Windows 10 reached end of mainstream support on 14 October 2025. Microsoft’s Extended Security Updates programme provides a paid runway for organisations that genuinely need it, but the underlying message is clear: Windows 10 is no longer the right place for your fleet, and the longer it stays, the more it costs you.

What “end of life” actually means

End of life does not mean Windows 10 stops booting. It means Microsoft no longer issues regular security patches, no longer fixes most bugs, and provides no official support for new hardware or new versions of Microsoft software. From a security and compliance perspective, this matters in several specific ways:

  • Newly disclosed vulnerabilities will not be patched on the consumer track. Adversaries know this. Unsupported operating systems become disproportionately targeted.
  • Compliance frameworks treat unsupported OS as a finding. ISO 27001 auditors, Essential Eight assessors, and most cyber insurance underwriters will flag fleets running unsupported operating systems.
  • Software vendors deprecate support faster. Browsers, security tooling, and core productivity applications begin dropping Windows 10 compatibility within 12–24 months.

The Extended Security Updates option

Microsoft offers a paid Extended Security Updates (ESU) programme for Windows 10. It is intentionally priced to be uncomfortable: it exists for organisations that genuinely need a runway, not as a long-term resting place. Pricing typically escalates each year. ESU is a tactical bridge, not a strategy.

Migration paths

Most organisations have three real options:

  1. In-place upgrade to Windows 11. Where hardware meets the requirements (TPM 2.0, supported CPU, sufficient RAM/storage), in-place upgrade is usually the lowest-friction path.
  2. Hardware refresh. Where existing devices do not meet Windows 11 requirements, the refresh cycle should be brought forward and combined with operating system migration. Trying to keep ageing hardware on Windows 11 through firmware-bypass tricks is not a sustainable plan.
  3. Cloud-PC or virtual desktop. For specific workforce segments — contractors, BYOD, regulated roles — a Windows 365 or Azure Virtual Desktop pattern shifts the maintenance burden and can simplify compliance.

What we typically recommend

Audit before procuring. Build an authoritative inventory of every Windows endpoint: model, age, hardware compatibility status, primary user, and business criticality. Migrations driven by inventory go smoothly; migrations driven by guesswork generate surprise.

Pilot, then scale. Migrate one well-understood team first. Identify the application compatibility issues, the user-experience changes, and the support volume. Then scale.

Take the opportunity for hardening. The migration is a natural moment to apply MDM enrolment (Intune), enable BitLocker, enforce Defender baselines, and tighten admin privilege.

Plan for application compatibility. The most common migration delay is not the operating system itself; it is one or two line-of-business applications that no one has tested on Windows 11. Test those early.

Where Asset Hosting fits

For Asset Hosting clients, end-of-life migrations are part of the normal lifecycle of managed infrastructure. If you are looking at a Windows 10 fleet without a clear plan and would like an honest assessment of the work involved — including realistic timeline and cost — we are glad to help.