 10 devices <a href="https://www.techtarget.com/searchenterprisedesktop/tip/When-is-Windows-10-end-of-life-How-to-extend-support">stopped receiving support</a> and, therefore, security updates after October 2025. These devices expose organizations to escalating risk from unpatched vulnerabilities. Attackers are quick to target unsupported OS versions. Organizations must migrate to Windows 11 endpoints and harden them to maintain compliance and reduce exposure.</p> <p>Key security measures for Windows 11 include the following:</p> <ul type="disc" class="default-list"> <li><b>Baselining.</b> Establish and enforce a secure configuration baseline. Use tools like Microsoft Security Baselines to ensure consistency and compliance across all Windows 11 devices.</li> <li><b>Secure Boot.</b> Enable Secure Boot to prevent unauthorized code from running during the boot process.</li> <li><b>Virtualization-based security.</b> Use virtualization-based security and hypervisor-protected code integrity to isolate critical processes and defend against advanced malware.</li> <li><b>Passwordless adoption.</b> <a href="https://www.techtarget.com/searchsecurity/post/Migrate-to-passwordless-to-enhance-security-and-UX">Transition to passwordless authentication</a> to reduce credential theft risk.</li> <li><b>Memory integrity.</b> Activate memory integrity features to prevent attackers from injecting malicious code into high-security processes.</li> <li><b>App compatibility validation.</b> Carefully test and validate app compatibility to avoid disruptions and support UX.</li> <li><b>Conditional access alignment.</b> Integrate device compliance with identity-driven conditional access policies for a unified zero-trust approach.</li> </ul> <p>OS hardening often increases short-term support volume as users adapt to new security controls, authentication methods and device policies. Proactive communication and user training are essential to minimize friction. Security improvements, such as passwordless logins and memory integrity, can enhance UX, but only if change management is prioritized.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Device segmentation planning is another important part of the OS hardening process. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Additionally, IT should ensure governance and drift control are in place. Automated configuration management and continuous compliance monitoring are necessary to prevent drift from secure baselines and maintain regulatory alignment.</p> <p>Device segmentation planning is another important part of the OS hardening process. A one-size-fits-all approach is no longer viable. Segmenting devices by user role, risk profile and behavioral patterns enables targeted security controls and operational policies. For frontline workers, prioritize simplicity, <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Setting-up-Windows-10-kiosk-mode-with-4-different-methods">kiosk modes</a> and strong device lockdown. Regulated or specialized environments, on the other hand, demand thorough hardening, audit trails and strict enforcement of compliance.</p> <h3>Decision points for EUC leaders</h3> <ul type="disc" class="default-list"> <li>Treat Windows 11 hardening as a continuous process, not a one-time project.</li> <li>Invest in automation for baseline enforcement, drift detection and compliance reporting.</li> <li>Align OS security with identity and conditional access for a unified zero-trust model.</li> <li>Segment device management and policy enforcement by user role and behavioral risk.</li> <li>Plan for increased support needs during transition, with clear user training and communication.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Conclusion"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion</h2> <p>As end-user computing enters a period of accelerated change, CIOs and EUC leaders must move decisively to future-proof their environments. Cybersecurity is not only a technical expense, but a financial and legal liability. <a href="https://www.techtarget.com/searcherp/feature/5-supply-chain-cybersecurity-risks-and-best-practices">Compromised supply chains</a> are an immediate risk, and the executive mindset must shift to recognize and address governance blind spots.</p> <p>"In a landscape of total disruption, security is the ability to fail gracefully. Move from bloated defense to a minimum viable operational model," said Andy de Clerck, director of IT consultancy firm Blue Nebula. "Protect your core 20% with sovereign control and automated recovery, or risk losing everything."</p> <p>Organizations' focus should be on resilience in the coming year.</p> <p>"In 2026, total protection is a myth. Resilience is the reality," de Clerck said.</p> <p>The goal is to rationalize the tool landscape into a leaner, better-integrated stack, centered around the secure agentic control plane. By adapting to change early, EUC leaders can position their organizations to navigate disruption, control risk and deliver a secure, seamless digital experience in 2026 and beyond.</p> <p><i>Helen Searle-Jones holds a group head of IT position in the manufacturing sector. She draws on 30 years of experience in enterprise and end-user computing, utilizing cloud and on-premise technologies to enhance IT performance.</i></p> </section> AI, identity-first security, Windows 10 end of support and VMware's rebranding as Omnissa are reshaping EUC as CIOs make critical decisions for 2026 and beyond. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g164210754.jpg https://www.techtarget.com/searchenterprisedesktop/feature/End-user-computing-trends-to-watch Thu, 22 Jan 2026 12:24:00 GMT 4 end-user computing trends to watch in 2026 <p>Enterprise access decisions are starting earlier than many organizations expect. Not because of a new security framework or architectural shift, but because of the everyday workflows people use to start work.</p> <p>This shows up most clearly at the points where users first enter enterprise systems. Browsers, mobile applications and hiring processes now act as common entry paths, and each one introduces access decisions before governance and ownership are fully settled. When those early decisions are not well understood or clearly owned, risk has a way of showing up later.</p> <section class="section main-article-chapter" data-menu-title="Browser-based entry is becoming routine"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Browser-based entry is becoming routine</h2> <p>Browser-based workflows now act as a <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/How-AI-and-the-browser-will-change-end-user-IT-in-2026">primary access point for many enterprise systems</a>. Identity checks, session controls and policy decisions often occur as soon as a browser session begins, especially as AI-driven tools and browser-based productivity environments become more central to end-user IT.</p> <p>As the browser takes on a larger role in daily operations, teams are increasingly treating it as a managed environment rather than just another application. That shift is shaping how organizations think about browser management, AI agents and security boundaries inside everyday workflows.</p> <p>QR-driven access makes this especially visible. These workflows are designed to be fast and intuitive, which is why they are common in onboarding, shared environments and temporary setups. At the same time, <a href="https://www.techtarget.com/searchmobilecomputing/tip/Understanding-QR-code-security-issues-for-enterprise-devices">QR codes can obscure destination details</a> and remove many of the cues users rely on to assess trust.<a></a></p> <p>The access decision happens immediately. Ownership questions tend to follow later.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Access arrives first. Alignment tends to follow later. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="Mobile access follows the same pattern"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Mobile access follows the same pattern</h2> <p>Mobile applications introduce similar timing challenges. Phones and tablets are no longer secondary endpoints. They function as direct gateways to enterprise email, collaboration tools and business applications.</p> <p>As mobile apps become routine access paths, they increasingly serve as <a href="https://www.techtarget.com/searchmobilecomputing/tip/Preventing-attacks-on-mobile-applications-in-the-enterprise">front doors into core systems</a> rather than isolated endpoints. That reality pulls authentication, authorization and governance decisions forward into architecture and platform planning, as a single compromised app can quickly create broader enterprise exposure.</p> <p>This mirrors what is happening in browser-based workflows. Access is being decided closer to where work actually happens.</p> </section> <section class="section main-article-chapter" data-menu-title="Hiring workflows add another early access path"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hiring workflows add another early access path</h2> <p>Hiring processes introduce another early access vector. Automated workflows often create identities and system access before employment decisions are finalized. That efficiency is valuable, but it also creates additional exposure.</p> <p>When <a href="https://www.techtarget.com/searchhrsoftware/tip/How-HR-leaders-can-spot-and-stop-fake-job-applicants">AI-generated or synthetic identities enter the hiring pipeline</a>, what initially looks like a recruiting issue can quickly become an access and governance problem. Addressing it typically requires coordination across HR, IT and security teams earlier than many organizations expect, especially as fraudulent applicants look for ways to exploit internal systems.</p> <p>Here again, access arrives first. Alignment follows later.</p> </section> <section class="section main-article-chapter" data-menu-title="What this points to"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What this points to</h2> <p>Taken together, these entry points highlight the same pattern. Access decisions are being embedded at the front of enterprise workflows, where speed matters and governance is easiest to defer.</p> <p>Individually, each case feels manageable. Combined, they help explain why access ownership feels harder to pin down than it used to. Decisions are happening earlier, in more places, and often without a single clear owner.</p> <p>For organizations tracking identity, risk and enterprise architecture, these front-door access paths deserve close attention. They show where control is shifting -- and why responding after the fact is becoming harder.</p> <p><i>James Alan Miller is a veteran technology editor and writer who leads Informa TechTarget's Enterprise Software group. He oversees coverage of ERP & Supply Chain, HR Software, Customer Experience, Communications & Collaboration and End-User Computing topics.