Microsoft has quietly flipped the switch on a consumer Extended Security Updates (ESU) program, giving individual users three distinct enrollment paths to keep receiving critical security patches after Windows 10’s official end-of-support date on October 14, 2025. An on‑device enrollment wizard—rolling out in phases—lets eligible Windows 10 22H2 devices sign up for one year of updates either by syncing Windows Backup to OneDrive, redeeming 1,000 Microsoft Rewards points, or paying a $30 one‑time fee. All three routes grant the same limited benefit: access to critical and important security fixes through October 13, 2026, but no feature updates, non‑security bug fixes, or technical support.

This move addresses a gaping security hole for millions of PCs that can’t easily jump to Windows 11 due to strict hardware requirements like TPM 2.0, Secure Boot, and modern processors. Earlier this year, Microsoft confirmed that Edge and WebView2 would keep receiving updates on Windows 10 22H2 until at least October 2028, but kernel‑level threats remain a serious concern without monthly OS patches. The ESU bridge is explicitly temporary: it buys planning time, not a permanent stay.

What’s Changing on October 14, 2025

Windows 10 version 22H2—the final feature update—will stop receiving all free security patches and quality improvements. The operating system will still boot and run, but new vulnerabilities discovered after that date will remain unpatched unless a device is enrolled in ESU, manually isolated, or upgraded. Microsoft’s lifecycle calendar has been public for years, but the sheer size of the Windows 10 install base forced the company to create a consumer safety valve. Without it, tens of millions of perfectly functional but aging PCs would become attack vectors overnight.

Security researchers have long warned that unpatched systems are prime targets for ransomware and credential theft. The ESU program reduces that risk for households—provided they act before the October deadline. Microsoft’s own documentation stresses that ESU is “not a replacement for migration planning” and should be treated as a strictly time‑boxed defensive measure.

Three Enrollment Paths: OneDrive, Rewards, or $30

When you open the enrollment wizard—visible in Settings > Update & Security > Windows Update for eligible devices—you’ll see three choices:

  • Sync Windows Backup to OneDrive – This option is free if your backup fits within your existing OneDrive storage. The free tier is only 5 GB, so anyone with large Documents, Photos, or Desktop folders may need to buy additional storage. The ESU license activates once Windows Backup is enabled and linked to a Microsoft account.
  • Redeem 1,000 Microsoft Rewards points – Active Rewards members who have accumulated at least 1,000 points can use them instead of cash. Earning points through Bing searches and daily tasks is straightforward, but users have reported occasional redemption errors. Microsoft’s Q&A forums document cases where the reward cannot be redeemed for ESU registration, suggesting a phased or region‑dependent rollout.
  • Pay a one‑time $30 fee – The simplest path for those who don’t use OneDrive or Rewards. The purchase is tied to a Microsoft account and covers one device for the full year. Notably, even the paid tier requires a Microsoft account—there is no local‑account bypass.

All three options are tied to a single Microsoft account, which can be used to enroll up to ten devices. The ESU license is not transferable, and coverage ends promptly on October 13, 2026, regardless of when you enrolled. This is a departure from enterprise ESU programs, where organizations can buy multi‑year coverage at escalating costs.

Important Nuances

  • The wizard is rolling out in stages. Windows Insiders saw it first, and broad availability began mid‑2025. If you don’t see the enrollment link yet, ensure your PC is on Windows 10 22H2 and fully updated.
  • OneDrive backup could cost more than $30. Heavy backup users may find that a Microsoft 365 subscription ($1.99/month for 100 GB) exceeds the one‑time $30 fee within two years. Evaluate your actual storage needs before choosing.
  • Rewards redemption issues exist. While generally functional, the process isn’t bulletproof. Some users hit “you can’t redeem this rewards offer” errors; testing early is advised.
  • A Microsoft account is mandatory. This has irritated privacy‑conscious users who prefer local accounts. Even the paid $30 path forces a cloud identity linkage.

Step‑by‑Step Enrollment

  1. Confirm you’re on Windows 10, version 22H2. The consumer ESU applies only to Home, Pro, Pro Education, and Workstation editions. Enterprise ESU is handled separately via volume licensing.
  2. Back up critical files using your preferred method. A full system image is ideal; at minimum, ensure important data exists in at least two locations (local and cloud).
  3. Open Settings > Update & Security > Windows Update. If eligible, you’ll see an “Enroll in ESU” notification or similar link. Launch the wizard.
  4. Select your enrollment method:
    - If using OneDrive, enable Windows Backup and sign in with your Microsoft account. Verify your backup scope fits within your storage quota.
    - If using Rewards, click through to redeem 1,000 points. A confirmation screen should appear; if it fails, try again or switch to another method.
    - If paying, enter payment details and complete the $30 transaction.
  5. Verify enrollment. Check Windows Update history for an entry confirming ESU activation. Your device will now receive monthly security updates through October 2026.

What ESU Covers—and What It Doesn’t

ESU delivers only security‑classified patches rated “critical” or “important” by Microsoft’s Security Response Center. You will not receive:

  • Feature updates (there will never be a Windows 10 23H2)
  • Quality‑of‑life improvements or non‑security fixes
  • Technical support beyond activation issues
  • Firmware or driver updates from Microsoft (OEMs may independently provide them)

This is a deliberately narrow lifeline. It mitigates the worst vulnerabilities—remote code execution flaws, privilege escalations—but leaves the OS itself frozen in place. Third‑party software support will also wane; antivirus vendors and peripheral makers may drop Windows 10 support during the ESU year.

