What is Mobile Endpoint Security? Benefits & Challenges
April 4, 2025
Many organizations face a critical decision: upgrade to Windows 11 or find a way to keep their existing systems secure. For those who can’t immediately transition, Microsoft is offering Windows 10 Extended Security Updates (ESU) starting at $61 per device for the first year, with the program launching officially on October 15, 2025.
This service provides critical security patches for up to three years beyond the end-of-support date, ensuring businesses can maintain operational security while planning their upgrade strategy.
Extended Security Updates (ESUs) are specialized security patches designed specifically for Windows operating systems that have reached the end of their regular support lifecycle. Unlike feature updates that introduce new capabilities, ESUs focus exclusively on critical security vulnerabilities that could put your systems at risk. These updates are Microsoft’s way of helping organizations bridge the gap between outdated systems and newer technologies.
When Microsoft ends mainstream support for an operating system like Windows 10, it typically stops issuing regular security updates, which can leave computers vulnerable to newly discovered exploits and attacks. ESUs provide continuation of these critical security patches, allowing businesses to:
ESUs don’t include new features, technical support, or design change requests. They’re strictly focused on delivering critical and important security updates rated “Critical” or “Important” by Microsoft.
Security updates form the foundation of any robust cybersecurity strategy. For Windows systems in particular, these updates serve as the primary defense against weaknesses that cybercriminals actively target. The importance of staying current with security updates extends far beyond simple bug fixes—they play a crucial role in maintaining the overall integrity of your IT ecosystem.
In today’s threat landscape, where ransomware attacks and data breaches make headlines daily, security updates are essential for several reasons:
When security updates stop arriving through regular channels after October 14, 2025, Windows 10 systems will become increasingly vulnerable with each passing day. Every new vulnerability discovered after this date will remain unpatched on systems without ESU coverage, creating an expanding attack surface for malicious actors.
The Windows 10 ESU program follows a structured approach to delivering security updates. Once enrolled, your organization will receive security updates through the same channels you currently use—whether that’s Windows Update, Windows Server Update Services (WSUS), or Microsoft Configuration Manager.
The program operates on an annual subscription basis that must be renewed each year for continued coverage. Microsoft’s Windows 10 ESU program will run for three years, covering the period from October 2025 through October 2028, divided into three one-year periods:
After purchasing ESUs, your IT administrators will need to apply a specific Multiple Activation Key (MAK) to your Windows 10 devices. This key authenticates your systems for receiving the extended updates. Once activated, your systems will receive critical security updates automatically through your established update management processes.
Extended Security Updates (ESUs) are paid Microsoft services that provide critical and important security updates for Windows 10 systems after the official end-of-support date (October 14, 2025). These updates are crucial for maintaining system protection against vulnerabilities, even though no new features or technical support is included.
Mainstream support for Windows 10 ends on October 14, 2025. After this date, regular security updates will no longer be available unless you opt for an ESU subscription.
The ESU program begins on October 15, 2025, and runs for three years, ending on October 14, 2028. It is broken into three one-year subscription periods.
Year 1 (2025–2026): $61 per device
Year 2 (2026–2027): $122 per device
Year 3 (2027–2028): $244 per device
Prices double each year to encourage migration to newer systems.
Yes. Organizations with Volume Licensing Agreements, Enterprise Agreements, or Microsoft 365 subscriptions may receive discounted rates. Discounts can also vary based on device edition, number of licenses, and industry.
Microsoft has established a tiered pricing structure for Windows 10 ESUs that increases each year to encourage organizations to eventually upgrade their systems. The starting price is $61 per device for the first year, with costs doubling each subsequent year:
Several factors influence the final cost your organization might pay:
Organizations with existing Enterprise Agreements or Microsoft 365 subscriptions may qualify for discounted pricing. Volume licensing customers typically have more negotiating power and can often secure more favorable terms.
The costs may vary depending on the Windows 10 edition (Pro, Enterprise, etc.) and the type of device. Enterprise editions may have different pricing structures compared to Professional editions.
The number of devices requiring ESU coverage directly impacts the total cost. Larger deployments may qualify for volume discounts, making the per-device cost more manageable.
Organizations in highly regulated industries like healthcare, finance, or government may face additional compliance requirements that make ESUs essential regardless of cost, as the alternative could be regulatory violations and penalties.
While ESUs provide a straightforward path to maintaining security on Windows 10 systems, organizations should consider several alternatives that might better suit their long-term IT strategy:
The most straightforward alternative is to upgrade eligible systems to Windows 11, which will have mainstream support until at least 2030. This eliminates the need for ESUs entirely and provides access to the latest security features and improvements.
For devices that don’t meet Windows 11 system requirements, consider aligning your hardware replacement cycle to phase out incompatible devices before the end-of-support date.
Many organizations delay OS upgrades due to legacy application compatibility concerns. Investing in application modernization now can remove this barrier to Windows 11 adoption.
For legacy applications that cannot be modernized, virtualization technologies can allow them to run in isolated environments while the host system remains up-to-date and secure.
For systems that must remain on Windows 10 without ESUs, implementing strict network segmentation and additional security controls can help mitigate risks, though this approach should be considered a last resort.
While ESUs provide critical protection, they should be part of a comprehensive security strategy. Organizations relying on ESUs should also implement:
These additional measures create multiple layers of defense that can help protect systems even when new vulnerabilities are discovered.
Windows 10 Extended Security Updates offer a valuable safety net for organizations that cannot immediately upgrade to Windows 11 when support ends on October 14, 2025. At $61 per device for the first year, ESUs provide critical security patches that protect against emerging threats while you plan your long-term technology strategy.
However, ESUs should be viewed as a temporary solution rather than a permanent strategy. The increasing costs over the three-year program are designed to encourage migration to newer, more secure operating systems. Organizations should use the extended support period to develop and implement a comprehensive plan for modernizing their IT infrastructure.
By understanding how ESUs work and developing a clear migration strategy, your organization can maintain security compliance while methodically transitioning to more modern and secure technology platforms at a pace that makes sense for your business needs and budget constraints.
See the power of IT GOAT.
The world’s most advanced cybersecurity platform catered specifically to your business’ needs.
Keep up to date with our digest of trends & articles.
By subscribing, I agree to the use of my personal data in accordance with IT GOAT Privacy Policy. IT GOAT will not sell, trade, lease, or rent your personal data to third parties.
Mitigate All Types of Cyber Threats
Experience the full capabilities of our advanced cybersecurity platform through a scheduled demonstration. Discover how it can effectively protect your organization from cyber threats.
IT GOAT: Threat Intel & Cyber Analysis
We are experts in the field of cybersecurity, specializing in the identification and mitigation of advanced persistent threats, malware, and exploit development across all platforms.
Protect Your Business & Operations
Exceptional performance in the latest evaluations, achieving 100% prevention rate and providing comprehensive analytic coverage, unmatched visibility, and near-instant detection of threats.