</i></p> </section> As work consolidates in browsers and quick-entry paths, access decisions are shifting to the front door of enterprise systems, often without clear ownership or centralized control. https://cdn.ttgtmedia.com/rms/onlineimages/security_g1185245180.jpg https://www.techtarget.com/searchenterprisedesktop/feature/How-enterprise-access-decisions-are-starting-to-show-up-earlier Fri, 16 Jan 2026 09:00:00 GMT How enterprise access decisions are starting to show up earlier <p>Linux is poised for growth as an enterprise workstation option in 2026. With the end of Windows 10 and the continued development of modern, user-friendly desktop environments, the OS is increasingly viable for this use case. It is suitable for both desktop and laptop hardware platforms.</p> <p>Its global desktop <a target="_blank" href="https://gs.statcounter.com/os-market-share/desktop/worldwide/" rel="noopener">market share</a> was roughly 4% in 2025, reflecting a modest rise over time. Some tech environments see higher Linux desktop deployment rates, driven by DevOps integration, app development and cloud administration requirements. In 2023, it <a target="_blank" href="https://www.statista.com/statistics/869211/worldwide-software-development-operating-system/" rel="noopener">represented</a> 43% of PC operating systems used for software development worldwide.</p> <p>To understand why Linux could rise in popularity as a desktop OS in 2026, IT leaders should understand how Linux desktop systems address enterprise concerns around privacy and sustainability. They should also understand the importance of SaaS and cloud app deployments in driving Linux migrations for enterprise desktop systems.</p> <section class="section main-article-chapter" data-menu-title="Factors driving Linux adoption in 2026"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Factors driving Linux adoption in 2026</h2> <p>In 2026, the Linux ecosystem reaches a crossroads where ease of use, app availability, cost and technical support intersect to offer a practical alternative to traditional desktop platforms. This makes it a credible option for organizations evaluating their desktop strategies.</p> <p>The following factors contribute to Linux's viability in today's enterprise desktop market:</p> <ul type="disc" class="default-list"> <li>The end of Windows 10, as well as <a href="https://www.techtarget.com/searchenterprisedesktop/tip/The-Windows-11-system-requirements-and-what-they-indicate">Windows 11's restrictive hardware requirements</a> and associated upgrade costs.</li> <li>Sustained growth of Linux adoption across server, cloud and developer-focused environments.</li> <li>Increasing availability of Linux-first hardware. This improves desktop performance, support and compatibility for organizations deploying Linux systems.</li> <li>Improved and quicker security updates for organizations compared to other platforms.</li> <li>Free, easy licensing under the GPL. Licensing includes optional paid technical support plans that provide enterprise Linux workstation deployments with a lower total cost of ownership.</li> <li>Easier scalability without restrictive licensing, enabling organizations to adapt quickly to end-user deployments.</li> <li>Widespread adoption of Linux for containerization and VM platforms. This makes it an apt choice for developers, DevOps engineers, cloud administrators and IT support staff.</li> <li>Widespread adoption of Linux <a href="https://www.techtarget.com/searchdatacenter/feature/Infrastructure-for-machine-learning-AI-requirements-examples">for AI and machine learning platforms</a>, including training, inference and large-scale deployment.</li> </ul> <p>These factors make Linux desktops a more feasible option today. However, being feasible doesn't necessarily mean it's worth the cost and effort associated with migration. What makes Linux appealing to businesses now is that it offers enhanced privacy, sustainability and OS-agnostic desktops through SaaS.</p> <h3>Enhanced privacy</h3> <p>User and IT frustration with privacy and telemetry in other OSes leads many teams to consider Linux.</p> <p>Linux's advantages for privacy-aware environments include the following:</p> <ul type="disc" class="default-list"> <li>Support for user autonomy over privacy and identity settings.</li> <li>Transparent visibility into any data collection or telemetry capabilities.</li> <li>Easier control over data localization and <a href="https://www.techtarget.com/searchsecurity/tip/Data-sovereignty-compliance-challenges-and-best-practices">data sovereignty</a>.</li> <li>Reduced risk of adware and bloatware.</li> </ul> <h3>Simplified sustainability</h3> <p>Sustainable IT practices are a growing priority for enterprise organizations. Linux aligns with these initiatives through its hardware requirements and configurability.</p> <p>Linux's sustainability benefits include the following:</p> <ul type="disc" class="default-list"> <li><a href="https://www.techtarget.com/searchDataCenter/tip/Linux-kernel-patch-reduces-data-center-energy-use">Increased energy efficiency with Linux kernel 6.13</a>, delivering significant results, even with desktop deployments.</li> <li>Decreased and customizable hardware requirements, independent of vendor-imposed restrictions. This enables organizations to define the hardware lifecycle with practical and environment-specific end-of-life dates.</li> <li>Increased hardware flexibility, with repairability, compatibility and customization available across a wide range of devices. This avoids limitations such as forced hardware upgrades, restricted driver support or vendor-tied licensing.</li> <li>Support for <a href="https://www.techtarget.com/sustainability/feature/Top-ESG-reporting-frameworks-explained-and-compared">environmental, social and governance mandates</a> that set compliance requirements for organizations.</li> </ul> <h3>SaaS-enabled OS independence</h3> <p>Many organizations have concerns about software compatibility and daily-use productivity platforms when deploying Linux workstations. The OS-agnostic nature of SaaS apps helps address these concerns. SaaS provides common workplace tools -- including word processors, presentation software and spreadsheet apps -- regardless of the end user's OS of choice. It often also reduces hardware requirements on user workstations, extending the hardware lifecycle.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/pLsdKM57CP8?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>Other benefits of SaaS include the following:</p> <ul type="disc" class="default-list"> <li>Reduced app deployment costs.</li> <li>Immediate software availability for new clients.</li> <li>Reduced operational complexity.</li> <li>Improved app updates and patches.</li> <li>Simpler hardware, OS and <a href="https://www.techtarget.com/searchcloudcomputing/tip/Understanding-SaaS-migration-benefits-and-best-practices">app migrations</a>.</li> <li>Reduced app infrastructure management effort and costs.</li> </ul> <p>Linux has long held popularity as a developer platform, a trend that continues amid today's cloud-first and DevOps-oriented initiatives. The improved app and SaaS options make Linux accessible for non-technical users.</p> </section> <section class="section main-article-chapter" data-menu-title="Challenges for Linux desktops in 2026"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Challenges for Linux desktops in 2026</h2> <p>A move to Linux desktops for mainstream enterprise users is more feasible than ever in 2026. Hardware and app compatibility issues are far less common today than they were years ago, when Linux was less prevalent. Still, a successful deployment requires careful planning.</p> <p>IT leaders must address the following challenges before deploying Linux desktops:</p> <ul type="disc" class="default-list"> <li><b>Hardware compatibility.</b> Repurposing existing hardware can present compatibility challenges. However, Linux offers compatibility with most standard devices.</li> <li><b>App compatibility.</b> SaaS and Linux-specific software can only carry an organization so far. Custom line-of-business apps and OS-specific programs might not run on Linux.</li> <li><b>Technical support.</b> Enterprise organizations need efficient technical support from their OS vendor. IT decision-makers must shop around for a distribution that provides the necessary level of support.</li> <li><b>Staff training.</b> In-house help desk and desktop support teams must resolve Linux issues quickly and effectively for users. This requires <a href="https://www.techtarget.com/searchdatacenter/tip/Top-5-options-for-Linux-certifications">training and experience</a>.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Planning a Linux migration in 2026"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Planning a Linux migration in 2026</h2> <p>The End-of-10 initiative and other Windows-to-Linux migration guides have prompted comprehensive migration frameworks. The primary migration steps include the following:</p> <ol type="1" start="1" class="default-list"> <li><b>Preliminary migration assessment.</b> Evaluate existing apps, hardware, drivers and critical workloads.</li> <li><b>Planning.</b> Select a distribution, select hardware, prepare deployment methods and verify hardware compatibility. Planning user support also occurs at this stage.</li> <li><b>Migration.</b> Deploy the OS and <a href="https://www.techtarget.com/searchunifiedcommunications/tip/Install-Zoom-on-Linux-Best-practices-and-troubleshooting-tips">supporting business applications</a>.</li> <li><b>Post-migration validation.</b> Confirm data transfers, app functionality and user support.</li> </ol> <p>Additionally, IT must ensure the migration satisfies the organization's standard <a href="https://www.techtarget.com/searchcio/definition/change-management">change management</a> framework.</p> <h3>Linux hardware for the enterprise</h3> <p>Many hardware vendors offer desktop and laptop systems that are either certified for Linux use or provide strong support for one or more distributions. Major Linux vendors often have certification data <a target="_blank" href="https://ubuntu.com/certified/laptops" rel="noopener">available</a> to help organizations choose the best hardware platform for a given distribution.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Linux typically consumes far fewer resources than more bloated OSes. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Common options to consider include the Dell Latitude Series and Lenovo ThinkPad Series, as well as laptops from Framework and System76.</p> <p>Sustainability measures can also factor into hardware provisioning. Repurposing existing hardware is also a viable option for many organizations, especially those that need to migrate from platforms that aren't Windows 11-compatible. Linux typically consumes far fewer resources than more bloated OSes. While 64-bit processors are certainly preferred, plenty of Linux distributions offer 32-bit versions. Mac hardware also offers broad Linux compatibility.</p> <h3>Linux distributions for the enterprise</h3> <p>Thousands of Linux distributions exist, but some stand out as suitable choices for enterprise workstations. When <a href="https://www.techtarget.com/searchDataCenter/tutorial/A-guide-to-switch-from-Windows-to-Linux">migrating to Linux</a> for end users, decision-makers should consider the following distributions:</p> <ul type="disc" class="default-list"> <li><b>Fedora Workstation.</b> Closely related to Red Hat Enterprise Linux (<a href="https://www.techtarget.com/searchdatacenter/definition/Red-Hat-Enterprise-Linux-RHEL">RHEL</a>), this is a good fit for environments where RHEL is already the preferred server platform.