Everything ICT
Technology Standards

Recommended Technology Platform

Minimum hardware specifications and mandatory security controls for all devices managed by Everything ICT. Applies to Windows 11 Professional and Apple M-series environments.

Overview

Why a Consistent Platform Matters

When every device on your network meets a consistent standard, IT support is faster, your security posture is stronger, and compliance reporting is cleaner. When devices are a mixed bag of ages, operating systems, and security states, every support call takes longer, every audit is harder, and every incident is more difficult to contain.

This document sets the minimum specifications for new device purchases and the security controls that apply to all devices enrolled in our managed service. If existing devices fall below these minimums, we will identify them, recommend a replacement schedule, and help prioritise spend.

These are minimum specifications. Where budget allows, purchasing to the “Recommended” tier is strongly encouraged — devices that meet minimum spec today may not cope with software demands in three years.

Windows Platform

Windows 11 Professional — Minimum Specifications

All Windows devices must run Windows 11 Professional (64-bit). Windows 11 Home is not supported on managed networks — it lacks the encryption, MDM enrolment, and policy management capabilities required under this standard.

Processor

Minimum

Intel Core i5 (12th Gen+) or AMD Ryzen 5 5000+

Recommended

Intel Core i7 (13th Gen+) or AMD Ryzen 7

Must support TPM 2.0 and Secure Boot — both are required for Windows 11 and full-disk encryption.

RAM

Minimum

8 GB DDR4

Recommended

16 GB DDR4/DDR5

16 GB is strongly recommended for users running a productivity suite, browser, and business applications simultaneously.

Storage

Minimum

256 GB NVMe SSD

Recommended

512 GB NVMe SSD

Mechanical hard drives are not acceptable for primary drives. NVMe SSD is required; a SATA SSD is acceptable as a secondary drive only.

Display

Minimum

14" 1080p (FHD)

Recommended

14–15.6" 1080p IPS or 2K

For desktop workstations, a minimum 24" 1080p external monitor is required. Dual monitors are strongly encouraged for admin and office roles.

Operating System

Minimum

Windows 11 Professional (64-bit)

Recommended

Windows 11 Professional — latest feature update

Windows 11 Home is not permitted on managed devices. The Professional edition is required for BitLocker encryption, MDM enrolment, and Group Policy management.

Battery (Laptops)

Minimum

4-cell / 45 Wh minimum

Recommended

6-cell / 60 Wh+ with fast-charge

Must sustain a minimum of 6 hours real-world use. Devices that require mains power for normal operation are not suitable for mobile roles.

Business-Grade Hardware Only

Consumer-grade laptops and desktops (entry-level retail lines) are not approved for managed service. Business-class devices from reputable manufacturers provide the firmware management tools, build quality, and warranty options required for reliable operation in a managed environment.

Mac Platform

Apple Mac — Minimum Specifications

Apple M-series Macs are fully supported alongside Windows devices. All Mac devices must run a current, supported version of macOS and be enrolled in the MDM platform for policy enforcement and remote management.

Processor

Minimum

Apple M1 chip

Recommended

Apple M3 or M4

Intel-based Macs are no longer recommended for new purchases. They will not receive future macOS updates indefinitely and cannot match the security and performance architecture of M-series chips.

Unified Memory

Minimum

8 GB

Recommended

16 GB

8 GB should be considered a floor. Power users or staff running demanding applications should specify 16 GB or higher at time of purchase — unified memory cannot be upgraded after purchase.

Storage

Minimum

256 GB SSD

Recommended

512 GB SSD

256 GB is acceptable for cloud-first users with minimal local storage needs. Staff with large file requirements (media, design, data) should specify 512 GB or higher.

Models

Minimum

MacBook Air M1 / Mac mini M1

Recommended

MacBook Pro M3/M4, Mac mini M4, iMac M4

MacBook Air is suitable for most business roles. MacBook Pro is recommended for intensive workloads or dual external display requirements.

Display

Minimum

Built-in Retina display (MacBook)

Recommended

External 27" 4K for desktop roles

All M-series MacBooks ship with a Retina display that exceeds the Windows minimum. Mac mini and Mac Studio users require an external monitor; 27" 4K is recommended.

