diff --git a/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj b/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj
index 8e46d6c9a4..514a3187c9 100644
--- a/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj
+++ b/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj
@@ -1,10 +1,8 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>netcoreapp3.0</TargetFramework>
     <IsWindowsOnlyTest>true</IsWindowsOnlyTest>
-    <!-- Disabled because of https://github.com/aspnet/AspNetCore/issues/11009. Tests don't run on Win7 or Win8 correctly. -->
-    <BuildHelixPayload>false</BuildHelixPayload>
   </PropertyGroup>
 
   <ItemGroup>
@@ -20,9 +18,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <None Update="testCert.pfx">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
+    <Content Include="negotiateAuthCert.pfx" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/NegotiateHandlerFunctionalTests.cs b/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/NegotiateHandlerFunctionalTests.cs
index 742bb426b0..9d881cee38 100644
--- a/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/NegotiateHandlerFunctionalTests.cs
+++ b/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/NegotiateHandlerFunctionalTests.cs
@@ -35,8 +35,38 @@ namespace Microsoft.AspNetCore.Authentication.Negotiate
                 new object[] { Http2Version },
             };
 
+        [ConditionalFact]
+        // Only test HTTP/1.1, ALPN is not supported on Win7
+        public async Task Anonymous_NoChallenge_NoOps_Win7()
+        {
+            using var host = await CreateHostAsync();
+            using var client = CreateSocketHttpClient(host);
+            client.DefaultRequestVersion = Http11Version;
+
+            var result = await client.GetAsync("/Anonymous1");
+            Assert.Equal(HttpStatusCode.OK, result.StatusCode);
+            Assert.False(result.Headers.Contains(HeaderNames.WWWAuthenticate));
+            Assert.Equal(Http11Version, result.Version);
+        }
+
+        [ConditionalFact]
+        // Only test HTTP/1.1, ALPN is not supported on Win7
+        public async Task Anonymous_Challenge_401Negotiate_Win7()
+        {
+            using var host = await CreateHostAsync();
+            // WinHttpHandler can't disable default credentials on localhost, use SocketHttpHandler.
+            using var client = CreateSocketHttpClient(host);
+            client.DefaultRequestVersion = Http11Version;
+
+            var result = await client.GetAsync("/Authenticate");
+            Assert.Equal(HttpStatusCode.Unauthorized, result.StatusCode);
+            Assert.Equal("Negotiate", result.Headers.WwwAuthenticate.ToString());
+            Assert.Equal(Http11Version, result.Version);
+        }
+
         [ConditionalTheory]
         [MemberData(nameof(Http11And2))]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win81, SkipReason = "Windows only supports ALPN on 8.1 and later.")]
         public async Task Anonymous_NoChallenge_NoOps(Version version)
         {
             using var host = await CreateHostAsync();
@@ -51,6 +81,7 @@ namespace Microsoft.AspNetCore.Authentication.Negotiate
 
         [ConditionalTheory]
         [MemberData(nameof(Http11And2))]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win81, SkipReason = "Windows only supports ALPN on 8.1 and later.")]
         public async Task Anonymous_Challenge_401Negotiate(Version version)
         {
             using var host = await CreateHostAsync();
@@ -148,6 +179,7 @@ namespace Microsoft.AspNetCore.Authentication.Negotiate
         [ConditionalTheory]
         [InlineData(false)]
         [InlineData(true)]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10, SkipReason = "The client only supports HTTP/2 on Win10.")]
         public async Task RequestAfterAuth_Http2Then2Anonymous_Success(bool persistNtlm)
         {
             using var host = await CreateHostAsync(options => options.PersistNtlmCredentials = persistNtlm);
@@ -213,7 +245,7 @@ namespace Microsoft.AspNetCore.Authentication.Negotiate
                     {
                         options.Listen(IPAddress.Loopback, 0, endpoint =>
                         {
-                            endpoint.UseHttps("testCert.pfx", "testPassword");
+                            endpoint.UseHttps("negotiateAuthCert.pfx", "testPassword");
                         });
                     });
                     webHostBuilder.Configure(app =>
diff --git a/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/testCert.pfx b/src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/negotiateAuthCert.pfx
similarity index 100%
rename from src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/testCert.pfx
rename to src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/negotiateAuthCert.pfx