Windows 10's end-of-support deadline is now mere weeks away, and Microsoft's offer of a free extra year of security updates comes with strings attached: a mandatory Microsoft Account and OneDrive backup sync. On October 14, 2025, all standard patching halts for the aging operating system, leaving an estimated hundreds of millions of PCs exposed unless their owners take action. Microsoft's Extended Security Updates (ESU) program plugs that hole for twelve months—until October 13, 2026—but the free route is anything but a no-strings-attached gift.
This week, confirmation from multiple sources, including Microsoft's own documentation and reporting by Windows Central, underscores a critical change: even the $30 paid tier now demands a Microsoft Account, a departure from earlier assumptions that a local account would suffice. For privacy-conscious users and enterprises alike, the calculus has shifted. Here's exactly how the program works, what you must do before the cutoff, and the gotchas that could leave your machine unpatched.
What the Extended Security Updates Program Actually Covers
ESU is not an extended support lifecycle; it's a narrow safety valve. Enrolled devices receive only security patches—no feature updates, no bug fixes, no technical support from Microsoft. Think of it as a cryptographic gauze pad, not a full cast. After October 13, 2026, even that ends, and Windows 10 becomes truly unsupported.
The program applies to consumer editions running Windows 10 version 22H2. If your PC isn't on that build, you're ineligible. Microsoft's official ESU page lists three enrollment methods:
- Free: Sign in with a Microsoft Account and enable Windows Backup, which syncs PC settings to OneDrive.
- Microsoft Rewards: Redeem 1,000 rewards points.
- Paid: A one-time $30 fee (local currency equivalent) per license, covering up to 10 devices linked to the same Microsoft account.
All three paths now require that Microsoft Account. The paid option was initially thought to work with a local account, but Microsoft tightened the rules in mid-2025, as Windows Central reported. This shift aligns the consumer ESU with Microsoft's broader push into account-based licensing.
Step-by-Step: How to Enroll Before the Deadline
Microsoft began a phased rollout of the "Enroll now (ESU)" wizard inside Windows Update in July 2025, but a bug caused the wizard to crash when clicked. The August 2025 cumulative update (KB5063709) fixed that crash, though some machines still don't see the toggle due to the staggered deployment. Microsoft told Windows Latest that everyone will see the option before the EOL date, but you can't rely on a last-minute appearance—especially given the side effects of the very update that fixes enrollment.
Here's the surest path, based on tests conducted by Windows Latest and confirmed by Microsoft's support documentation:
- Verify you're on Windows 10 22H2. Open Settings > System > About and check the OS build. If you're on 21H2 or earlier, upgrade immediately.
- Install the latest cumulative updates. In particular, ensure KB5063709 (or a later rollup) is applied. This update enables the enrollment wizard and resolves the crash bug. You can fetch it via Windows Update or the Microsoft Update Catalog.
- Sign in with a Microsoft Account that has admin privileges. If your PC uses a local account, switch to an MSA. The account must be an administrator on the machine.
- Navigate to Settings > Update & Security > Windows Update. Look for a link that says "Enroll now" or "Enroll in Extended Security Updates." If you don't see it, wait a day or two—but don't wait until October. Microsoft's rollout is phased, and the company has not guaranteed instant availability for every device.
- Choose your enrollment method. The free option requires toggling on Windows Backup (which syncs your settings to OneDrive). The Rewards option demands 1,000 points, and the paid option costs $30. Regardless, you'll go through a brief wizard that confirms enrollment. Enrolled devices then receive security updates through Windows Update as they are released.
Once enrolled, you can verify your status by re-entering the Windows Update page; a confirmation message should appear. Microsoft allows enrollment at any time up to October 13, 2026, so late sign-ups are possible, but you'll remain exposed to any vulnerabilities between the October 2025 cutoff and your enrollment date.
Privacy Tradeoffs: The Free Path Is a Data Bargain
The free year of security patches is undeniably attractive, but it's built on an exchange: your PC gets safer while your data gets cloudier. Enabling Windows Backup means your desktop settings, credentials, browser data, and app settings will synced to OneDrive. For Microsoft, this serves as a gentle nudge into its ecosystem; for users, it's a privacy consideration that shouldn't be ignored.
