![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 72%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
To restrict clients on a domain to only allow Windows 11 (version 24H2) or higher, you can utilize Group Policy settings. Specifically, you can implement policies that enforce minimum operating system requirements for domain logon. While the context provided does not specify a direct method for enforcing OS versions for logon, you can achieve similar results by using the following approaches:
- Group Policy: You can create a Group Policy Object (GPO) that applies to the organizational unit (OU) containing your user accounts. Within this GPO, you can configure settings that restrict access based on the operating system version.
- Device Compliance Policies: If you are using Microsoft Intune or another Mobile Device Management (MDM) solution, you can set compliance policies that require devices to be running Windows 11 (24H2) or later. Non-compliant devices would be blocked from accessing the domain.
- Network Access Control: Implementing Network Access Control (NAC) solutions can help enforce device compliance before allowing them to connect to the network.
- User Education and Communication: Inform users about the requirement to upgrade their devices to Windows 11 (24H2) or higher to avoid login issues.
By combining these strategies, you can effectively restrict domain access to only those clients that meet your specified operating system requirements.
References: