The October 14, 2025 termination of Windows 10 support has become a pivotal moment for enterprise IT asset disposition, and Iron Mountain is reporting the effects in dollars and cents. In its Q2 2025 earnings, the company’s Asset Lifecycle Management (ALM) segment emerged as one of its fastest-growing businesses, fueled by a wave of corporate device decommissioning tied directly to the operating system’s looming end-of-life. Iron Mountain executives now say customers are treating the refresh not as a one-time disposal event but as a strategic lifecycle opportunity that demands secure data sanitization, integrated asset tracking, and maximum value recovery.

The company’s investor release and SEC filings show that its data center, digital, and ALM businesses collectively grew more than 30% in the second quarter, with ALM revenue projected to be material for the full year. While Iron Mountain does not break out exact ALM growth figures in its headline numbers, management highlighted accelerated revenue from decommissioning and remarketing services during the earnings call and raised guidance partly on that outperformance. The surge is no coincidence: Microsoft’s hard deadline, combined with Windows 11’s strict hardware requirements, is forcing enterprises to retire millions of functional PCs that cannot be upgraded in place. That hardware gating is creating a flood of devices into IT asset disposition (ITAD) channels, and companies like Iron Mountain—with integrated logistics, sanitization, and global remarketing networks—are capturing the influx.

The End-of-Life Event

Microsoft’s official lifecycle policy states that after October 14, 2025, Windows 10 will no longer receive security updates, feature updates, or technical support. Consumer and enterprise editions are affected equally. The company’s support page recommends three paths: upgrade eligible devices to Windows 11 at no cost, enroll in the consumer Extended Security Updates (ESU) program for limited critical patches through October 2027, or replace unsupported hardware with new Windows 11 PCs. Enterprise customers can also purchase ESU for a longer bridge, but that option is priced per device and escalates annually.

Windows 11 imposes baseline hardware requirements that block many older machines. TPM 2.0, Secure Boot, and a list of approved processors mean machines built before roughly 2017 are often incompatible. Analyst estimates, including one widely cited from Canalys, suggest that as many as 240 million PCs worldwide cannot upgrade, raising the prospect of one of the largest single device retirement events in IT history. That incompatibility is the core reason ITAD volumes are spiking. Enterprises cannot simply reimage these devices; they must physically remove them from service, secure the data they contain, and decide whether to remarket, repurpose, or recycle them.

Iron Mountain’s ALM Surge

Iron Mountain’s Q2 2025 press release and 10-Q filing underscore the material impact of the Windows 10 sunset. The company reported record quarterly revenue, and its growth businesses—data center, digital solutions, and ALM—collectively grew more than 30% year over year. While the exact ALM growth rate is not disclosed separately in public summaries, the company’s investor presentation calls out ALM as a key growth driver, particularly in the decommissioning of data center and end-user computing assets. Guidance was raised for the full year, partly on the strength of this segment.

Rob Makin, senior vice president of commercial ALM at Iron Mountain, told Resource Recycling that inbound device volumes and customer interest in formal ITAD programs have increased significantly as organizations prepare for the cutoff. “Customers are approaching this not simply as a software upgrade but as a hardware lifecycle event that must be managed for security, value recovery, and sustainability,” Makin said. That shift is reflected in the types of engagements Iron Mountain is winning: large enterprises are signing multi-year contracts that integrate asset management platforms with full-service decommissioning workflows, moving away from spot-fix disposals.

A Strategic Shift in Disposition

The traditional view of IT disposal as a cost center is crumbling under pressure from compliance mandates, ESG reporting requirements, and the sheer scale of the current refresh. Enterprises now demand that ITAD providers offer serialized tracking, auditable chain-of-custody, certified data destruction, and detailed reports on recovered materials and carbon avoided. Iron Mountain’s ALM offering is built to meet these demands, with APIs that connect directly to IT asset management (ITAM) systems, automated manifests, and a global network of refurbishment and remarketing channels.

This integration is critical. When an organization decommissions a thousand laptops, each device must be scanned, its storage sanitized or destroyed, and its ultimate fate documented—whether it is sold into the secondary market, donated, or shredded for recycling. The data must flow back into the ITAM system so the company can remove the asset from its books, prove compliance to auditors, and report on sustainability metrics. Iron Mountain’s Q2 results suggest that such end-to-end programs are rapidly becoming the norm, not the exception. Customers are buying into the idea that a well-managed refresh can offset a significant portion of the cost of new hardware through remarketing revenue.

Security Imperatives

The data security implications of the Windows 10 end-of-life are not trivial. Unsupported operating systems become increasingly vulnerable to exploits, and devices that leave an organization’s control without proper sanitization can lead to costly data breaches. Regulated industries such as healthcare, finance, and government face additional pressure: many regulatory frameworks require that all endpoints processing sensitive data run supported operating systems with current security patches. Once Windows 10 support ends, retaining those devices without compensating controls—network segmentation, application allow-lists, strict access management—is a compliance violation.

