Microsoft has silently extended the free Windows 10 Extended Security Updates (ESU) program by one additional year, pushing the consumer deadline from October 12, 2026 to October 12, 2027. The change surfaced not through a press conference or official announcement, but through a quiet documentation update and a single "Editor's note" buried in a Windows Experience Blog post.

For millions of Windows 10 users, many of whom are stuck on the platform because their hardware fails Windows 11 TPM 2.0 and CPU requirements , this is meaningful breathing room. This guide covers exactly what changed, what the ESU program actually covers, how to enroll for free, the full enterprise pricing breakdown, the real security risks of staying on Windows 10 without ESU, and an honest look at what this extension does and does not change about your upgrade plan.

Windows 10 Extended Security Updates Quietly Extended to October 2027: What It Means for You

If you woke up one morning and found out Microsoft had given Windows 10 users a full extra year of free security updates without a single press release, you would probably assume you missed something. You did not miss anything. That is exactly what happened. On June 25, 2026, Microsoft slipped an editor's note into an old blog post and quietly updated its official ESU documentation page. No fanfare, no livestream, no Satya Nadella tweet. Just a policy change that affects hundreds of millions of PCs worldwide, announced like a footnote.

The Windows 10 update situation has been evolving since October 14, 2025, when mainstream support officially ended. The free Windows 10 extended security updates 2027 extension changes the math considerably for anyone who has been putting off a hardware decision. But it does not change the fundamental truth: the clock is still running, and October 2027 will arrive faster than you think.

Here is everything you need to know.

What Just Happened: Microsoft's Quiet Policy Change Explained

The change was first spotted in updates to Microsoft's official Windows 10 ESU documentation and confirmed through an "Editor's note" added to a Windows Experience Blog post originally published on June 24, 2025. The note, dated June 25, 2026, reads in part: "This post has been updated to reflect that the Windows 10 Extended Security Updates (ESU) program for personal use devices is being provided for an additional year, with coverage now available through Oct. 12, 2027."

Microsoft's official statement, shared with BleepingComputer, explained: "We understand that moving to a new PC can take time. As part of our ongoing commitment to helping customers stay secure during the transition, the Windows 10 Extended Security Updates (ESU) program for personal devices is being provided for an additional year. Coverage will now be available through October 12, 2027. This gives customers more time and flexibility to find the best PC for their needs while keeping them protected."

Worth noting: this announcement landed on the same day Microsoft raised Xbox console prices by $100 to $150 depending on the model. Whether that is coincidence or deliberate optics management is an open question. What is clear is that Microsoft chose the softest possible way to communicate a policy change that benefits tens of millions of users.

For anyone already enrolled in the consumer ESU program, the transition is completely automatic. No re-enrollment, no settings change, no action of any kind. Coverage simply continues through the new end date.

Parameter	Previous	Updated
Consumer ESU End Date	October 12, 2026	October 12, 2027
Windows 10 End of Support	October 14, 2025	Unchanged
Extension Duration Added	N/A	Plus 1 year
Announcement Method	Formal blog post	Editor's note / silent doc update
Action Required for Enrolled Users	,	None, fully automatic

Windows 10 End of Support: The Timeline You Need to Know

To understand why Windows 10 extended security updates matter so much, you have to understand what actually happened on October 14, 2025. That date was not a soft transition. Microsoft ended mainstream support across Windows 10 Home, Pro, Pro Education, and Pro for Workstations running version 22H2. From that point forward, no more free feature updates, no more routine security patches through Windows Update, and no more technical support from Microsoft.

There is one notable exception. Windows 10 LTSC editions operate on a separate, longer lifecycle. Windows 10 LTSB 2016, for example, had its support extended to October 13, 2026. Organizations running specialized or locked-down deployments on LTSC builds need to check their specific version's lifecycle page rather than assuming the mainstream 22H2 timeline applies.

But for the vast majority of Windows 10 users on standard Home and Pro builds, mainstream support is gone. And what that means in practice is something most coverage glosses over.

When Microsoft patches a vulnerability in Windows 11, attackers reverse-engineer that patch to identify the underlying flaw. If that flaw also exists in the shared codebase between Windows 10 and Windows 11, which is frequently the case, then every unpatched Windows 10 device just became a permanent, known-exploit target. Security researchers call this technique patch diffing, and it is one of the primary reasons running an unsupported OS is so dangerous in the months and years following end-of-support.