</li> <li><b>Linux Mint.</b> This option is optimized for ease of use, making it well-suited to enterprise end users who need an interface that resembles Windows. It offers software support through Canonical's app repositories.</li> <li><b>SUSE Linux Enterprise Desktop.</b> In addition to strong security and maintenance capabilities, this option provides a comprehensive suite of productivity apps. Organizations should also consider openSUSE Leap for enterprise workstations.</li> <li><b>Ubuntu Desktop.</b> This is a transparent, community-driven and accessible distribution with extensive support.</li> </ul> <p>Expect 2026 to be a turning point for Linux desktop deployments in enterprise environments. Linux aligns well with many of today's top IT issues, including Windows 10's retirement, sustainability, data sovereignty, privacy and the continued growth of OS-agnostic SaaS and cloud-based apps.</p> <p><i>Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.</i></p> </section> Linux desktops are increasingly viable for enterprise use cases in 2026, offering privacy, sustainability and SaaS-ready workflows amid Windows 10's retirement. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1183318665.jpg https://www.techtarget.com/searchenterprisedesktop/feature/Why-2026-might-bring-more-Linux-desktops-to-the-enterprise Thu, 15 Jan 2026 14:59:00 GMT Why 2026 might bring more Linux desktops to the enterprise <p>Vendors like Dell, HP and Lenovo spend all year planning releases around CES 2026, and while I'm not at the event -- it's huge and mostly consumer-oriented -- I do have my eyes on what's going on with enterprise PCs, laptops and peripherals. With that in mind, I thought I'd round up a few of the announcements that stuck out to me.</p> <section class="section main-article-chapter" data-menu-title="Dell"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Dell</h2> <p>Last summer, Dell's COO and vice chairman, Jeff Clarke, <a target="_blank" href="https://www.bloomberg.com/news/articles/2025-07-22/dell-operating-chief-takes-over-pc-unit-in-face-of-slow-demand" rel="noopener">took over</a> the Client Solutions Group, in large part to rebuild the struggling consumer business. This has caused acceleration among internal product teams, and several roadmap items that were planned for future dates were pulled into the 2026 release window. Given its renewed focus on the consumer market, and the fact that this is the first CES since the leadership change, this is undoubtedly a big deal for Dell.</p> <p>In a nutshell, the announcements are related to Alienware (not something that moves the needle in enterprise, but should be interesting to the gaming community), UltraSharp monitors and, perhaps most importantly, the return of the XPS line.</p> <p>You might recall that last year's CES saw Dell introduce its new naming scheme that hoped to simplify the word salad that all the Dell brands had become. Vostro, Inspiron, Latitude, XPS, Optiplex, etc. all gave way to Dell, Dell Pro, Dell Premium, etc. While this made sense in some respects (Just what is a "Vostro," anyway?), the XPS enthusiasts lost their collective minds that Dell would scuttle such a beloved brand. As a result, Dell brought back XPS, doubling down on the devices, the look and feel and the capabilities.</p> <p>With respect to the monitors, CES brings the introduction of a 52-inch monitor capable of 6K resolution with features that reduce blue light, as well as a 32-inch <a href="https://www.techtarget.com/searchcio/tip/The-6-different-types-of-quantum-computing-technology">quantum dot</a> OLED (QD-OLED) display that prioritizes color accuracy. The 52-inch displays are aimed at delivering a lot of screen real estate without a multi-monitor setup, while the QD-OLED displays are targeted at creative users.</p> </section> <section class="section main-article-chapter" data-menu-title="HP"> <h2 class="section-title"><i class="icon" data-icon="1"></i>HP</h2> <p>HP made announcements across both products and services. Its Workforce Experience Platform (WXP) is a digital employee experience tool that offers visibility into all the devices that can be considered part of the workspace -- PCs, laptops, Macs, printers, meeting rooms, etc. -- <a href="https://www.techtarget.com/searchitoperations/tip/How-DEX-metrics-help-build-a-better-digital-workplace">alerting IT to issues</a> and minimizing response time and downtime.</p> <p>HP has expanded WXP to include Out-of-Band Remote Connect, which uses Intel vPro capabilities to provide remote Kernel-based VM support at the BIOS level, which works even if the OS won't boot. (Seriously, if you have vPro devices, this is a very cool feature that you can take advantage of, even without WXP.)</p> <p>WXP will also feature printer support (even for non-HP printers), meeting space insights, and custom alerts.</p> <p>On the device side, HP announced a unique device called the HP EliteBoard G1a, which doesn't really fit the desktop or laptop form factors. It's a keyboard with a built-in computer. Plug it into any monitor, and you've got a 50-trillion-operations-per-second AI PC -- CoPilot+ PC, if you're keeping track of that -- running on the AMD Ryzen AI 300 Series processor. It even has a battery so you can move from one display to another. It's like a Commodore 64's super cool grandchild.</p> <p> </p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/Myg4EP3AU0E?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>I'm honestly not sure what to think about this. I've panned devices that plug into the back of monitors before, and in some way, this seems no different. Then again, why have another box on a desk if all you need is the keyboard and mouse? Will this catch on? Time will tell, but it's an interesting form factor that seems worth a look.</p> <p>HP also announced a new 31.5-inch 4K monitor that features "Neo:LED pixels," which doesn't mean a lot to me, but is allegedly a new technology developed by LG. I'm sure they pair well with the EliteBoard G1a, though!</p> </section> <section class="section main-article-chapter" data-menu-title="Lenovo"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lenovo</h2> <p>Lenovo, as you might expect, made <a target="_blank" href="https://news.lenovo.com/pressroom/press-releases/lenovo-at-ces-2026-smarter-ai-for-more-intuitive-and-connected-pc-experiences/" rel="noopener">many announcements</a> around CES, and, honestly, it's kind of hard to keep them all straight. A few devices stood out, though.</p> <p>The Yoga Pro 9i Aura is available in 16-inch and 11-inch versions. From an enterprise perspective, these are seen as the "cool" device compared to the more corporate-feeling ThinkPad line. There's also a new companion monitor in the Yoga Pro line that's specifically made to share the same color space between the external display and the one in the laptop. It's the first time I've seen this approach. And at only 27", I'll be curious to see if this catches on beyond creative personas that care about color matching.</p> <p>The other notable device features a different unique form factor: a cylinder. Resembling something like a large aluminum hockey puck, the Yoga Mini I crams a speaker, microphone, touch sensor, accelerometer and an Intel Core Ultra X7 processor into a relatively small package aimed for portability. As with HP, the need for a portable device without a display is unknown. Unlike the HP device, the Yoga Mini I lacks a battery, so its portability is only as good as its user's patience for powering it on and off.</p> </section> <section class="section main-article-chapter" data-menu-title="Conclusion"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion</h2> <p>CES is mostly about speeds and feeds, so hopefully this was a helpful rundown of what's there without getting into the weeds. I'm anxious to hear how Dell's investments in the consumer market pay off, how HP fares with both WXP and their new form factor device and what else Lenovo might be doing that I missed.</p> <p><i>Gabe Knuth is the principal analyst covering end-user computing for Omdia.<br><br>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</i></p> </section> At CES 2026, the annual consumer electronics show, Dell, HP and Lenovo unveiled announcements in enterprise PCs, creative monitors and new device form factors. https://cdn.ttgtmedia.com/rms/onlineimages/iot_g1226985345.jpg https://www.techtarget.com/searchenterprisedesktop/opinion/New-PCs-laptops-and-unique-form-factors-at-CES-2026 Thu, 08 Jan 2026 13:26:00 GMT New PCs, laptops and unique form factors at CES 2026 <p>My job is interesting.</p> <p>Sometimes I describe myself as the "all things end-user-facing" analyst because nothing seems to accurately capture the breadth of topics that I cover in a given year. <i>Digital workspace</i> could describe it. <i>End-user computing</i> would work. Endpoint management, VDI and DaaS, endpoint security, email security, productivity apps, even communications and collaboration -- all these things fall under what I'd call a normal day's work.</p> <p>So, when brainstorming a post to look ahead to 2026, I couldn't really pinpoint any one area to focus on. The reality is that anyone who deals with end users must be a sort of generalist. End users brush up against so many areas of IT, and while we in IT have our specialties, it's rare to find someone focused on end users who doesn't have a broad background.</p> <p>Trying to predict the next 12 months in the "all things end-user" area is like trying to predict what will happen on a long, cross-country road trip. Ninety percent will be the same old stuff, but 10% is going to be wildly different -- and you don't know when or where it will happen. All you know is that it could shape the direction of the trip, and that you need to be ready when it does.</p> <p>With that in mind, here's a look at a few things that I think will fit into that 10%. Even if they don't affect you in 2026, I'm reasonably confident that they will at some point.</p> <section class="section main-article-chapter" data-menu-title="Agentic AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Agentic AI</h2> <p>Agentic AI needs no introduction, as it's already the hottest topic around. However, on the end-user side, <i>agentic</i> means something different from the bigger-picture autonomous, AI-native agents redefining back-end business processes and reshaping the nature of business. This area is interesting, but it's also rife with challenges that need to be solved before the technology is in use everywhere.</p> <p>In the end-user world, agentic AI is far more practical, and it's here right now.</p> <p>In the hands of end users, agentic AI can take a few different forms. There are computer control agents from all the frontier models. There are AI browsers that can interact directly with websites and web apps on a user's behalf. AI assistants can run scheduled tasks and autonomously make decisions based on user input. And, frankly, <a href="https://www.techtarget.com/searchcio/feature/Vibe-coding-What-IT-leaders-need-to-know">AI-based vibe coding</a> means we can create any agent we want using one of these tools.