Device Operating System Specification

Page content

Windows – Desktops (on-premise)Windows - LaptopsmacOS - Apple

All corporate Windows systems must be capable of running the latest currently available version of Microsoft Windows Operating System.
Microsoft are retiring support and security patches for Windows 10 22H2 (the final version) from 14.10.2025.
After 14.10.25 Windows 10 devices will not be able to access corporate systems so that University governance and cyber-compliance requirements are met.
Windows 10 devices which can run Windows 11 ie: an Intel 8^th,generation or higher processor which have a continued /stated requirement must be updated to that version using the available SCCM and Intune technologies ahead of 14.10.25. Lifecycle management requirements must still be attended to.
Should the continued need for a device exist, a Windows-11 capable device with an appropriate hardware specification needs to be sourced and presented for deployment by the owning stakeholder(s). The Windows-10 device must be retired from service (and offboarded as per governance requirements /processes).

All corporate Windows systems (staff and student) must be capable of running the latest available version of Microsoft Windows Operating System (Windows-11).
After 14.10.25 Microsoft are retiring support and security patches for Windows 10 22H2 (the final version).
To meet cyber-security and governance needs, all Staff and Student devices that cannot support Windows 11 as a baseline will not be able to access corporate resources. Such non-compliant devices must be retired from service before 14.10.25
Windows 11 is not supported on any device with an Intel 7th generation processor or on devices that do not support Trusted Platform Module (TPM) 2.x. These are typically devices which are currently 6+ years old. Hardware refresh of such devices is the responsibility of the owning stakeholder.
Newly procured devices must be via the NDNA procurement framework and be accompanied by a Windows-11 Professional license.
Windows desktop and laptop devices must be registered on the relevant management platform (AD for on-premise desktops, Intune for Laptops and Jamf Cloud for Apple macOS devices).
Users must authenticate via networked accounts to the management platform and not via local device accounts.
Windows 11 operating system updates and patches are remotely delivered to Windows desktops and laptops by the relevant management platform (SCCM for on-premise desktops and Intune for laptops).

All corporate Apple devices must run the currently supported and most recently approved version (N) of macOS which the device can support.
Apple hardware that cannot run macOS version N-2 presents a cyber security risk and must be retired from service (and offboarded as per governance requirements /processes).
Apple hardware that is capable of running a higher version, must be updated to the optimum macOS version for that hardware model.
Apple annually update their operating system releases (to version N) and maintain support for the two preceding major version releases (N-2). macOS versions older than N-2 are unsupported by Apple and the University’s Apple Management Platform (Jamf Cloud).
Stakeholders are advised to plan for all of the above components and align their hardware fleet to meet this cybersecurity need by way of planned hardware refreshes /lifecycle management.
Apple desktop and laptop devices must be registered on Apple School Manager and the Jamf Cloud management platform.
Users must authenticate /access their devices via networked accounts and not via local device accounts.
Operating System updates and patches are remotely delivered to Apple desktops and laptops via the Jamf Cloud platform.