A real example: CVE-2025-62215 is a Windows Kernel elevation-of-privilege vulnerability that was flagged as actively exploited and patched in November 2025 Patch Tuesday. Devices enrolled in ESU received the fix. Devices that were not enrolled got nothing, and remained vulnerable to a kernel-level attack that can grant full SYSTEM privileges to an attacker.

There is also a less-discussed technical deadline that has already arrived. Microsoft's 2011-era Secure Boot root certificates began expiring in June 2026. The updates required to renew those certificates are being delivered through the ESU program. If you are on Windows 10 without ESU enrollment, your device may eventually experience startup validation failures as those certificates expire, which is a problem that goes beyond missing security patches.

Date	Event
October 14, 2025	Windows 10 end of mainstream support
October 15, 2025	Commercial ESU Year 1 begins; consumer ESU enrollment opens
June 2026	2011 Secure Boot certificates begin expiring; updates delivered via ESU
October 13, 2026	Commercial ESU Year 1 ends; original consumer ESU end date
August 2026	Non-security Windows 10 updates end for all consumers
October 12, 2027	New consumer ESU end date; commercial ESU Year 2 ends
October 10, 2028	Microsoft 365 Apps on Windows 10 security update support ends
October 12, 2028	Commercial ESU Year 3 ends. This is the final Windows 10 security patch ever issued.

One more thing worth flagging: Microsoft 365 Apps running on Windows 10 have their own separate support timeline. Those applications will continue receiving security updates until October 10, 2028, regardless of the OS ESU status. That is important context for organizations where the productivity suite experience often matters as much as the underlying OS.

Windows 10 Extended Security Updates: What ESU Actually Covers and What It Does Not

This is where a lot of users make incorrect assumptions, so it is worth being precise. The Windows 10 security update after end of support is not a return to mainstream support. It is a narrowly scoped vulnerability mitigation bridge, nothing more.

What ESU does: it delivers Critical and Important security updates as classified by the Microsoft Security Response Center (MSRC). These patches arrive through normal Windows Update channels once a device is enrolled. When you enroll, you also receive retroactive patches for any security updates that were released after October 14, 2025 that you missed.

What ESU does not do: it will not deliver feature updates, non-security bug fixes, performance improvements, new hardware or driver support, or technical assistance. If your Windows 10 Pro machine has a software compatibility problem or performance degradation, ESU will not help with that. If you need Microsoft to troubleshoot an issue, you are on your own unless you have a separate paid support plan.

ESU also does not lock you into Windows 10. Enrolling in ESU does not prevent you from upgrading to Windows 11 later if your hardware qualifies. A single ESU license covers up to 10 devices associated with the same Microsoft account, which makes the program unusually flexible for small households and families.

Included in ESU	Not Included in ESU
Critical security patches (MSRC-classified)	Feature updates
Important security patches	Non-security bug fixes
Secure Boot certificate updates	Technical support
Retroactive patches on enrollment	New hardware or driver support
Up to 10 devices per Microsoft account	Compliance guarantees for regulated industries

How to Enroll in Windows 10 ESU for Free: Step by Step

Understanding how to enroll Windows 10 ESU correctly matters because there are prerequisites that catch people off guard. Getting them wrong means your device sits unprotected longer than it needs to.

First, the hard prerequisite: your device must be running Windows 10, version 22H2. If you are on an older feature version like 21H2, you need to update to 22H2 before ESU enrollment is even an option. You can check your version under Settings, then System, then About.

Second, you must be signed into a Microsoft Account (MSA) with administrator privileges. Local accounts cannot complete the enrollment wizard. If you have been using a local account, you will need to link a Microsoft account to your Windows profile before proceeding.

Third, the device cannot be joined to an Active Directory domain or managed through Mobile Device Management (MDM). The consumer program is specifically for personal, unmanaged devices. There is one nuance here that matters for hybrid work environments: Microsoft Entra-registered devices are eligible, but Microsoft Entra-joined devices are not.

Once prerequisites are met, there are four ways to enroll, and three of them are free.