</p> <p>So, if you hear <i>agentic AI</i> and think, "That's not an end-user thing," think again. In fact, we're finally starting to see this play out among key desktop and app virtualization vendors.</p> <p>Consider the challenges that "big-picture" agentic AI poses around identity, security, visibility, etc. We've solved all of those for end-user environments. We can deploy virtual desktops to agentic AI users, knowing that the desktop environment and network are locked down, user privileges are appropriately configured and they have only the apps they need to accomplish their tasks. We can stand up VMs and shut them down at will, and they can run 24/7 using all the existing tools and processes our end users currently work with. And crucially (to borrow an AI word), we get full observability into what the agent is doing because we can literally watch the interactions.</p> <p>I have no doubt this will take off in 2026. Microsoft has already <a target="_blank" href="https://learn.microsoft.com/en-us/windows-365/agents/introduction-windows-365-for-agents" rel="noopener">released</a> a public preview of Windows 365 for Agents, and it is likely that other desktop and app virtualization vendors will do the same. There will be a learning curve, but learning the benefits, challenges and best practices for implementation will be a key area to watch in the coming months. I think it will drive many conversations, particularly at the RSAC Conference and Black Hat in 2026, around how endpoint detection and response (EDR) platforms, patch and vulnerability management platforms and the burgeoning prompt security space will react.</p> </section> <section class="section main-article-chapter" data-menu-title="Prompt security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prompt security</h2> <p>On that note, prompt security has been growing larger on my radar, and it will also undoubtedly be a huge topic at RSAC in 2026. It's certainly applicable in the agentic context, where it adds oversight and governance over users' prompts, but it can also be employed more broadly, in both end-user and big-picture agentic contexts.</p> <p>Within the larger agentic frame of reference, prompt security will add oversight to inter-agent or agent-to-model communications. This is something SentinelOne was clearly thinking about when it <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/Eye-catching-vendor-announcements-from-Black-Hat">acquired the company Prompt Security</a> at Black Hat this past year. Security at this layer can help prevent threats such as prompt injection attacks, sensitive data leakage and unauthorized workflow triggers.</p> <p>In the end-user area, prompt security comes up in both EDR and browser security contexts. In particular, browser security companies tout their ability to see and intercept the entry of personally identifiable information or confidential data into AI assistants as a form of data loss prevention. While this might be a simple regex-based detection model, it can still be helpful in end-user AI tool adoption. It can also reduce risk from unsanctioned AI use, also known as shadow AI.</p> </section> <section class="section main-article-chapter" data-menu-title="Shadow AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Shadow AI</h2> <p>In my role, I conduct a lot of research, and my favorite research project over the past few years was dubbed "AI at the Endpoint." The <a target="_blank" href="https://research.esg-global.com/reportaction/515202002/Marketing" rel="noopener">study</a> served as an early look into how end users were interacting with AI tools, the devices they deployed and what the challenges and outcomes were of using AI. The aspect that I found most exciting was that I was able to poll both end users and IT on the use of shadow AI to learn about the disconnect between the two.</p> <p>Some of the numbers were surprising. For example, 53% of end users reported using unsupported AI tools to do their job, and 45% of end users said they believe their coworkers are at least occasionally entering privileged, private or confidential data into unsanctioned tools.</p> <p>IT respondents had a different perspective. In the IT group, 55% said they actively monitor shadow AI usage, and 53% said their enforcement of AI usage policies is strict and consistent. In contrast, this number was 36% for end users.</p> <p>Perhaps most telling is the fact that just 13% of IT respondents said they trust their employees to adhere to AI policies with minimal oversight, while 30% of end users believe that IT trusts them to do so.</p> <p>There's a significant disconnect that I think will likely widen as AI usage grows and its capabilities increase. While this is a scary proposition for many organizations, the data shows that when given the right tools, end users stop using shadow AI. I've written about how draconian <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/With-shadow-AI-sometimes-the-cure-is-worse-than-the-disease">"block everything" AI policies can cause more harm than good</a>, and I look forward to researching this topic further in 2026.</p> </section> <section class="section main-article-chapter" data-menu-title="Productivity apps and collaboration"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Productivity apps and collaboration</h2> <p>It's difficult to talk about AI in the hands of end users without looking at productivity apps and collaboration. This space was once easy to carve up into different buckets -- office suites, creative suites and unified communications platforms -- but the last few years have seen an incredible amount of overlap and consolidation. This was already happening in the pre-AI era (think of the Office-like integrations in Teams, or Zoom's email and note-taking features), but AI has whipped it into a frenzy.</p> <p>Sure, Microsoft Office is still dominant, and that dominance has given it some runway to learn how to best use Copilot. Google, meanwhile, has been incredibly successful with Gemini and its integration with Google Workspace and Google Chrome. But just when the race appeared to have the same two horses as usual, we're starting to see some new entrants to the race that don't have the same pedigree. Top of mind for me is Canva.</p> <p>Already well-known to creative users and students, <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/Canva-The-business-productivity-app-flying-under-ITs-radar">Canva has been adding enterprise features</a> that threaten to upset the Microsoft/Google status quo. It's not a direct competitor at the moment, but Canva is an easy-to-use platform that seamlessly uses AI to build assets, presentations, websites and more, underpinned by a growing data set that can include business and operational data. It will be very difficult to displace existing systems, especially Excel. However, Canva makes it easy enough to interact with the data using natural language that I think the next generation of workers could want to make that their primary way of using productivity apps, not just for creative purposes.</p> <p>Add to this app integrations directly into AI assistants -- like Adobe's <a target="_blank" href="https://news.adobe.com/news/2025/12/adobe-photoshop-express-acrobat-chatgpt" rel="noopener">integration</a> into ChatGPT -- and you can see how things might be further disrupted.</p> <p>Long story short, productivity and the way end users work are poised to change significantly. There won't be a wholesale shift in 2026, but it's worth keeping your eyes open. What we see today is certainly going to shape the future.</p> </section> <section class="section main-article-chapter" data-menu-title="Autonomous IT"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Autonomous IT</h2> <p>If you're in IT operations, no doubt you've already heard about autonomous IT or some derivation of that phrase, such as <i>autonomous endpoint management</i> or <i>autonomous workspace</i>. The companies that use that language on my radar include Action1, Adaptiva, HCL BigFix, NinjaOne, Omnissa and Tanium, though I'm sure I've left a few out.</p> <p>What's interesting about autonomous IT is that it sits at the same place I do: the intersection of endpoint management and security. It can automate patch and vulnerability management, using AI to help progress along the deployment chain from when a vulnerability is discovered through deployment. How much AI is in use (and what is "automated" versus what is "autonomous") differs in execution and marketing between vendors. The end result is the same, though. They remove repetitive tasks that are getting harder in environments that feature more devices, OSes, apps and user locations.</p> <p>While most conversations about autonomous IT today revolve around patch and vulnerability management, the vision extends to service desk, user self-service and even incident response. I tend to think of autonomous IT as a direction rather than a product. To be successful, it will need to adapt to existing tools and processes, using integrations with multiple vendors and data sets. Interest is extremely high, and my sense is that 2026 will be the year we see a jump in adoption that will show us what works and what still needs work.</p> </section> <section class="section main-article-chapter" data-menu-title="Browser management and security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Browser management and security</h2> <p>The shift away from Windows apps and toward browser-based applications means that browsers have long been a critical component of enterprise IT. While the browser used to be just one app among many, it now represents the primary interface that users work from, and organizations are starting to treat it that way. As the primary app that serves as the window to so many corporate apps and so much critical data, a <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/Your-browser-is-an-AI-enabled-OS-so-secure-it-like-one">modern browser is the target of a slew of new threats</a>.</p> <p>With ties to everything we've talked about so far -- agentic AI, prompt security, shadow AI and productivity apps -- vendors across IT and cybersecurity are trying to address browser management and security. Examples include the following:</p> <ul type="disc" class="default-list"> <li>Standalone enterprise browser vendors, such as Island and Palo Alto Networks.</li> <li>Desktop and application virtualization vendors, such as Citrix, Dizzion, Omnissa and Parallels.</li> <li>Remote browser isolation vendors, such as Kasm and Menlo.</li> <li>OS and traditional browser vendors, such as Google and Microsoft.</li> <li>Secure browser extensions, such as Browsium and Seraphic.</li> <li>Zero-trust network access and network security vendors, such as Checkpoint, Netskope and Zscaler.</li> </ul> <p>Given all this activity, it's interesting to me that browser management and security typically fall within some other area of responsibility, rather than as a standalone priority or budgetary line item. In 2026, I expect browser management and security to become a top priority within enterprise IT and security operations.</p> </section> <section class="section main-article-chapter" data-menu-title="Conclusion"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion</h2> <p>What started as a light and breezy look toward 2026 turned into a rather lengthy article that I hope had something for everyone. I'm fortunate to be able to cover such a wide array of topics. I find them endlessly fascinating because even though they're not the bleeding-edge, AI frontier topics that make all the headlines, they're where the rubber meets the road in IT.