Purdue University Northwest has drawn a line in the sand: all Windows 10 workstations must be upgraded to Windows 11 or replaced by August 2025 — a full two months before Microsoft officially ends support for the operating system on October 14. The university’s IT department recently delivered the stark warning to faculty and staff through a campus-wide email, cautioning that ignoring upgrade notifications could render their machines non-functional after the October deadline. This aggressive internal timeline reflects the growing urgency among organizations to avoid the security and operational risks of unsupported software, and it highlights the hard choices that come with Microsoft’s strict hardware requirements for Windows 11.
Microsoft’s end-of-support date for Windows 10, version 22H2 and applicable editions, has been fixed on the calendar for years. On October 14, 2025, the company will stop issuing routine security, quality, and feature updates for the operating system. While the machines will continue to boot and run, they will become progressively more vulnerable as newly discovered exploits go unpatched. For institutions like Purdue Northwest, this is a compliance liability as much as a security one: regulated research, healthcare data, and financial systems must run on supported platforms to meet internal policies and external standards. Three official paths exist for those still holding onto Windows 10: upgrade eligible devices to Windows 11 for free, enroll in the Extended Security Updates (ESU) program for a limited extension of security patches, or replace unsupported hardware outright.
Purdue Northwest’s approach is a textbook example of how a large organization should handle an operating system transition. Since early 2025, the IT team has been distributing hardware audit reports to departments, identifying machines that are incompatible with Windows 11 and must be retired. Desktop notifications have been popping up on Windows 10 workstations, categorizing each system as either “compatible” — meaning the user can upgrade when ready — or “not compatible,” signaling that replacement or remediation is necessary. Both messages include a link for further instructions, but the email sent on September 8, 2025, added an unmistakable sense of urgency: “If you ignore these messages, your workstation may not function after October 2025!” Supervisors are asked to ensure their teams respond to the alerts.
That hard deadline of August 2025 for completing upgrades and replacements was chosen to give the university a buffer before Microsoft’s October cutoff. It allows time for testing, training, and handling any last-minute technical hiccups. For IT departments, such staged migrations are the only way to avoid a chaotic scramble in the final weeks, when support queues balloon and supply chains for new hardware get squeezed. The message also referenced that users were receiving updated hardware audit reports, so departmental leaders could plan budgets and prioritize the most critical systems.
Windows 11’s hardware requirements are the root of the upgrade dilemma. Unlike previous transitions, Microsoft imposed a strict minimum baseline designed to raise platform security. A 1 GHz or faster 64-bit processor with two or more cores is just the start; the device must have 4 GB of RAM, 64 GB of storage, UEFI firmware with Secure Boot capability, and — most controversially — Trusted Platform Module (TPM) version 2.0. Any machine lacking a TPM 2.0 chip or Secure Boot, or whose processor isn’t on Microsoft’s approved CPU list, is automatically blocked from an in-place upgrade. The PC Health Check tool administers this verdict with a simple pass/fail message, but for a university with thousands of aging lab computers and faculty desktops, the tool often returns a harsh reality: many otherwise functional systems from 2017 or earlier must go.
Purdue Northwest’s audit process revealed just how many endpoints fell on the wrong side of that compatibility line. The replacement cost is not trivial, even if new devices are budgeted over time. For lab environments where specialized software requires driver validation and rigorous testing, the timeline is even tighter. The IT department’s early start with hardware audits and direct notifications was a deliberate strategy to spread the workload and avoid a bottleneck.
For devices that cannot be replaced in time, Microsoft’s Extended Security Updates offer a temporary safety net. The consumer ESU program, announced earlier this year, allows eligible Windows 10 PCs to receive critical security patches for one additional year, through October 13, 2026. Enrollment mechanisms include syncing a Microsoft account, redeeming Microsoft Rewards, or paying a modest fee. On the enterprise side, organizations pay a per-device fee that escalates annually if they opt for the full three-year ESU program. Both options are explicitly security-only — no new features or quality-of-life fixes — and Microsoft frames them as bridge solutions for migrations still underway. Purdue Northwest’s messaging doesn’t highlight ESU as a primary path; the university’s bold “upgrade or replace” stance suggests it wants to avoid the long-term cost and risk of a patchwork extended-support model.
The risks of continuing to run Windows 10 after October are not hypothetical. An unpatched operating system is a prime target for ransomware gangs and other attackers who thrive on known vulnerabilities. In a campus network handling student records, research data, and administrative systems, one unpatched machine can become a foothold for lateral movement. Regulatory frameworks like HIPAA, FERPA, and PCI-DSS often require that systems handling covered data remain on a vendor-supported OS. Even application compatibility becomes a double-edged sword: vendors increasingly stop testing and supporting their software on Windows 10 after its end-of-life, leaving users in a no-win situation. Purdue Northwest’s warning that workstations “may not function” is a practical acknowledgment that institutional IT may be forced to block network access for out-of-compliance devices to contain the threat.
For other organizations watching this transition, Purdue Northwest’s playbook offers a actionable template. First, inventory every Windows 10 device and record its build, CPU, RAM, storage, TPM status, and Secure Boot capability. Run the PC Health Check tool centrally to classify machines as upgradeable or not. Identify business-critical applications early and test them on Windows 11 in a pilot ring. For compatible devices, schedule staged in-place upgrades during off-hours, with full backups and rollback plans. For incompatible ones, evaluate whether a targeted hardware upgrade — adding a TPM module, for instance — is cost-effective, or whether a full replacement makes more financial sense. Virtualization or Desktop-as-a-Service can temporarily host legacy applications on modern infrastructure while the old hardware serves as a thin client. Finally, document any system that must remain on Windows 10 under ESU, with compensating controls like network segmentation, enhanced endpoint detection and response, strict access limitations, and immutable backups. These measures are stopgaps, not substitutes for vendor patches, but they reduce the blast radius of a potential breach.
Budgeting for this transition can be painful. A new Windows 11-capable laptop or desktop often costs less than the labor and support hours required to keep an obsolete machine limping along under ESU. Spreading purchases across fiscal years and aligning them with academic semesters can ease the financial shock. Trade-in programs and certified electronics recycling also help offset the environmental impact of mass hardware disposal. E-waste from forced upgrades has drawn public scrutiny, with consumer advocates questioning whether Microsoft’s strict requirements unnecessarily accelerate hardware churn. Some legal actions have emerged challenging the lifecycle decisions, but none have altered the October 14, 2025 deadline. Pragmatically, institutions must plan around that date as a hard reality.
Purdue Northwest’s chief strengths in this process are its early communication, systematic audits, and unambiguous internal deadline. Setting a target of August gives everyone a concrete finish line and reduces the probability that a December ransomware incident on an unpatched Windows 10 box makes headlines. The desktop notifications, with their clear bifurcation into “compatible” and “not compatible,” eliminate ambiguity. The university’s directive to notify supervisors and contact the campus service center ensures that inertia does not trump security.
What remains to be seen is how well departments can actually procure and image hundreds of new machines during a supply chain that may still be recovering from post-pandemic disruptions. The timeline leaves little room for error. But the alternative — a campus running a mix of unsupported and partially supported systems — is far riskier. As the October 14 knife-edge approaches, other organizations would do well to mimic Purdue Northwest’s urgency. Microsoft’s ESU program may buy time, but it cannot buy safety. The clock is ticking not just for Windows 10, but for every IT team that has yet to begin the inventory process. The most prudent path is to start now, prioritize the highest-risk systems, and communicate with unwavering clarity. The August ultimatum from Purdue Northwest is not just a local policy — it’s a bellwether for the enterprise world.