Microsoft's consumer ESU documentation does not describe any additional telemetry tied to ESU enrollment beyond what Windows 10 already collects. However, linking an MSA and enabling sync expands the digital footprint tied to that account. The paid $30 route avoids the backup sync requirement, but you still need that MSA. If you're adamant about avoiding a Microsoft Account altogether, your only option is to upgrade to Windows 11 (if your hardware supports it) or migrate to a different operating system.
Buggy Beginnings: Enrollment Wizard Crashes and Recovery Snags
The journey to a functioning ESU button has been bumpy. Microsoft acknowledged in its July 2025 patch notes that "clicking ‘Enroll now' caused the wizard window to open, begin loading, and then close unexpectedly." KB5063709 resolved that for most users, but the fix introduced a separate problem: the same August security updates broke Reset/Recovery operations on affected machines, as BleepingComputer reported. If you need to use Windows Recovery Environment (WinRE) or a system reset after installing the updates, you may encounter failures.
These hiccups underscore a crucial recommendation: take a full system image before you install any cumulative updates or enroll in ESU. Verify that your recovery media actually works. A backup on an external drive might be the only lifeline if a patch goes sideways.
The Real Risk of Doing Nothing
After October 14, 2025, unenrolled Windows 10 machines become a buffet for attackers. Reverse-engineering of new patches released for Windows 11 inevitably exposes vulnerabilities in the unsupported sibling. Historical data from similar end-of-life events (Windows 7, XP) shows a sharp spike in targeted malware within months.
Businesses face additional compliance headaches. Many regulatory frameworks mandate supported operating systems; sticking with an unsupported OS can trigger audit findings. Microsoft 365 apps will stop receiving feature updates for Windows 10 after cutoff date, and while some security patches may continue temporarily, the productivity suite's full functionality is tied to a modern OS.
Enterprise vs. Consumer: Separate Playbooks
Corporate environments operate under different rules. Enterprise ESU is sold through volume licensing, costs significantly more, and provides up to three years of coverage. IT departments can use tools like Microsoft Endpoint Configuration Manager to deploy updates at scale. The consumer ESU, by contrast, is a self-service, device-by-device affair meant for home users and tiny offices. If you're managing a fleet, the consumer program is not a replacement for proper migration planning; it's a stopgap for a handful of legacy boxes.
What Users Should Do Right Now
If your PC meets Windows 11's hardware requirements, the cleanest solution is an in-place upgrade. Microsoft's PC Health Check app can confirm eligibility. Forced upgrade nudges—full-screen ads and reminders—have become more aggressive, but that's less painful than an unpatched system.
For ineligible hardware, the ESU program is the only official shield. Here's a quick checklist to minimize last-minute chaos:
- [ ] Update to Windows 10 22H2.
- [ ] Apply the latest cumulative update (KB5063709 or newer).
- [ ] Perform a full disk image to an external drive.
- [ ] Sign in with a Microsoft Account (admin).
- [ ] Visit Windows Update and look for the ESU enrollment link. If absent, force a check for updates, reboot, and wait.
- [ ] Choose the enrollment method that aligns with your privacy appetite.
- [ ] Confirm enrollment appears active on the Windows Update page.
Don't assume the deadline will slip. While consumer-rights groups and sustainability advocates have pressured Microsoft to extend support for older hardware, the company has not budged from October 14, 2025. The one-year ESU runway is a bridge, not a destination. Use it to plan a migration to Windows 11 or evaluate alternatives like Linux for aging gear.
The Bigger Picture: A Temporary Fix, Not a Permanent Home
Microsoft's ESU gambit trades time for data. It gives users breathing room while tightening the integration screws. For the hundreds of millions still on Windows 10, the next month demands a decision: upgrade, enroll (and accept the account linkage), or brace for a digital storm. The free security updates are real, but so are the privacy implications and the phased rollout. Act now with a clear checklist, and you'll navigate the EOL with patches intact.