</p> <p><i>Gabe Knuth is the principal analyst covering end-user computing for Omdia.<br><br>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</i></p> </section> Looking ahead to 2026, the end-user IT landscape will shift in subtle but critical ways. Here's what to expect, from prompt security to browsers, productivity and autonomous IT. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/technology-digital-ai-robot-adobe.jpeg https://www.techtarget.com/searchenterprisedesktop/opinion/How-AI-and-the-browser-will-change-end-user-IT-in-2026 Tue, 06 Jan 2026 16:17:00 GMT How AI and the browser will change end-user IT in 2026 <p>In addition to UI changes and new features, Microsoft has promised enhanced security in Windows 11. With capabilities like Secure Boot, virtualization-based security and Microsoft Defender built into the platform, many IT leaders might wonder: Do enterprise endpoints still need third-party antivirus?</p> <p>The short answer is yes, enterprise endpoints need an IT-managed antivirus tool. In the changing threat landscape, advanced security technology is essential. To manage threats, IT pros must integrate the right tools into their organizations' security strategies.</p> <p>Given that <a href="https://www.techtarget.com/searchsecurity/definition/Windows-Defender-Advanced-Threat-Protection-ATP">Microsoft Defender for Endpoint</a> is already included for most organizations, the question isn't really whether endpoints should have antivirus or not. It's whether Defender is enough to protect enterprise data.</p> <section class="section main-article-chapter" data-menu-title="How does Microsoft Defender affect Windows 11 security?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does Microsoft Defender affect Windows 11 security?</h2> <p>Microsoft's security platform has improved significantly over time. With strong integration into the complete Microsoft 365 stack, it handles firewall, antivirus and security settings for endpoints. Organizations that have Microsoft 365 with Intune and Entra ID can get quite granular in how they deploy security policies and track compliance. From this unified system, IT can also configure telemetry and enforcement points to work within a zero-trust framework.</p> <p>Microsoft Defender for Endpoint includes the following security features:</p> <ul type="disc" class="default-list"> <li>Real-time protection against malware, ransomware and phishing.</li> <li>Firewall management integrated into Intune.</li> <li>Application control and allowlisting.</li> <li>Endpoint detection and response (<a href="https://www.techtarget.com/searchsecurity/definition/endpoint-detection-and-response-EDR">EDR</a>) can be built in, depending on the organization's Microsoft subscription plan.</li> <li>Automatic updates.</li> <li>Centralized correlation of security signals across the Microsoft ecosystem.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="When do organizations need a third-party antivirus tool?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>When do organizations need a third-party antivirus tool?</h2> <p>In some scenarios, it's imperative for organizations to use a third-party antivirus tool. High-risk or highly regulated environments might require extra security controls, compliance reporting or specialized features that Defender doesn't offer.</p> <h3>Regulatory compliance</h3> <p>Sectors like defense, government, healthcare and finance often require specific security vendor certifications or reporting. These requirements might be outside of Defender's capabilities or just too difficult to manage within the platform.</p> <h3>EDR requirements</h3> <p>While Defender for Endpoint <a target="_blank" href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/endpoint-detection-response" rel="noopener">features</a> EDR, organizations still might want third-party tools that offer automated remediation or increased protection. Software like Sophos Intercept X, Huntress or CrowdStrike can provide additional protection over the built-in tool.</p> <h3>SIEM integration</h3> <p>Some organizations need to retain logs or use a security information and event management (<a href="https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM">SIEM</a>) system to store and analyze security events. An organization with these requirements might be better suited to an antivirus tool that integrates with its SIEM platform. This helps simplify management and ensure consistent monitoring.</p> <h3>Multi-OS environments</h3> <p>If an organization uses macOS, Linux, mobile or other non-Windows devices, Defender can't provide fully unified protection. Rather than using different tools for different OSes, find an antivirus platform that enables IT to manage security for all devices from a single console.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-computer_virus-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-computer_virus-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-computer_virus-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-computer_virus-f.png 1280w" alt="Chart showing the different types of viruses." data-credit="Informa TechTarget" height="374" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Organizations have to protect against several kinds of viruses on enterprise computers. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Cost considerations for third-party antivirus"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cost considerations for third-party antivirus</h2> <p>Third-party antivirus licensing can cost anywhere from $30 to over $100 per endpoint per year. For organizations that have hundreds or even thousands of endpoints, the costs can quickly add up.</p> <p>When searching for endpoint antivirus tools, organizations should consider not only the cost of the actual product but also the cost of labor for monitoring and managing it. Decision-makers must weigh that against the possible costs of not having antivirus protection as well.</p> <h3>Licensing and feature value</h3> <p>IT leaders should evaluate what they get out of the license, as well as what features they'll realistically use from it. Some organizations purchase a security stack but never actually configure it or use all its capabilities. In other words, they waste a portion of what they're paying for. Organizations must assess the <a href="https://www.techtarget.com/searchsecurity/tip/How-to-implement-security-control-rationalization">total value of a security investment</a>, factoring in usability and operational efficiency.</p> <h3>Support and management costs</h3> <p>Another key consideration is support and management costs. If the security tool demands a lot of administration time to monitor and manage it, it can become a burden on IT, and there might be unrealized soft costs.</p> <h3>Implementation and integration overhead</h3> <p>Change can be expensive. Competing timelines and priorities can often make these types of projects go over time and over budget. Expect over 20 hours of engineering time to learn and deploy a new tool. This number increases as the number of endpoints or complexity of the environment increases.</p> <p>When looking for an antivirus tool, executives should consider the effort and potential disruption alongside the security and compliance benefits.</p> <h3>Risk reduction implications</h3> <p>There are also financial benefits to consider. Third-party antivirus tools can contribute to risk reduction and lower insurance premiums.</p> <p>Certain security standards, such as <a href="https://www.techtarget.com/healthtechsecurity/feature/Breaking-Down-the-NIST-Cybersecurity-Framework-How-It-Applies-to-Healthcare">NIST CSF</a> or ISO 27001, might require dedicated EDR tools and incident response capabilities. Failing to meet these requirements can raise an organization's insurance premiums or lead to denied coverage during a security incident.</p> <p>Microsoft Defender for Endpoint provides strong baseline protection for Windows 11, but it can't meet enterprise management and security needs. Investing in third-party antivirus tools helps organizations protect data, stay compliant and reduce business risk.</p> <p><i>Jake Gardner works with regional organizations, helping them to use technology to provide practical, functional solutions. </i></p> </section> Windows 11's security framework offers solid protection but has limits. To ensure operational security, organizations must supplement built-in defenses with third-party antivirus. https://cdn.ttgtmedia.com/Editorial/2020/07/Security_lock.jpg https://www.techtarget.com/searchenterprisedesktop/answer/Do-enterprise-endpoints-need-antivirus-for-Windows-11 Wed, 24 Dec 2025 10:30:00 GMT Do enterprise endpoints need antivirus for Windows 11? <p>Unexpected disk failures aren't just technical issues. They represent business risk, downtime and unnecessary recovery costs. Depending on the type of failure, an error on a disk can indicate a condition that could cause irretrievable loss of any stored data.</p> <p><a href="https://www.techtarget.com/searchdatabackup/feature/The-7-critical-backup-strategy-best-practices-to-keep-data-safe">Backups can mitigate the fallout</a>, but restoring data can be time-consuming and expensive for organizations. Instead, an organization can reduce the risk of a disk failure by ensuring that users and IT keep an eye out for key indicators and know how to use built-in utilities such as Windows Check Disk (CHKDSK).</p> <section class="section main-article-chapter" data-menu-title="Signs of disk failure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Signs of disk failure</h2> <p>Disk failure can occur for several reasons. These can be catastrophic, such as dropping the computer and damaging the drive, or something as simple as firmware that can no longer detect the drive. Disks wear out like most physical entities, so they can also fail gradually as sectors on the disk become unreadable to the read/write mechanism. Other indications of impending disk failure include poor performance while opening or saving files, computer boot failure or errors accessing data.</p> <p>These signs are usually easily detected through errors and warnings in the <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-event-log">Windows event log</a>. Included in all versions of Windows, the event log records warnings and error events associated with the hard disk. Open the log by either searching for "event viewer" or entering <b>Eventvwr.msc</b> in the command line.</p> <p>Once opened, expand the Windows logs and click on <b>System</b> in the Event Viewer (Figure 1). This shows informational events, warnings and critical errors for all system components such as the CPU, controllers, memory, network and disk.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/figure_1_event_viewer.