Enrollment Method	Cost	What You Need
Sync PC settings via Windows Backup (OneDrive)	Free	Microsoft account with OneDrive backup enabled
Redeem 1,000 Microsoft Rewards points	Free	Active Rewards account with sufficient points balance
One-time purchase	$30 USD	Payment via Settings enrollment wizard
European Economic Area (EEA) users	Free	Simply log in to Windows 10 with a Microsoft account

To start the enrollment process, go to Settings, then Windows Update. The enrollment wizard should appear there once your device has the required cumulative update installed. Microsoft required KB5063709, the August 2025 cumulative update, to be installed before the enrollment UI would surface reliably. If you do not see the wizard, install all pending Windows updates and check again.

One caution worth repeating: if you are enrolling now rather than having enrolled before October 14, 2025, your device received zero patches between that date and your enrollment date. Microsoft will deliver retroactive patches once you enroll, but there is a real window of unprotected exposure during that gap. Do not leave enrollment on your to-do list any longer than necessary.

If you are already enrolled, stop reading this section. Your coverage automatically extends to October 12, 2027. Nothing required.

Windows 10 ESU Enterprise Cost: The Doubling Pricing Trap

The consumer story above applies to personal, unmanaged devices. Organizations face a very different and considerably more expensive reality with commercial ESU, and the pricing structure is deliberately designed to make delay painful.

Commercial ESU is purchased through the Microsoft Volume Licensing Program, separately from the consumer program. The pricing doubles each year, and organizations cannot skip years. If you want to enroll in Year 2 without having enrolled in Year 1, you have to pay for both years simultaneously. There is no retroactive discount.

ESU Year	Coverage Period	Cost Per Device	Cumulative Per-Device Total
Year 1	October 2025 to October 2026	$61	$61
Year 2	October 2026 to October 2027	$122	$183
Year 3	October 2027 to October 2028	$244	$427
Education (Year 1 / Year 2 / Year 3)	Same periods	$1 / $2 / $4	$7 total

The math gets uncomfortable fast at scale. A company managing 1,000 Windows 10 devices faces $61,000 just for Year 1. Year 2 doubles that to $122,000. By Year 3, the annual bill hits $244,000, bringing the three-year total to $427,000 for those 1,000 devices alone. For many organizations, that number approaches or exceeds the cost of refreshing the hardware fleet and moving to Windows 11.

There are situations where ESU is included at no additional charge. Organizations running Windows 365 Cloud PCs or Azure Virtual Desktop are entitled to ESU without paying per-device fees. If your organization is already subscribed to those services, check your entitlements before purchasing ESU licenses.

The commercial ESU program ends absolutely at October 2028. There is no Year 4. No extension program has been announced for enterprise customers. October 12, 2028 is the last date any Windows 10 device on any program will receive an official Microsoft security patch, ever.

For organizations carrying significant Windows 10 debt, vulnerability management strategy should account for the ESU cost escalation in annual budgeting cycles. An attack surface management program can help you identify which Windows 10 endpoints carry the most risk, so you can prioritize ESU enrollment versus accelerated hardware refresh rather than treating all devices identically.

Third-party options exist for organizations that exhaust commercial ESU. 0patch offers micro-patches for Windows 10 vulnerabilities post-ESU and has a solid track record. It is not Microsoft-sanctioned and introduces vendor dependency, but it may be a viable bridge for specific isolated systems that cannot be retired on a standard timeline.

Windows 10 Unsupported Security Risk: Why Attackers Watch End-of-Support Dates

The Windows 10 unsupported security risk is not theoretical. It follows a pattern that has played out repeatedly in the history of enterprise software, and the mechanisms behind it are specific enough to be worth understanding rather than hand-waving.

The most instructive precedent is WannaCry in 2017. That attack exploited EternalBlue, a vulnerability tracked as MS17-010 in Windows SMB. Microsoft had patched the flaw in March 2017. Organizations that had not applied that patch, many of which were running unsupported versions of Windows, were hit catastrophically. WannaCry caused an estimated $4 billion to $8 billion in damages globally and took down hospitals, shipping companies, and telecom providers in over 150 countries. The mechanism was simple: a known patch, not applied, on machines that had no path to receive it.

The same dynamic applies to Windows 10 today, with one acceleration factor. Attackers do not wait for vulnerabilities to be independently discovered on older platforms. They perform patch diffing against Windows 11 updates to reverse-engineer the underlying flaws and build exploits that work on Windows 10, where no patch exists or will ever exist. The November 2025 Patch Tuesday was a real demonstration of this: CVE-2025-62215, a Windows Kernel elevation-of-privilege vulnerability with active exploitation confirmed, was fixed for ESU-enrolled devices. Non-enrolled Windows 10 devices have a permanent, unfixed kernel exploit they will carry indefinitely.

