Microsoft has confirmed that Windows 10’s long-running support will officially end on October 14, 2025, but the company is offering a more generous lifeline than many users expected: a two-year Consumer Extended Security Updates (ESU) program that lasts through October 12, 2027. This means that tens of millions of Windows 10 users can now continue receiving critical and important security patches for an additional two years—not just one—by enrolling in the program for a one-time fee of $30 per Microsoft account (or free via Microsoft Rewards or PC settings sync). The program’s extended duration, detailed in Microsoft’s latest support documentation, significantly changes the upgrade calculus for households and businesses that were scrambling to replace perfectly functional hardware simply because of Windows 11’s strict hardware requirements.
What end of support really means
After October 14, 2025, devices running Windows 10 will stop receiving routine security updates, non-security fixes, and technical support from Microsoft. That leaves unpatched vulnerabilities piling up fast. However, Microsoft will continue to update Microsoft 365 Apps on Windows 10 through October 10, 2028, and keep Edge and WebView2 patched at least until October 2028, which helps blunt some web-based attack vectors but does nothing to close kernel-level or driver flaws. Machines will still boot and run software, but without OS-level patches, they become progressively more dangerous to use online.
Consumer ESU: Two extra years of security for $30
Microsoft’s consumer ESU program is the official bridge. According to the official program page, enrollment requires Windows 10 version 22H2 with the latest cumulative updates, and a Microsoft account—local accounts must be linked. The license covers up to 10 devices tied to that account. Consumers can enroll for free by enabling Windows Backup/syncing PC settings, redeem 1,000 Microsoft Rewards points, or pay $30. Once enrolled, the device receives all critical and important security updates released after the October 2025 cutoff until the ESU program ends on October 12, 2027. The enrollment option appears in Settings > Update & Security > Windows Update for eligible devices.
Important correction: Earlier reports, including a canoe.com article that surfaced in a Windows enthusiast forum, stated that consumer ESU would only last one year—until October 2026. That information is outdated. Microsoft’s official ESU page now clearly states the program runs until October 12, 2027. We’ve independently verified this against the live support.microsoft.com page. The longer window offers crucial breathing room.
Who should upgrade, who should buy a new PC, and who can safely use ESU
The decision tree looks like this:
- Upgrade to Windows 11 if your PC meets the hardware requirements (TPM 2.0, Secure Boot, compatible 64-bit CPU, 4GB+ RAM, 64GB+ storage). This path gives you full support and new features.
- Enroll in ESU if you have a handful of older, still-functional machines that can’t run Windows 11 natively. The two-year window buys time to plan replacements or migrate workflows.
- Buy a new Windows 11 PC if your hardware is ancient and struggling. Modern laptops not only meet security baselines but also deliver dramatically better battery life and efficiency.
The enterprise angle: separate commercial ESU programs
Businesses and institutions have a different path. Commercial ESUs are available through volume licensing, often with multi-year options and per-device pricing that’s higher than the consumer deal. These are critical for regulatory compliance: many industry standards prohibit running out-of-support operating systems. IT leaders should begin application compatibility testing immediately, prioritize high-risk endpoints, and consider virtual desktops (Windows 365, Azure Virtual Desktop) as an alternative for legacy hardware that can’t be upgraded. Microsoft has published detailed guidance for IT pros, and the consumer ESU program explicitly excludes domain-joined or MDM-managed devices.
Environmental toll and the TPM 2.0 controversy
Windows 11’s hardware baseline effectively declares millions of otherwise competent PCs obsolete, generating e‑waste and forcing unexpected costs on users. The fact that many of these devices could run Windows 11 with workarounds only sharpens the frustration. While Microsoft touts security benefits of TPM 2.0 and Secure Boot, the environmental impact can’t be ignored. Consumers should consider refurbishing, donating, or repurposing old machines with lightweight Linux distributions for non-critical tasks. Trade‑in programs from major OEMs can also offset the cost of a new PC. The two‑year ESU window at least delays the landfill for many households.
Practical steps to take right now
- Back up everything. Use both cloud storage (OneDrive) and local external drives. Verify restore paths.
- Check Windows 11 eligibility via PC Health Check or Settings > Update & Security > Windows Update. Document each device’s status.
- For eligible machines, schedule the upgrade after testing critical software and drivers.
- For non‑eligible machines, decide between ESU enrollment and replacement. If choosing ESU, ensure the device runs version 22H2 with all updates, link a Microsoft account, and enroll before October 12, 2027 (the sooner the better to avoid gaps).
- Organizations should inventory fleets, pilot upgrades, and train users now.
Critical appraisal: the good, the bad, and the Microsoft account string
The consumer ESU program is a surprisingly pragmatic move from Microsoft. A two-year, $30 safety net for up to 10 devices is far more accessible than the costly enterprise licenses of the Windows 7 era. The ability to enroll for free via settings sync or Rewards points also softens the blow. And by decoupling browser and Office updates from the OS lifecycle, Microsoft reduces immediate attack surface even for unpatched Windows 10.
But the program has rough edges. The mandatory Microsoft account requirement strips away a key privacy choice for users who prefer local accounts. The hardware check is rigid; many Skylake‑era PCs with TPM 1.2 are excluded entirely despite being fully capable. And the long‑term message is clear: this is a temporary bridge, not a permanent pardon. After October 2027, users must be on Windows 11—or switch to an unsupported alternative.
Looking ahead
Microsoft is unlikely to extend the ESU program beyond 2027, so the countdown is real. The next two years give the ecosystem a chance to adapt: hardware refreshes, application compatibility testing, and UX adjustments for Windows 11’s redesigned interface. IT departments should use this window to finalize migration plans and avoid last‑minute panic. For consumers, the best play remains to upgrade where possible and use ESU only where necessary—knowing that security doesn’t stop at the browser’s edge.