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/figure_1_event_viewer_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/figure_1_event_viewer_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/figure_1_event_viewer.jpg 1280w" alt="Screenshot of the Windows 10 Event Viewer pane." data-credit="Gary Olsen" height="268" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The Event Viewer logs and displays informational events, warnings and errors. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Diagnosing disk errors"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Diagnosing disk errors</h2> <p>Most OEMs include a hardware diagnostic tool, available in the BIOS or <a href="https://www.techtarget.com/whatis/definition/Unified-Extensible-Firmware-Interface-UEFI">UEFI</a>, that is useful for checking the health of the disk. These tools typically don't repair errors, though a few models include limited repair or reallocation capabilities. In any case, running these checks across all devices helps identify failing drives early and avoid service interruptions.</p> <p>The BIOS/UEFI utility functions vary by manufacturer but should be the first step to resolving disk issues. Each manufacturer has a unique way of opening the utility on boot. Pressing the F10, F2 or Escape key immediately after pressing the power button usually works. Look for a text line on the screen that indicates what to do.</p> <p>There are also Windows internal tools and third-party tools that can assist in this diagnostic warning of failure.</p> </section> <section class="section main-article-chapter" data-menu-title="What is CHKDSK?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is CHKDSK?</h2> <p>The Windows CHKDSK command-line utility is reliable for finding and addressing file system errors by scanning the disk looking for bad sectors. A disk is divided into a sort of grid with concentric tracks and sectors, and the read/write head reads data in these sectors. If the disk is physically damaged and Windows has difficulty reading it, the system logs the error or warning. CHKDSK can find those bad sectors, write the data to a new sector and mark the old one so the disk won't use it again.</p> <p>CHKDSK has been a Windows core utility since the earliest disk operating system and Windows versions, and it's gone through several changes both in operation and fundamental functionality. While it doesn't repair disk failure, it's a useful tool for identifying file system errors that could be a result of impending disk failure. This enables the user to back up the data and restore it to a new drive, preventing data loss.</p> <p>On Windows 10 and 11, Check Disk includes the following features:</p> <ul class="default-list"> <li><b>/spotfix.</b> This command skips the whole disk scan, which can be lengthy with large disks, and applies a targeted file system fix during a reboot. </li> <li><b>/forceofflinefix.</b> This command scans the disk online but does not perform repairs immediately. Instead, it queues the repairs to happen offline during the next reboot.</li> </ul> <h3>Common CHKDSK switches</h3> <p>The CHKDSK utility has several switches that perform various tasks indicated by the CHKDSK /? command, as shown in Figure 2. The most common switches include the following:</p> <ul type="disc" class="default-list"> <li><b>CHKDSK /?</b> displays the help file.</li> <li><b>CHKDSK /F </b>fixes logical file system errors.<b> </b></li> <li><b>CHKDSK /R </b>locates bad sectors and attempts to recover readable information. This process also fixes logical file system errors in the same way as /f. On solid-state drives (SSDs), this command still checks for <a href="https://www.techtarget.com/searchstorage/tip/4-causes-of-SSD-failure-and-how-to-deal-with-them">unreadable sectors</a>, but it does not perform physical surface scans the way it does on hard disk drives (HDDs).</li> <li><b>CHKDSK</b> (no switches) runs an analysis utility on the System drive (C:), which checks the file system, security descriptors, file name linkage and file system structure.</li> <li><b>CHKDSK (volume/file path) </b>runs against a specific volume, file or directory. This command quickly tests if a file or directory can't be accessed or has other performance issues.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/figure_2_chkdsk_help.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/figure_2_chkdsk_help_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/figure_2_chkdsk_help_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/figure_2_chkdsk_help.jpg 1280w" alt="Screenshot of the Command Prompt window displaying the chkdsk /? help screen." data-credit="Gary Olsen" height="556" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Using the chkdsk /? command displays a list of common CHKDSK commands. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Other switches might shorten the execution time by using more system resources or limiting the operations. These include the following:</p> <ul type="disc" class="default-list"> <li><b>/perf</b> allocates more system resources for faster execution at the cost of active applications.</li> <li><b>/scan /forceofflinefix</b> provides an online scan and queues the repair for offline work.</li> <li><b>/i</b> does a faster, but not thorough, check.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to use CHKDSK"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to use CHKDSK</h2> <p>A user can run the CHKDSK command from a command prompt. First, search for "Command Prompt" in the Windows search bar. After it opens, select the <b>Run as Administrator</b> option on the right. At that point, the user can enter <b>CHKDSK</b> and any switches they wish to execute. If needed, the command CHKDSK /? generates a list of switches.</p> <p>Additionally, Windows 10 and 11 include File Explorer integration. This feature provides access to the CHKDSK utility through the File Explorer UI rather than through the command line.</p> <p>Right-click on the C: drive in File Explorer and choose <b>Properties</b>. Then, select the <b>Tools</b> tab and click on the <b>Check</b> button.</p> <h3>Running CHKDSK before Windows boots</h3> <p>CHKDSK can run without starting Windows. If Windows doesn't boot, try running CHKDSK before Windows loads to check the disk and hopefully resolve the problem.</p> <p>Boot the computer from a Windows installation USB or OEM-supplied recovery disk. Alternatively, engage the recovery environment by holding the <b>Shift</b> key and clicking <b>Restart</b>. Then, take the following steps:</p> <ol type="1" start="1" class="default-list"> <li>On the "Install Windows" screen, click <b>Repair Your Computer</b>.</li> <li>Select Troubleshoot > Advanced Options > Command Prompt.</li> <li>Run CHKDSK C: /r to check the system drive.</li> </ol> <h3>Considerations when using CHKDSK</h3> <p>While CHKDSK is intuitive and easy to use, it's important to keep the following points in mind:</p> <ul type="disc" class="default-list"> <li>CHKDSK typically runs from the command-line utility (CMD) or from File Explorer.</li> <li>CHKDSK will not damage a healthy computer or disk. However, it's possible for the /f and /r to burden a failing drive and risk data loss on a damaged drive. Before running either command on a suspected failing drive, consider creating a backup first or <a href="https://www.techtarget.com/searchdatabackup/definition/ghost-imaging">using disk imaging tools</a> instead.</li> <li>CHKDSK can run against any physical hard disk.</li> <li>CHKDSK requires the target volume to be offline when using the /f or /r options. If the target is the C: drive, CHKDSK queues the scan request and runs it automatically on the next restart. This can be helpful, as scheduling scans during maintenance windows reduces disruption and limits unplanned support tickets.</li> <li>CHKDSK can run on other volumes live.</li> <li>CHKDSK supports offline use through boot media such as USBs or recovery disks.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Additional disk scan and repair processes"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Additional disk scan and repair processes</h2> <p>In addition to CHKDSK, IT teams should be familiar with other Windows options for diagnosing disk errors. And in the event of disk failure, they should know what their options are for system repair.</p> <p>Performing self-monitoring, analysis and reporting technology (SMART) checks and using image files to restore the system are also important processes for scanning and repairing disks.</p> <h3>Diagnosing disk errors with SMART</h3> <p>SMART is a built-in monitoring system on HDDs and SSDs that detects and reports signs of hardware failure. Some of the metrics it reports on include read/write error rates, spin-up time <a href="https://www.techtarget.com/searchstorage/answer/Whats-the-best-way-to-protect-against-HDD-failure">for HDDs</a>, bad sector blocks, remaining lifespan, wear-leveling count and temperature. SMART's job is to try to predict imminent hard disk failure so users can back it up and restore it before the drive becomes unusable.</p> <p>Just like CHKDSK, SMART can't repair but warns of impending failure. For IT leaders, this data provides early-warning signals that support predictive maintenance.</p> <p>HP's UEFI system test performs a SMART check on a hard drive. Users can also access SMART through PowerShell or the Windows Management Instrumentation Command-line (WMIC) utility. Use one of the following methods:</p> <ul type="disc" class="default-list"> <li>Execute the PowerShell command <span style="font-family: 'courier new', courier, monospace;">Get-PhysicalDisk</span>. This shows the status of each drive.</li> <li>Execute the WMIC command <span style="font-family: 'courier new', courier, monospace;">wmic diskdrive get status</span>. This is a legacy command, but it still works on Windows 10. It might not be available on Windows 11, as the WMIC utility is deprecated and has been removed by default from Windows 11 installations.</li> </ul> <p>Third-party tools also provide SMART diagnostics. These include tools from Seagate, Western Digital, Hard Disk Sentinel and CrystalDiskInfo.</p> <h3>Using image files for system repair</h3> <p>When restoring systems and system files after a disk has been replaced, it's critical to get them to a usable state as quickly as possible. This includes user settings, applications, data and the OS, with options as configured and customized by the organization. The use of a full disk or system image file -- either from a physical device such as a USB drive, CD/DVD or a network-accessible file -- has been a standard procedure for system restoration for many years.</p> <p>Organizations build a <a href="https://www.techtarget.com/searchitoperations/definition/golden-image">golden image</a> to use for restoration. This image has corporate-approved security configurations, applications, settings and even corporate logo wallpaper. There might be multiple images to accommodate the needs of different departments, with some images more secure than others. From a business continuity standpoint, maintaining standardized image files shortens recovery time and helps meet compliance targets.</p> <p>There are also several ways image files can be used in system recovery. Each method corresponds to different recovery requirements.