The population of at-risk devices is enormous. Roughly 35 percent of PCs worldwide still run Windows 10. At the scale of the global installed base, that represents hundreds of millions of endpoints that attackers can scan, probe, and recruit into botnets for spam campaigns, cryptocurrency mining, and distributed denial-of-service attacks. A single vulnerable device in a household or on a corporate network is not just a risk to itself. It can become an entry point for lateral movement or a node in infrastructure that attacks others.

For organizations, the endpoint security implications extend beyond operational risk. Running an unsupported operating system is treated as a control failure under PCI DSS, HIPAA, and GDPR frameworks. That means compliance gaps, potential fines, breach liability, and possible disqualification from cyber insurance coverage. A proactive cyber resilience assessment can identify which systems in your environment carry this risk before a regulator or auditor does.

ESU reduces but does not eliminate risk. Older Windows 10 kernels, driver stacks, and firmware ecosystems accumulate structural weaknesses over time even when monthly patches arrive. The longer a device stays on any end-of-life platform, the more likely it is that a novel exploit succeeds despite active patching. Treat ESU as the risk mitigation bridge it was designed to be, not as a permanent solution.

Windows 10 ESU vs Windows 11 Upgrade: Should You Upgrade or Stay on ESU?

This is the question that matters most after the ESU extension announcement, and the answer depends almost entirely on one thing: whether your hardware can actually run Windows 11.

The Windows 11 upgrade is free for any licensed Windows 10 user on eligible hardware. If your device passes the compatibility check, there is no reason to stay on ESU. Windows 11 receives ongoing security updates, feature improvements, and full vendor support through its own lifecycle. ESU for a compatible device is an unnecessary expense of time and overhead.

The challenge is that the Windows 11 upgrade path has a hardware gate that is considerably more selective than Windows 10's requirements ever were.

Requirement	Minimum Specification	Notes
Processor	8th Gen Intel Core or AMD Ryzen 2000 series or newer	Pre-2018 CPUs are officially unsupported
TPM	TPM 2.0, discrete chip or firmware fTPM (Intel PTT or AMD fTPM)	Mandatory for supported installation
RAM	4 GB minimum	8 GB strongly recommended
Storage	64 GB	SSD significantly improves experience
Firmware	UEFI with Secure Boot enabled	Legacy BIOS with MBR partition is an upgrade blocker
Graphics	DirectX 12 compatible with WDDM 2.x driver	Rarely a blocker on modern hardware

The Windows 11 TPM 2.0 upgrade requirements are the most discussed barrier, and they are real. Microsoft has stated explicitly that TPM 2.0 is non-negotiable and will not be relaxed for any future version of Windows. Approximately 500 million PCs remained on Windows 10 in 2025 because they were upgrade-ready, while another estimated 500 million devices cannot be upgraded at all due to hardware limitations, the majority failing on processor generation or TPM support.

One important practical note: many PCs manufactured after 2015 have a firmware TPM (Intel PTT or AMD fTPM) that is simply disabled in the BIOS by default. Before assuming your PC is incompatible, check your BIOS or UEFI settings. Enabling an existing firmware TPM module can make a previously "incompatible" machine eligible for the free upgrade without any hardware purchase.

Bypass methods exist. Tools like Rufus can create installation media that skips TPM and CPU checks , but devices installed this way are not guaranteed to receive security updates on major feature releases, and Microsoft does not support them. This is a workable path for a test machine or low-stakes system, not for a production endpoint or a device carrying sensitive data.

For devices that genuinely cannot make the jump, the options are:

Enroll in free consumer ESU now and use the time until October 2027 to plan a hardware refresh
Consider lightweight Linux distributions such as Ubuntu, Fedora, or Linux Mint, which receive regular security updates and can extend the functional life of older hardware
Explore ChromeOS Flex for devices where web-based workflows are the primary use case
For organizations, evaluate Windows 365 cloud desktop (starting around $20 per user per month) as a way to deliver a Windows 11 environment to machines that cannot be upgraded locally

Your Situation	Recommended Path
Hardware supports Windows 11	Upgrade now, free, no ESU overhead
Hardware blocked by TPM or CPU	Enroll ESU free immediately, plan hardware refresh before October 2027
Domain-joined enterprise device	Commercial ESU plus a Windows 11 migration roadmap
Legacy app dependency on Windows 10	ESU Years 1 through 3 with parallel app compatibility testing
EEA consumer with a Microsoft account	Free ESU via Microsoft account login. Enroll today.