Microsoft has decoupled Edge and WebView2 from the OS lifecycle, meaning those components will receive updates through at least October 2028 even on non‑ESU devices. That lowers the browser‑based attack surface, but kernel‑level exploits remain unaddressed without ESU enrollment.

Why Many Users Will Stay on Windows 10

The Windows 11 hardware floor is the primary culprit. TPM 2.0, UEFI Secure Boot, and a strict processor list exclude hundreds of millions of otherwise capable PCs. A custom desktop built in 2017 with a fast Core i7 may be refused simply because its TPM is version 1.2 or its CPU is unsupported. For cash‑strapped households or small businesses, a $30 stopgap is far cheaper than a $500+ replacement.

Application compatibility is another driver. Legacy line‑of‑business software, specialized peripherals, and even some games only run reliably on Windows 10. The ESU year gives IT staff and power users time to fully validate migrations, re‑test critical workflows, or containerize aging applications in virtual machines.

Finally, gradual planning is a rational use of ESU. A family with three aging laptops can stagger device replacements over 12 months rather than incurring a lump‑sum expense. ESU provides that breathing room if—and only if—accompanied by a concrete migration timeline.

Risks, Tradeoffs, and Hidden Catches

ESU is not a free lunch. Users must understand several pitfalls:

  • Account dependency. All consumer enrollment paths require a Microsoft account, forcing a transition away from local‑only sign‑ins. This has sparked frustration among those who value privacy or simplicity.
  • OneDrive cost. The “free” sync path is only free if your backup fits the 5 GB cap. Anything beyond that requires a paid Microsoft 365 subscription—potentially more expensive than the $30 fee over time.
  • Reward redemption hiccups. Forum posts and support threads show that the Rewards redemption can fail for some users, seemingly tied to account region or status. Microsoft hasn’t publicly clarified the eligibility criteria.
  • Extremely short window. One year flies by. Without active migration planning, users will face the same cliff in October 2026, only this time with fewer options and potentially higher costs. Enterprise ESU can extend further, but at steep per‑device prices.
  • Driver and app abandonment. Even with ESU, hardware vendors may stop releasing Windows 10 drivers. A new printer or GPU bought in 2026 might lack official Windows 10 support, creating compatibility dead ends.

Long‑Term Alternatives to ESU

ESU is a bridge, not a destination. Wise users will explore one of these permanent solutions during the ESU year:

  • Upgrade to Windows 11. The recommended path for any PC that meets the requirements. Use Microsoft’s PC Health Check tool or the Settings > Windows Update page to verify eligibility. The upgrade is free for compatible devices running genuine Windows 10.
  • Hardware refresh. Older desktop PCs can sometimes be upgraded by adding a TPM module or swapping in a supported CPU, but this is rarely feasible for laptops. Budget $400–$800 for a new Windows 11 machine.
  • Migrate critical workloads to cloud VMs. Windows 365 and Azure Virtual Desktop can host legacy apps in a secure, isolated environment. Microsoft often includes ESU at no additional cost for cloud‑hosted Windows 10 instances.
  • Switch to an alternative OS. Linux distributions like Ubuntu, Fedora, or Linux Mint offer long‑term support, strong community backing, and excellent hardware compatibility on older machines. This works best for users who aren’t tied to Windows‑only software.

A Practical 30‑Day Action Plan

  1. Inventory your devices. List every Windows 10 PC in your household, noting its edition, version, TPM version, and any critical software that ties it to Windows.
  2. Back up everything, right now. Create a full disk image and a separate copy of irreplaceable files. If you plan to use the OneDrive enrollment route, verify your available storage quota and either pare down data or budget for extra space.
  3. Test Microsoft Rewards early. If you intend to use points, confirm you have 1,000 and attempt a mock redemption (or the actual enrollment) well before the deadline. Have a backup plan ready.
  4. Decide per‑device. For each PC, choose: enroll in ESU, upgrade to Windows 11, replace the hardware, virtualize legacy workloads, or switch to Linux. Write down a specific timeline and budget for each.
  5. Harden remaining Windows 10 devices. Even with ESU, enable BitLocker, restrict admin accounts, keep Edge updated, and consider network segmentation for older boxes that can’t be replaced immediately.

What Reporters and the Community Got Right

Tech journalists have largely praised Microsoft’s multi‑path approach as pragmatic and consumer‑friendly. The $30 fee is far cheaper than the enterprise ESU first year ($61), and the free options—if used carefully—put a security net within reach of almost anyone. Coverage from Ars Technica and BleepingComputer correctly noted that the OneDrive and Rewards routes are “strings attached,” but they still represent a meaningful concession from Microsoft.

At the same time, the phased rollout and scattered Rewards glitches haven’t been widely publicized. A quick scan of Microsoft’s own Q&A forums reveals users who encountered redemption failures without clear resolution. This nuance is crucial for anyone banking on a free ride: test early, and don’t wait until October 13, 2025 to discover a problem.

The Bottom Line

Microsoft’s consumer ESU program is a sensible, time‑limited safety net for the millions of PCs that can’t—or won’t—move to Windows 11 immediately. It offers genuine protection against remote code execution and privilege escalation flaws for one year, either free or for a modest fee. But it’s not a substitute for modernization.

The October 14, 2025 deadline is firm. Enrolling via OneDrive, Rewards, or $30 keeps your device patched until October 2026. Use that window intentionally: inventory your hardware, test application compatibility, schedule upgrades, and execute a migration plan before the bridge collapses. ESU is a lifeline, not a lifestyle. Grasp it firmly, but don’t mistake it for dry land.