</p> <p><u><iframe title="Windows system imaging and recovery options" aria-label="Table" id="datawrapper-chart-pOfvg" src="https://datawrapper.dwcdn.net/pOfvg/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="716" data-external="1"></iframe> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </u></p> <p>Problems such as hard disk failure or OS corruption might require a full system recovery. However, it's also possible to do a partial system recovery from a type of image file called a <i>snapshot</i> or <i>restore point</i>. A user can take a snapshot of the system state, then restore the system as if going back in time. Note that this doesn't <a href="https://www.techtarget.com/searchdatabackup/feature/Image-based-vs-file-based-backup-Key-comparisons">back up documents or user data</a> -- it just protects system files, drivers, registry settings and configurations.</p> <p>For instance, a user can save a snapshot of the system as an image file on disk. An app installation or security update could then take place. If that update or installation caused the system to fail or exhibit poor performance, the user can apply the snapshot to restore the system to the previous state. Users can take multiple snapshots and choose which one they want to restore the system to. </p> <p>To create a snapshot and restore the system to it on Windows 10 and 11, take the following steps:</p> <ol type="1" start="1" class="default-list"> <li>From the Windows Search bar, search for and select <b>Create a restore point</b>. This opens the System Properties screen.</li> <li>Under Protection Settings, select the drive the snapshot should be saved onto. Then, click on the <b>Configure… </b>button.</li> <li>A pop-up screen should then show basic configuration parameters such as limiting the amount of disk space to store snapshots. On this screen, make sure <b>Turn on system protection </b>is selected, and configure any desired disk space usage settings. Once the settings look correct, click <b>Apply</b> and <b>OK</b>.</li> <li>On the System Properties screen, select the <b>Create…</b> button. This prompts another pop-up, where the user should type in a description for the restore point and then click <b>Create</b>.</li> <li>Once the system is done creating the restore point, select <b>Close</b>.</li> <li>To restore the system, click on the <b>System Restore…</b> button. The user can then choose to revert the system to one of the available restore points.</li> </ol> <p>It's also possible to script this process in PowerShell for Windows 10 and 11.</p> </section> <section class="section main-article-chapter" data-menu-title="Managing disk health in a corporate environment"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Managing disk health in a corporate environment</h2> <p>In the enterprise, disk health management directly affects data integrity, compliance, uptime and costs. Beyond individual repairs, it plays a key role in risk mitigation and <a href="https://www.techtarget.com/searchstorage/tip/7-steps-to-retiring-storage-hardware-safely-and-efficiently">lifecycle planning</a>. It's crucial for organizations to monitor disk health on a consistent basis, and to use the right tools and strategies to do it.</p> <p>Windows CHKDSK is a fundamental tool that performs a quick check on disk read/write errors. It's often the initial step in resolving disk-related performance problems and errors listed in event logs. However, it's better used for general maintenance instead of repairing a known issue, as it's impractical to run it on every computer in an organization.</p> <p>For enterprise environments, advanced tools using SMART monitoring and logging to a centralized location are more effective and practical. These tools include Windows Admin Center, System Center Operations Manager and third-party applications.</p> <p>Many third-party programs enable an administrator to <a href="https://www.techtarget.com/searchwindowsserver/tip/Filter-and-query-Windows-event-logs-with-PowerShell">manage event logs</a>, including the system event log, and identify computers that need attention. Some of the more popular options are Manage Engine EventLog Analyzer, Sematext Logs, Graylog and Datadog Log Management. These tools provide advanced features such as compliance analysis, real-time monitoring, scalability and custom dashboards.</p> <p>IT staff should use the following best practices to prevent and handle issues like disk failure:</p> <ul type="disc" class="default-list"> <li>Monitor SMART data with tools such as PowerShell, Windows and third-party programs to detect early signs of disk failure.</li> <li>Monitor event logs for disk <a target="_blank" href="https://learn.microsoft.com/en-us/troubleshoot/windows-server/backup-and-storage/troubleshoot-data-corruption-and-disk-errors" rel="noopener">warning events</a>. Use centralized log management tools to collect and analyze enterprise-wide data.</li> <li>Prepare system images for use in restoring failed systems quickly and reducing downtime. </li> <li>Create images for various system requirements in the enterprise, such as kiosks, test and development, general users, power users and executives.</li> </ul> <ul class="default-list"> <li>Provide full disk or system image files on backed-up, readily available network locations.</li> </ul> <ul type="disc" class="default-list"> <li>Protect computers with system restore points. This is especially useful for testing and development, and prior to installing software on specific machines.</li> <li>Educate end users on disk failure warning signs and how to contact IT support for resolution.</li> </ul> <p>Additionally, executives and managers should adopt the following practices to ensure proper disk management in their organizations:</p> <ul type="disc" class="default-list"> <li>Ask administrators what percentage of endpoints have had CHKDSK or SMART scans in the past quarter.</li> <li>Include disk health metrics in quarterly <a href="https://www.techtarget.com/searchsecurity/tip/How-to-perform-a-data-risk-assessment-step-by-step">IT risk reviews</a>.</li> <li>Make sure staff are trained in proactive maintenance and image-based recovery.</li> <li>Budget for preventive diagnostics instead of emergency replacements.</li> </ul> <p><b>Editor's note:</b> <i>Gary Olsen originally wrote this article in December 2021. He updated and expanded it in December 2025 to reflect changes in Windows management processes and improve the reader experience.</i></p> <p><i>Gary Olsen has worked in the IT industry since 1983 and holds a Master of Science in computer-aided manufacturing from Brigham Young University. He was on Microsoft's Windows 2000 beta support team for Active Directory from 1998 to 2000 and has written two books on Active Directory and numerous technical articles for magazines and websites.</i></p> </section> Using built-in Windows tools such as Check Disk and SMART helps organizations reduce risks associated with disk errors, extend hardware life and maintain operational continuity. https://cdn.ttgtmedia.com/rms/onlineimages/disaster_recovery_a267084312.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-to-scan-and-repair-disks-with-Windows-10-Check-Disk Wed, 10 Dec 2025 18:00:00 GMT How to use Windows Check Disk to maintain disk health <p>Up-to-date BIOS and Unified Extensible Firmware Interface (<a href="https://www.techtarget.com/whatis/definition/Unified-Extensible-Firmware-Interface-UEFI">UEFI</a>) firmware is critical for enterprise security, device reliability and seamless Windows 11 adoption.</p> <p>In enterprise environments, firmware directly affects security posture, hardware stability and compatibility with modern platforms like Windows 11. Outdated versions can introduce vulnerabilities, disrupt performance and complicate <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Three-PC-lifecycle-management-options-IT-should-consider">device lifecycle planning</a>. Clear visibility into BIOS/UEFI versions helps organizations maintain secure, compliant and consistent endpoint environments.</p> <section class="section main-article-chapter" data-menu-title="What are BIOS versions?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are BIOS versions?</h2> <p>BIOS and its more modern replacement, UEFI, are the low-level software that initializes hardware before the OS loads. This software is responsible for booting the computer, managing hardware-level communication and providing the interface between the OS and the hardware. Modern computers don't use a traditional BIOS. They use UEFI instead. Still, people commonly refer to this software as BIOS.</p> <p>So, what does it mean to look for a computer's BIOS version? The BIOS version essentially refers to the system firmware version, even on UEFI-based machines. When people ask about the BIOS version, they are likely referring to the firmware version of the UEFI on the computer.</p> <h3>What is the difference between BIOS and UEFI?</h3> <p>BIOS is the older, legacy system. It has a text-based interface and uses the keyboard for navigation. BIOS uses the <a href="https://www.techtarget.com/whatis/definition/Master-Boot-Record-MBR">Master Boot Record</a> partitioning system, which only supports drives up to 2.2 TB and is limited to four primary partitions.</p> <p>UEFI was designed to overcome the limitations of BIOS. It offers a graphical interface and supports not only keyboard input but also navigation with a mouse. UEFI also supports enterprise-grade features such as the following:</p> <ul type="disc" class="default-list"> <li>Secure Boot.</li> <li>Remote diagnostics.</li> <li>Network booting.</li> <li>Firmware updates from inside the OS.</li> <li>Support for the GUID Partition Table standard, which enables the use of larger drives and partitions.</li> </ul> <p>While older PCs might still use BIOS, UEFI has become the standard for modern computers over the past several years. In fact, UEFI and Secure Boot are <a href="https://www.techtarget.com/searchenterprisedesktop/tip/The-Windows-11-system-requirements-and-what-they-indicate">requirements to run Windows 11</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Why the BIOS version matters for IT admins"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why the BIOS version matters for IT admins</h2> <p>OEMs and hardware vendors often release updates to BIOS to support new features, fix bugs and update security flaws that might exist on the previous firmware version. IT might need to check the BIOS version in the following instances:</p> <ul type="disc" class="default-list"> <li>Troubleshooting hardware and performance issues.</li> <li>Ensuring that the hardware is supported on new OSes.</li> <li>Ensuring that hardware has the latest security updates.</li> <li>Deploying updates and verifying that they have applied correctly.</li> </ul> <p>While Microsoft provides Windows updates, the hardware manufacturer handles BIOS updates. This is because the BIOS/UEFI versions are model-specific. Manufacturers release these updates to fix security flaws or compatibility issues, or to improve hardware performance.</p> <p>At scale, visibility into firmware versions across all devices is essential. Centralized tracking, automated updates through <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Top-unified-endpoint-management-software-vendors">endpoint management tools</a> and adherence to OEM support timelines reduce operational risk and administrative overhead. Integrating firmware management into broader IT governance ensures that devices remain reliable throughout their lifecycle, while supporting cost-effective, predictable operations across the organization.