Iron Mountain emphasizes that secure sanitization must be non-negotiable. The company follows NIST Special Publication 800-88 Rev. 1, the U.S. government’s standard for media sanitization, which specifies methods for clearing, purging, and destroying storage media. The draft revision 2, published for public comment in 2025, further underscores the need for programmatic sanitization, validation, and logical sanitization for cloud and hybrid environments. Enterprises are demanding that ITAD providers issue serialized Certificates of Destruction or Sanitization that can be retained for audit purposes. A simple factory reset or user-level deletion is insufficient; only validated processes that produce forensic-proof destruction evidence will satisfy enterprise procurement and compliance teams.

Environmental Implications

The environmental stakes are enormous. The UN’s Global E-waste Monitor 2024 reported that the world generated a record 62 million tonnes of e-waste in 2022, with formal recycling rates lagging far behind. The potential addition of hundreds of millions of Windows 10-era devices into the waste stream could overwhelm recycling infrastructure and exacerbate the environmental harm of improper disposal. While many of these devices will find second lives through refurbishment and remarketing, a portion will inevitably be shredded or landfilled if not managed carefully.

This is where the circular-economy angle becomes critical. Iron Mountain and other large ALM providers prioritize reuse before recycling. Devices that cannot run Windows 11 may still be viable with ChromeOS Flex, Linux, or as terminal servers. Higher-value components—SSDs, RAM, processors—can be harvested and sold. Data center decommissioning adds another layer: entire server racks are being retired in parallel, and their CPUs, memory modules, and networking cards have active secondary markets. By grading, repairing, and remarketing as much as possible, enterprises can reduce their carbon footprint and report the avoided emissions as ESG gains. Iron Mountain’s marketing materials explicitly frame ALM as a lever for sustainability reporting, and the Q2 results confirm that this message resonates with corporate buyers.

Operational Playbook for Enterprises

For IT decision-makers, the Windows 10 end-of-life demands a structured program, not a last-minute scramble. Experience from prior operating system sunsets shows that organizations that plan early capture higher remarketing value and avoid security gaps. The following operational steps are distilled from conversations with Iron Mountain and best practices in the ITAD industry:

  • Audit every endpoint now. Know each device’s model, CPU generation, TPM status, storage type, and application dependencies. This inventory is the foundation of any segmentation and disposition plan.
  • Segment devices by risk and value. High-risk devices (those processing regulated data) require the strictest sanitization protocols. High-value devices (recent models with aftermarket appeal) should be flagged for remarketing. Legacy devices near true end-of-life may go directly to certified recycling.
  • Integrate ITAM with ALM. Use APIs to automate handoffs, manifests, and reconciliation. Serial-level tracking reduces manual errors and speeds the time from decommissioning to sale or recycling, which protects remarketing margins and improves security posture.
  • Prioritize reuse. Test for Windows 11 compatibility in place. Where that fails, evaluate ChromeOS Flex or lightweight Linux distributions for non-sensitive uses. Component upgrades—adding an SSD or RAM—can extend a device’s useful life and increase its resale value.
  • Insist on validated sanitization. Require your ITAD provider to follow NIST SP 800-88 standards and provide digital Certificates of Destruction. Retain these certificates as part of your compliance documentation.
  • Plan for market volatility. As millions of devices flood the secondary market simultaneously, prices for used PCs will likely dip. Consider staggering refreshes across quarters to avoid dumping inventory into a depressed market. Use channel diversification—consumer resellers, corporate remarketers, parts buyers—to optimize returns.

What’s Next?

The October 2025 deadline is just the beginning of a multi-year transition. The consumer ESU offer will keep some devices patched until 2027, and enterprise ESU can extend that further at a cost. But these are temporary measures. The long-term direction is clear: Windows 11 adoption will continue to grow, and the hardware gating that defines this upgrade will permanently reshape the composition of corporate fleets. ITAD is no longer an afterthought; it is a board-level concern that intersects cybersecurity, ESG, and financial planning.

Iron Mountain’s Q2 performance signals that the market is already responding. Other large ITAD providers are likely to see similar demand spikes, though their financials may not be as public. For enterprises, the takeaway is unmissable: the organizations that embed asset disposition into their strategic planning, demand auditable outcomes, and align with capable partners will not only navigate the Windows 10 end-of-life safely but will turn it into a financial and sustainability win. Those that delay risk data breaches, regulatory fines, and a missed opportunity to recover value from end-of-life assets. In an era where every tonne of e-waste and every security incident is tracked and reported, the choice of ITAD partner is no longer a commodity decision. It is a statement of corporate responsibility.