Windows 10 End of Support: What Businesses Should Do Now
A practical guide to your options after Windows 10 reached end of support — and how to plan a smooth transition to Windows 11.
Updated January 2026
What Changed After October 14, 2025
On October 14, 2025, Microsoft officially ended free support for Windows 10. That means no more monthly security updates, no bug fixes, and no technical support — unless your organization enrolls in the paid Extended Security Updates (ESU) program.
This isn't a theoretical risk. Every month, Microsoft releases patches for dozens of vulnerabilities across Windows. Devices still running Windows 10 without ESU are exposed to every one of those vulnerabilities from October 2025 onward. Ransomware groups, credential stealers, and other threat actors actively target known, unpatched flaws.
From a compliance perspective, running an end-of-life operating system creates audit findings under HIPAA, PCI-DSS, NIST 800-171, and most cyber insurance policies. Some insurance carriers are already asking about Windows 10 status during renewal questionnaires — see what underwriters actually require to qualify for coverage.
Your Options
Upgrade to Windows 11
The best long-term path. Windows 11 receives monthly security updates and will be supported through at least 2028. If your hardware meets the requirements (TPM 2.0, Secure Boot, supported CPU), an in-place upgrade preserves your apps, files, and settings.
Bridge with Extended Security Updates (ESU)
For devices that can't upgrade immediately, Microsoft offers ESU as a paid subscription. This keeps critical and important security updates flowing while you plan your migration. ESU is a bridge — not a destination. Pricing increases yearly, and it doesn't include new features or non-security fixes.
Replace Non-Compatible Hardware
For older machines that can't meet Windows 11 hardware requirements, replacement is often the cleanest path. Modern business PCs ship with Windows 11 Pro, TPM 2.0, and better performance. In many cases, the cost of a new device is comparable to the labor cost of trying to work around hardware limitations.
Common Blockers (and How We Solve Them)
TPM 2.0 / Secure Boot Not Enabled
Many PCs actually have TPM 2.0 hardware but it's disabled in BIOS. This is often a configuration fix, not a hardware limitation. We check firmware settings across your fleet and enable TPM and Secure Boot where possible.
Unsupported CPU Models
Intel 7th generation and older, along with AMD Zen 1 processors, are not on Microsoft's supported CPU list for Windows 11. These devices need to be replaced or bridged with ESU until replacement hardware is in place.
Legacy Apps, Printers, and Niche Drivers
Some line-of-business applications, older printers, and specialized hardware may not have Windows 11 drivers. We test these in a pilot environment before touching production to identify issues early and find workarounds or replacements.
Realistic Timeline for a Small Business
For a typical business with 20-50 seats, here's what a phased upgrade project looks like:
Assessment
Inventory every device, check compatibility, identify blockers. Typically 2-4 weeks.
Pilot Group
Upgrade a small group first, validate apps and workflows. Typically 1-2 weeks.
Phased Rollout
Roll out to remaining devices in waves, with rollback plans at each stage. Typically 2-4 weeks.
Cost Drivers
Every environment is different, but here are the main factors that influence the cost of a Windows 11 migration:
Hardware Replacement
Devices that can't meet Win11 requirements need to be replaced. The number of replacements is the biggest variable.
Labor & Complexity
In-place upgrades are faster than wipe-and-load. Legacy app testing and driver issues add complexity.
After-Hours Premium
If upgrades need to happen outside business hours to avoid downtime, evening and weekend work applies.
ESU Licensing
Bridging devices with ESU has a per-device annual cost that increases each year. Upgrading sooner saves on ESU spend.
Frequently Asked Questions
Can we stay on Windows 10?
Only with Extended Security Updates (ESU), and it's not a long-term plan. ESU is a paid subscription that provides critical security patches, but pricing increases each year and it doesn't include feature updates or non-security fixes. It's a bridge, not a destination.
Does enrolling in ESU prevent us from upgrading later?
No. You can upgrade to Windows 11 at any time while enrolled in ESU. There's no lock-in. Many businesses use ESU to cover non-compatible devices while upgrading the rest of their fleet.
What are the key Windows 11 hardware requirements?
Windows 11 requires TPM 2.0, Secure Boot capable UEFI firmware, a supported 64-bit processor (Intel 8th gen or newer, AMD Zen 2 or newer), 4 GB RAM, and 64 GB storage. For the full list, see Microsoft's official requirements page.
What if some of our PCs can't run Windows 11?
Replace them or bridge with ESU while planning replacements. We help you prioritize which devices to replace first based on role, risk, and budget. In many cases, a new business PC is more cost-effective than the labor and ESU costs of keeping old hardware running.
Get a Free End-of-Life Inventory Scan
We'll scan your fleet and deliver a report showing exactly which devices can upgrade to Windows 11, which need hardware replacement, and which should be bridged with ESU — at no cost.
Victor Peralta
Co-Founder & CEO
Vigil Cyber provides 24/7 managed security operations for small and mid-sized businesses across the Southeast. Our team combines rigorous operational discipline with enterprise security expertise.
Related Articles
Consolidating Your Security Stack
Too many tools create visibility gaps. Learn how to consolidate your security stack for better protection and lower costs.
6 min read
StrategyThe MSP to MSSP Shift: Why It Matters
General IT providers are not security providers. Understanding the critical difference between MSP and MSSP services.
7 min read
StrategySecuring Hybrid and Remote Work Environments
Remote work expanded the attack surface. Learn how to secure distributed teams without sacrificing productivity.
8 min read
Stay Ahead of the Threat Landscape
Get monthly cybersecurity insights, threat intelligence, and compliance updates delivered to your inbox. No spam. Unsubscribe anytime.