</p> <h3>Does the BIOS version depend on the OS?</h3> <p>The BIOS version doesn't depend on the OS. It's the firmware version that is running independent of the operating system.</p> <p>This means that the firmware version doesn't change when users install a new version of Windows. However, the process for checking the firmware version might change depending on the OS, and some firmware features only work in a supported OS.</p> </section> <section class="section main-article-chapter" data-menu-title="How to check your BIOS Version on Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to check your BIOS Version on Windows 11</h2> <p>When using a Windows 11 PC, there are a few different ways to check the BIOS/UEFI version, depending on the use case.</p> <h3>Checking the BIOS version using System Information</h3> <p>IT can use Windows System Information to check the firmware version. This method also works on Windows 10. It shows the BIOS version string, OEM or motherboard manufacturer, and the release date of the BIOS/UEFI firmware. To use this method, take the following steps:</p> <ol type="1" start="1" class="default-list"> <li>Press the <b>Windows</b> and <b>R</b> keys to open the Run dialogue.</li> <li>Type in <i>MSInfo32</i> and hit the <b>Enter</b> key.</li> <li>In the system summary window, look for the entry labelled <i>BIOS Version/Date</i>.</li> </ol> <h3>Checking the BIOS version in Windows using command-line tools</h3> <p>Sometimes it's easier for an IT administrator to use command-line tools to find the BIOS version. This makes it easier to collect BIOS data through scripting or enable bulk queries across multiple systems through management platforms.</p> <p>PowerShell is ideal for scripting or collecting BIOS info across multiple devices. To find the BIOS version through PowerShell, use the following steps:</p> <ol type="1" start="1" class="default-list"> <li>Press the <b>Windows</b> and <b>R</b> keys to open the Run dialogue.</li> <li>Type in<i> PowerShell</i> and hit <b>Enter</b>.</li> <li>In the PowerShell window, type in the following command:</li> </ol> <pre class="language-powershell"><code>Get-CimInstance -ClassName Win32_BIOS | Select-Object SMBIOSBIOSVersion, Manufacturer, ReleaseDate</code></pre> <ol type="1" start="4" class="default-list"> <li>Press the <b>Enter</b> key.</li> <li>The screen should then show the OEM, BIOS version and its release date.</li> </ol> <p>To find the BIOS version in Windows using the <span style="font-family: 'courier new', courier, monospace;">systeminfo</span> command in the Command Prompt, take the following steps:</p> <ol type="1" start="1" class="default-list"> <li>Press the <b>Windows</b> and <b>R</b> keys to open the Run dialogue.</li> <li>Type in <i>cmd</i> and hit <b>Enter</b>.</li> <li>In the Command Prompt window, type in the following command:</li> </ol> <pre><span style="font-family: 'courier new', courier, monospace;">systeminfo | findstr /I "BIOS"</span></pre> <ol type="1" start="4" class="default-list"> <li>Press the <b>Enter</b> key.</li> <li>The screen should display the OEM, BIOS version and its release date.</li> </ol> <p>One option that works in Windows 10 but might not be available in Windows 11 is the command <span style="font-family: 'courier new', courier, monospace;">wmic bios get smbiosbiosversion</span>. The Windows Management Instrumentation Command-line utility is <a target="_blank" href="https://support.microsoft.com/en-us/topic/windows-management-instrumentation-command-line-wmic-removal-from-windows-e9e83c7f-4992-477f-ba1d-96f694b8665d" rel="noopener">deprecated</a> and has been removed by default from many Windows 11 installations.</p> <h3>Checking the BIOS version by booting into UEFI/BIOS</h3> <p>Rather than checking the BIOS version from inside the OS, it's also possible to boot directly into the UEFI interface and check directly. This process varies depending on the OEM.</p> <p>First, boot the device. During the startup process, the screen should specify which button to press to enter the BIOS/UEFI setting. It's typically <b>F1</b>, <b>F2</b>, <b>F10</b>, <b>F12</b> or the <b>DEL</b> key.</p> <p>After booting into the UEFI/BIOS system, the home screen should display the system information, including the system's model number, BIOS/UEFI version and date of the last update.</p> <p><i>Jake Gardner works with regional organizations, helping them use technology to provide practical, functional solutions.</i></p> </section> Firmware, such as BIOS or UEFI, plays a crucial role in how securely a Windows device starts and operates. Organizations need to know what versions are running on their endpoints. https://cdn.ttgtmedia.com/rms/onlineimages/folder-files13.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-IT-admins-can-check-BIOS-or-UEFI-versions-in-Windows-11 Mon, 17 Nov 2025 14:32:00 GMT How IT admins can check BIOS or UEFI versions in Windows 11 <p>AI took center stage at Microsoft Ignite 2025, this year's installment of the tech giant's annual conference.</p> <p>From Nov. 18-21, conference-goers gathered at San Francisco's Moscone Center for hundreds of live sessions, demonstrations and labs focusing on key topic areas. Key topics this year included cloud and AI platforms, AI-powered security and AI business tools.</p> <p>In a shakeup from years past, Microsoft CEO Satya Nadella did not make an appearance at this year's event. Judson Althoff, CEO of Microsoft's commercial business, delivered the opening keynote -- where he highlighted the company's AI innovations -- alongside senior Microsoft engineering leaders.</p> <p>Dive into our editorial coverage below to catch up on the major announcements and news analysis from this year's Microsoft Ignite conference, and stay tuned for future updates.</p> Our guide to Microsoft Ignite 2025 has everything you need to know about the annual conference, including live news updates, expert analysis and highlights from last year's show. https://www.techtarget.com/searchwindowsserver/conference/Microsoft-Ignite-conference-coverage Mon, 10 Nov 2025 00:00:00 GMT Microsoft Ignite 2025 conference coverage <p>Here's where agentic AI hype hits the desktop: Low-code agent builders enable rank-and-file office workers to automate their own daily drudgery.</p> <p>That's the idea behind generative AI agent builders from companies such as <a href="https://www.techtarget.com/whatis/feature/ChatGPT-agents-explained">OpenAI</a>, Zapier, MindStudio and <a href="https://www.techtarget.com/searchcustomerexperience/news/366626538/Salesforce-Agentforce-3-lifts-the-hood-on-observability">Salesforce</a>, to name a few. They spread agentic AI outside the developer tribe and give frontline office workers the ability to automate manual processes. The builders can typically create agents from a chat prompt, and they plug into enterprise security policies that govern their use and access to sensitive data.</p> <p>Microsoft has also entered this competitive fray, having released <a href="https://www.techtarget.com/searchcustomerexperience/news/366614232/Microsoft-adds-Copilot-agents-design-tools-for-365-Dynamics">Copilot Studio</a> in October 2024. Last week, the company released a no-code agent builder called Copilot Studio lite to its Microsoft Copilot users in the Frontier beta program. In Copilot Studio lite, users can make what Microsoft characterizes as "lightweight" agents. Full Copilot Studio is required for advanced workflows, <a href="https://www.techtarget.com/whatis/definition/large-language-model-LLM">large language model</a> selection and other features.</p> <p>Also included in the Frontier <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you-to-build-apps-and-workflows/" target="_blank" rel="noopener">beta release</a>, along with Copilot Studio lite, is Workflows, a Copilot agent that can automate tasks such as sending updates to teammates and managing calendars in Outlook, Teams, SharePoint and Planner. App Builder, another generative AI agent in Copilot, can track project milestones and deadlines, in addition to visualizing data.</p> <p>"Microsoft is really trying to differentiate and distinguish itself from its closest rival, which is ChatGPT Enterprise," said Gartner analyst Jason Wong. "This Copilot app resembles a lot of what ChatGPT and ChatGPT Enterprise is -- so Microsoft is trying to build in hooks into this Copilot app to differentiate it. Part of that is integrating it into their existing set of applications like SharePoint."</p> <p>Microsoft's Copilot Studio lite also provides users with an environment in which to build their agents without developer overhead. It takes the leap from the low-code environment of the Microsoft Apps (formerly Power Apps) and Power Automate platforms fully into the no-code realm.</p> <p>"Microsoft Apps and Power Automate have been part of this <a href="https://www.techtarget.com/searchsoftwarequality/definition/citizen-development">citizen development movement</a>, where companies would stand up the environments and allow business users to create applications, workflows, bots, automations. It took effort for organizations to stand this up and to track what's happening," Wong said. "[Microsoft's] app builder and workflow builder tool gets away from having to formally set up environments for citizen development -- [they're] just very simple agent-building tools inside the environment that [users are already] familiar with."</p> <p>Richard Riley, general manager of low-code and agents marketing at Microsoft, said that agent designers are now table stakes for office software; it's not a situation where just OpenAI is competing with Copilot. Companies will compete not on the agents' building capability itself, he believes, but on the tooling that comes with them.</p> <p>Microsoft's agentic AI tools enable users to create simple -- at least for now -- automations. Giving end users such tools has been foundational to the success of Microsoft's productivity suite in the past.</p> <p>"If you think about it in the context of history, if you look back to what made Office the thing it is, a lot of that came with extensibility," Riley said. "With things like Visual Basic, things like macros, people built things on Office that you'd never have expected to be able to build."</p> <p><i>Don Fluckinger is a senior news writer for Informa TechTarget. He covers customer experience, digital experience management and end-user computing. Got a tip? </i><a href="mailto:don.fluckinger@informatechtarget.com?subject=Tip%20from%20article" target="_blank" rel="noopener"><i>Email him</i></a><i>.</i></p> The battle for desktop agent mindshare heats up. Microsoft is the latest to arm everyday office workers with tools to make their own, taking on OpenAI, Google and Salesforce. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a205627811.jpg https://www.techtarget.com/searchenterprisedesktop/news/366633987/Microsoft-opens-Copilot-agent-building-to-office-rank-and-file Tue, 04 Nov 2025 14:57:00 GMT Microsoft opens Copilot agent building to office rank and file Search Enterprise Desktop Resources and Information from TechTarget 60 webmaster@techtarget.com