Windows 10 Market Share 2026: Why Microsoft Really Made This Decision

Microsoft does not extend free programs out of pure altruism. Understanding the business logic behind the ESU extension tells you something useful about how to think about the company's long-term platform strategy.

By February 2026, Windows 11 had reached 72.57 percent share within the Windows ecosystem, with Windows 10 down to 26.45 percent. That 26.45 percent sounds like a shrinking minority, but the combined Windows ecosystem supports well over 1.5 billion active devices globally. Even at a quarter of the market, Windows 10 represents hundreds of millions of machines.

The problem Microsoft faces is that unpatched Windows 10 devices are a systemic risk, not just an individual one. Botnets recruited from unsupported Windows endpoints can attack Microsoft services. Ransomware campaigns that exploit Windows 10 vulnerabilities damage Microsoft's reputation. A massive wave of successfully compromised PCs following consumer ESU expiration in October 2026 would have been a story Microsoft did not want to own. The extension pushes that potential headline out by a year and gives the market more time to flush through Windows 10 hardware naturally.

There is also a consumer sentiment angle. PCWorld noted that the ESU extension arrived the same day Microsoft raised Xbox prices significantly. Whether intentional or coincidental, the optics worked: a consumer-friendly move shared the news cycle with an unpopular pricing decision.

The French anti-obsolescence organization HOP (Halte à l'Obsolescence Programmée, or Stop Planned Obsolescence) praised the extension publicly but was clear that it does not go far enough. HOP argues that Windows 10 security support should be available through at least 2030 and is advocating for regulations that would require software vendors to provide a minimum of 15 years of security updates from the date the last unit of a product is sold. That position reflects a broader debate about software-driven e-waste, but it has not moved Microsoft's stated timeline.

One detail that the extension does not change: Microsoft announced separately that non-security Windows 10 updates for all consumers will cease in August 2026. Even ESU-enrolled devices will stop receiving quality updates, cumulative improvements, and non-security fixes from that point. ESU keeps the security patch channel open. It does not keep Windows 10 as a living, evolving platform.

For consumers making long-term decisions, the honest framing is this: ESU is a lease extension, not a renovation. The building still has a hard demolition date. Plan accordingly.

ESU Eligibility: Who Qualifies and Who Does Not

The consumer ESU program is scoped specifically to personal, unmanaged devices. The boundaries matter because organizations often have machines that look like personal devices but do not qualify due to how they are managed or enrolled.

Device Type	Consumer ESU Eligible?
Windows 10 Home or Pro (version 22H2), personal device	Yes
Active Directory domain-joined devices	No
Microsoft Entra-joined devices	No
Microsoft Entra-registered devices	Yes
MDM-managed devices	No
Windows 10 LTSC editions	Separate LTSC lifecycle applies. Check your version.
EEA users with Microsoft account	Yes, free via Microsoft account login
Cloud PCs (Windows 365)	ESU included at no extra charge
Azure Virtual Desktop	ESU included at no extra charge

The Entra distinction trips people up. A device that is Entra-joined (fully Azure AD managed) is not eligible for consumer ESU. A device that is merely Entra-registered (typically a personal device that has been registered in an organizational tenant without full MDM enrollment) remains eligible. If you are unsure of your device's enrollment status, check under Settings, then Accounts, then Access work or school.

Frequently Asked Questions: Windows 10 ESU 2027

I am already enrolled. Do I need to do anything for the 2027 extension?

No. Coverage automatically continues to October 12, 2027. No re-enrollment, no settings change, no action required.

I never enrolled. Can I still sign up now?

Yes. You can enroll at any time until the program ends on October 12, 2027. Keep in mind that your device has been unprotected since October 14, 2025 or since your last security update, and retroactive patches will be delivered once you enroll. The enrollment gap represents real exposure, so enroll as soon as possible.

Does enrolling in ESU block me from upgrading to Windows 11 later?

No. ESU and the Windows 11 upgrade path are fully compatible. Enrolling in ESU does not lock you into Windows 10.

Does the $30 consumer ESU cover multiple computers?

One ESU license, whether the free version or the paid $30 option, covers up to 10 devices linked to the same Microsoft account.