Operating System

Minimum

macOS Ventura (13.x)

Recommended

macOS Sequoia (15.x) — latest release

Devices must run a macOS version still within Apple's security update window. Devices running unsupported macOS versions will be flagged in monitoring reports and must be upgraded or replaced.

Intel Mac Notice

Intel-based Macs are approaching or past their extended security update window and are not recommended for new deployments. Existing Intel Macs in a managed fleet will be flagged in the annual hardware health report with a recommended replacement timeline.

Security Requirements

Mandatory Security Controls — All Managed Devices

The following controls are mandatory on all devices enrolled in our managed service, regardless of operating system, device age, or user role. They are not optional add-ons — they are the baseline that makes proactive IT support and compliance reporting possible.

Business-Grade Antivirus

Required

Consumer-grade antivirus is not approved on managed devices. Business antivirus must include centralised management, policy enforcement, real-time threat reporting, and integration with the remote monitoring platform. All managed endpoints are covered under our standard deployment.

Endpoint Detection & Response (EDR)

Required

Antivirus alone does not detect fileless attacks, lateral movement, or living-off-the-land techniques. EDR provides behavioural analysis, threat hunting, and automated containment. All managed devices require an active EDR agent integrated with our security operations centre for human-reviewed incident response.

Full-Disk Encryption

Required

All managed devices must have full-disk encryption enabled. Windows devices use BitLocker (requires Windows 11 Pro and TPM 2.0). Mac devices use FileVault 2. Encryption keys are escrowed centrally so lost or stolen devices can be remotely wiped and key recovery is available to authorised staff.

Patch Management

Required

Operating system and third-party application patches are deployed automatically via the remote monitoring platform. Security patches are applied within 14 days of release in line with the ASD Essential Eight Maturity Level 1 baseline. Devices outside the patch window are flagged and reported monthly.

Mobile Device Management (MDM)

Required

All managed Windows and Mac devices must be enrolled in the MDM platform. Enrolment allows security baselines to be enforced, software to be deployed remotely, certificates to be managed, and remote wipe to be performed if a device is lost or stolen. Unenrolled devices cannot be supported under a managed services agreement.

Remote Monitoring & Management (RMM)

Required

All managed devices run a lightweight RMM agent that monitors system health, disk usage, backup status, antivirus state, and patch compliance. This is how issues are detected and resolved proactively — often before staff notice anything is wrong.

Network Infrastructure

Business-Grade Networking Requirements

The network is the foundation of every security control deployed on endpoints. A consumer-grade or poorly configured network undermines protections elsewhere. The following standards apply to all sites under our managed service.

Business-Grade Firewall / Router

Consumer routers are not appropriate for business networks. They lack enterprise-grade security features, centralised management, VPN capability, and the logging required for security incident investigation. A business-grade firewall with stateful packet inspection and remote management is required at every supported site.

Managed Network Switches

All wired network infrastructure must use managed switches that support VLAN segmentation. VLANs allow staff devices, guest Wi-Fi, VOIP, and security cameras to be isolated onto separate network segments — limiting the spread of any security incident across the environment.

Business-Grade Wi-Fi Access Points

Wi-Fi 6 (802.11ax) access points are required for all new installations. Business access points must support multiple SSIDs (staff, guest, IoT), WPA3 encryption, and centralised management. Consumer Wi-Fi routers with built-in access points are not acceptable as the primary wireless solution.

Uninterruptible Power Supply (UPS)

All network hardware, servers, and NAS devices must be connected to a UPS. Power fluctuations and brief outages are among the most common causes of hardware failure and data corruption. A UPS provides clean power, surge protection, and allows equipment to shut down cleanly during a prolonged outage.

Everything ICT

Explore Our Services

Managed IT

Proactive IT support for your whole team

Cyber Security

24/7 monitoring, EDR, and compliance reporting

Cloud Services

Hosted infrastructure and cloud migration

Microsoft 365

Licensing, deployment, and ongoing management

VOIP & Telecoms

Business phone systems and connectivity

IT Consulting

Strategy, projects, and technology roadmaps

Aged Care IT

Specialist IT for aged care providers

NDIS IT

IT for NDIS providers and support coordinators

Real Estate IT

IT for agencies and property management

Contact Us

Get in touch with our team