Free Windows 10 support ended on 14 October 2025. If that date has already passed you by, you're not alone, most businesses we talk to are still running at least a handful of Windows 10 devices. The risk isn't dramatic or immediate. It's quieter than that, and it compounds the longer it's left.

In short: Free Windows 10 support ended on 14 October 2025. Your PCs still boot and run, but they no longer receive security patches, so every vulnerability found from that date onward stays open. Your realistic options are to migrate eligible devices to Windows 11, buy Microsoft's Extended Security Updates as a temporary bridge (from around $61 per device in Year One, doubling each year to October 2028), or refresh hardware that can't run Windows 11.

Here's what actually changed, what your options are, and the plan we'd run if this were our own estate.

What does "end of life" actually mean?

From 14 October 2025, Windows 10 stopped receiving free security updates, feature updates and general technical support from Microsoft. The operating system didn't switch off. Your devices still boot, your applications still run, and nothing broke overnight. What changed is that every vulnerability discovered from that date onward goes unpatched on any device still running standard Windows 10.

That's the part that's easy to underestimate. Unsupported software doesn't fail loudly. It just sits there, quietly more exposed with every month that passes, until something exploits a gap that would have been closed on a supported version.

Does ESU fix the problem, or just buy time?

Microsoft's Extended Security Updates programme is the official bridge. For businesses, ESU is purchased through the Volume Licensing Program at $61 USD per device for Year One, and, per Microsoft's published pricing, the price doubles each consecutive year, for a maximum of three years. Run the maths and ESU can, in principle, extend protection all the way to October 2028, but at escalating annual cost that's designed to push you toward migrating rather than renewing indefinitely.

It's also worth being precise about what ESU covers, because it's easy to assume it's a like-for-like extension of normal support. It isn't.

  • ESU delivers critical and important security patches only
  • It does not restore feature updates or general improvements
  • It does not include standard Microsoft technical support
  • It does nothing to address hardware or driver support as vendors move on

In other words, ESU keeps the door locked. It doesn't fix anything else about running an operating system Microsoft has otherwise stopped developing.

Timeline showing Windows 10 end of support in October 2025, the three years of Extended Security Updates with doubling annual cost, and unsupported status from October 2028
Windows 10 support timeline: free updates end October 2025, ESU bridges to 2028 at doubling annual cost, then the OS runs fully unsupported.

What's the risk most businesses miss? Insurance and compliance

Security exposure is the obvious risk. The one that catches businesses out is less obvious: cyber insurance. Policies are increasingly written to require that covered systems run supported, patched software. If you file a claim after a breach, and the affected systems had already fallen out of support or ESU coverage, insurers have grounds to deny the claim outright on that basis alone.

"The device that fails you isn't the one that gets breached. It's the one that gets breached and voids your cover at the same time."

That's a materially different conversation to have with your board than "our patching is a bit behind." It turns an IT housekeeping item into a line of business risk that finance and leadership need to know about, not just IT.

What's the practical plan, not a panic?

None of this means an emergency rip-and-replace this month. It means treating this as a managed, phased project with a clear end date. This is the order we work through with clients:

  1. Audit first. Get an accurate device inventory: what's still on Windows 10, what hardware it's running on, and whether that hardware even supports Windows 11. You can't prioritise what you haven't counted.
  2. Prioritise by exposure. Internet-facing devices, machines handling customer data, and anything covered by your cyber insurance policy or compliance obligations move to the front of the queue. A back-office machine with no network exposure is a lower priority than a laptop that travels and connects to client sites.
  3. Plan the Windows 11 migration in phases. Group devices by hardware eligibility and business function. Devices that can take Windows 11 today should move first; devices that can't need a hardware refresh built into the plan, not discovered halfway through.
  4. Use ESU only where it earns its keep. For devices that genuinely need more runway, whether that's an ageing line-of-business application still being tested for compatibility, hardware on order, or staff retraining in progress, ESU is a legitimate bridge. It's a poor long-term strategy applied to an entire estate.
  5. Set a hard date and work back from it. Every day ESU runs without migration progress behind it is a day of escalating cost for no forward motion. Treat the ESU window as a countdown, not a comfort blanket.

This is exactly the gap our Legacy Modernisation & OS Migration service is built to close: a proper audit, a phased migration plan that matches your hardware and application reality, and ESU used deliberately where it makes sense rather than as a default.

Windows 10 isn't going to fail you overnight, and that's precisely the problem. Nothing forces the decision, so it's easy to leave for later. Later gets more expensive every year ESU renews, and the exposure sits there the entire time. The businesses that come through this cleanly are the ones treating it as a project with a plan now, not the ones waiting for a reason to act.

SC
Systech Cloud Team

The Systech IT Solutions cloud team, helping UK businesses get more from their Microsoft investment.