My PC cannot run Windows 11 because of TPM 2.0. What do I actually do?

Check your BIOS or UEFI settings first. Many PCs have a firmware TPM (Intel PTT or AMD fTPM) that is simply disabled. Enabling it may make your PC eligible for the free Windows 11 upgrade. If your hardware genuinely lacks TPM 2.0 entirely, enroll in free ESU and use the time before October 2027 to plan a hardware refresh. ChromeOS Flex, a lightweight Linux distribution, or Windows 365 cloud desktop are also viable alternatives.

What happens on October 12, 2027 for consumer ESU users?

Consumer ESU ends permanently. No further security updates for Windows 10 consumer devices under any Microsoft program. Only commercial customers with Year 3 ESU enrollment will continue receiving patches through October 2028.

Will Microsoft extend ESU again beyond 2027?

There is no official indication. Groups like HOP are lobbying for continued support, but Microsoft has made no commitments. This extension was itself unannounced until it appeared in documentation. It is possible another extension could happen, but planning around that possibility is not a responsible IT strategy.

Does ESU cover Microsoft 365 Apps on Windows 10?

No. ESU covers only the Windows 10 operating system. Microsoft 365 Apps on Windows 10 have their own separate extended support window running until October 10, 2028, regardless of OS ESU status.

Can I do a Windows 10 update download for version 22H2 if I am on an older build?

Yes. You can update to Windows 10 version 22H2 through Windows Update or by downloading the update directly from Microsoft's official website. Version 22H2 is required for ESU enrollment.

Action Checklist: What to Do Right Now

For home users and consumers:

Start by checking your Windows version under Settings, then System, then About. If you are not on Windows 10 version 22H2, update immediately through Windows Update. A Windows 10 update download to 22H2 is the prerequisite for everything that follows.

Install all pending updates and confirm that recent cumulative updates are applied. Sign in with a Microsoft Account with administrator privileges if you have not already. Navigate to Settings, then Windows Update, and look for the ESU enrollment wizard. If it does not appear, apply any remaining updates and check again.

Run Microsoft's PC Health Check tool to assess whether your machine can upgrade to Windows 11. If it can, upgrade. The Windows 11 upgrade is free for licensed users on eligible hardware, and it eliminates the need for ESU entirely. If your PC fails the health check, enroll in ESU for free using the Windows Backup sync method or Microsoft Rewards points, then begin researching hardware options for a replacement before October 2027.

For IT teams and enterprise security professionals:

Begin with a full inventory of Windows 10 devices across your environment. Classify each device as Windows 11 upgradable, Windows 11 upgradable with BIOS changes, or genuinely incompatible requiring hardware refresh.

For devices that cannot be upgraded, run the ESU cost analysis against hardware refresh costs. For most organizations with 100 or more devices, the three-year ESU total of $427 per device approaches or exceeds hardware replacement cost for many device categories. If you are in Year 1 and have not enrolled commercially, remember that enrolling in Year 2 requires paying for Year 1 retroactively.

Immediately isolate any Windows 10 devices that are neither enrolled in ESU nor on a near-term refresh schedule. Segment them away from sensitive network areas and restrict their internet access where operationally feasible. Keep monitoring for new CVEs that affect Windows 10. Without ESU, each new Patch Tuesday creates another permanent exploit surface on those machines.

Track the June 2026 Secure Boot certificate expiration status. ESU delivers the required certificate updates. Non-enrolled devices may experience startup validation issues as certificates expire.

Build a migration timeline that targets Windows 11 deployment completion before October 2027. Treat ESU as a bridge, not a destination. Incident response costs for a breach on an unpatched Windows 10 endpoint will almost always exceed the cost of a proactive hardware refresh.

Organizations navigating complex Windows 10 environments with legacy application dependencies, mixed managed and unmanaged devices, or significant compliance obligations may benefit from engaging a virtual CISO to build a structured migration and risk management roadmap. A gap assessment against frameworks like NIST or CIS can surface the specific compliance gaps created by running unsupported operating systems across your fleet, giving you the documentation you need for board-level conversations and insurance renewals.

For organizations in regulated industries dealing with PCI compliance or SOC 2 audits, the presence of unsupported Windows 10 devices without active ESU enrollment is a finding that needs to be remediated, not deferred. Document your ESU enrollment status and your Windows 11 migration timeline now.

Windows 10 Extended Security Updates Now Free Until 2027