October 14, 2025 is not just a date on Microsoft’s lifecycle calendar—it’s the day an estimated hundreds of millions of Windows 10 PCs become permanently vulnerable. With no more regular security patches, organizations worldwide face a stark choice: migrate to Windows 11, pay for Extended Security Updates (ESU), isolate legacy machines, or accept mounting cyber risk. In Brazil, where economic headwinds are adding friction, corporate giants like Gerdau, Nestlé, and EMS have already charted very different paths through the transition, offering a practical playbook for IT leaders everywhere.
The Countdown and Its Stakes
Microsoft’s Windows 10 will exit support on October 14, 2025, ending a decade-long run. After that date, devices still running the OS will no longer receive security updates, non-security hotfixes, or technical support—turning each Patch Tuesday into a roadmap for attackers targeting unpatched systems. For enterprises, the risk extends beyond malware: regulatory compliance frameworks and cyber insurance policies increasingly treat unsupported software as a failed control, potentially voiding coverage or attracting fines.
The ESU program does offer a lifeline, but it is priced to accelerate migration rather than enable complacency. Commercial customers face a tiered, doubling fee structure that makes multi-year reliance a costly proposition. For consumers, Microsoft will sell a single year of critical updates for $30, with limited free enrollment paths for those who qualify. Yet both programs are explicit stopgaps—designed to buy time, not permanence.
Enterprise Playbook: Lessons from Brazil
Brazilian companies, driven by a mix of security urgency and regulatory pressure, have adopted strategies that mirror best practices emerging globally. Each case underscores a core truth: early, structured planning wins.
Gerdau: Steady Refresh Avoids the Scramble
With 9,000 active PCs, steelmaker Gerdau follows a policy of upgrading 15% of its fleet each year. Gustavo França, global technology and digital director, reports that over 70% of the fleet was Windows 11–ready months before the cutoff. “We run constant upgrade cycles for obsolete machines,” he said. “Today, more than 70% of our fleet is ready, and we will complete this migration within the deadline.” The measured approach minimizes procurement bottlenecks and keeps help desk disruption low.
Nestlé Brasil: Starting Early and Isolating Exceptions
Nestlé Brasil began its Windows 11 journey in 2023, well ahead of the crowd. By 2024, 66% of its 10,000 machines had been migrated; today, according to CTO Tamara Gussiardi, the number is “practically 99%.” The sole holdouts are 40 industrial machines running specialized software not yet supported on Windows 11. Those devices will be network-isolated—a containment strategy echoed by many peers. Gussiardi credits early budgeting and resource allocation for the smooth transition: “We began our journey in 2023 by structuring the budget, securing the necessary resources to acquire equipment.”
EMS: Leasing as a Strategic Accelerator
Pharmaceutical company EMS took a different financial route. Adopting a PC leasing model in 2022 allowed it to refresh 7,000 machines without a massive upfront capital outlay. Technology director Diego Neufert notes that leasing “is financially and strategically advantageous as it allows us to outsource the full management of these devices, including delivery, customization, repairs, and maintenance.” The approach shifts costs from capex to opex, smooths cash flow, and often wraps in deployment services—a model that many cash-constrained or risk-averse organizations may find attractive.
The Common Thread: Inventory, Prioritize, Pilot
Behind these success stories lies a standard playbook: start with automated discovery to tag every endpoint by upgrade eligibility and business criticality; pilot the upgrade on representative hardware to catch driver and application regressions; prioritize high-risk users (remote workers, privileged accounts) first; and then triage each machine into one of four paths: in-place upgrade, replacement, cloud PC (Windows 365 or Azure Virtual Desktop), or temporary ESU enrollment with a hard sunset date. Enterprises that followed this sequence report far less last-minute pain.
The Hardware Hurdle: TPM 2.0 and Rising Prices
Windows 11’s strict hardware floor—UEFI Secure Boot, TPM 2.0, and a constrained CPU list—means many existing PCs cannot simply upgrade in place. That technical reality forces a hardware refresh cycle at a time when average selling prices are climbing. In Brazil, IDC data shows the average PC price jumped 11.6% in the second quarter of 2025, driven partly by the shift to AI-capable configurations. Globally, the uptick in demand for commercial refresh and AI features has similarly nudged up ASPs.
Brazilian PC sales reached 1.9 million units in Q2, a 3.7% year-over-year increase, but IDC projects declines of 1.1% and 1.9% in the third and fourth quarters respectively. The macroeconomic picture dampens urgency: Brazil’s GDP growth moderated from 1.3% in Q1 to just 0.4% in Q2. “The macroeconomic environment has made companies question whether there is really a competitive advantage in allocating part of the budget to replace PCs now, or if it is worth postponing to the first half of 2026,” said Renato Murari de Meireles, research manager for Consumer Devices at IDC Latin America. His expectation that AI PC prices will drop in early 2026 could tempt some organizations to delay—a gamble that must be weighed against rising security exposure.
Consumer Conundrum: Why Households Lag
While enterprises scramble, the consumer market tells a different story. In Brazil, 68.8% of computers already run Windows 11 according to Statcounter—well above the global average of 49%. Yet millions of households worldwide stick with Windows 10, often because their hardware fails the compatibility checks or because they see no immediate need to replace a perfectly functional device.
The $30 consumer ESU offers a one-year bridge, but it only delays the inevitable decision. Free enrollment paths exist for some educational and accessibility scenarios, but for most, the choice boils down to: upgrade now if the machine is compatible, buy a new PC, or pay to stay vulnerable a little longer. Microsoft’s own guidance is unambiguous: upgrading eligible devices to Windows 11 remains the recommended path. For devices that can’t upgrade, replacement or cloud alternatives are the official remedy—workarounds that bypass hardware checks void support and introduce stability and security risk.
Security Implications: The Real Cost of Waiting
Every month an organization delays after October 14 increases its threat surface. Newly disclosed vulnerabilities in Windows 11 will serve as reverse-engineered exploit intelligence for the same flaws lingering in unpatched Windows 10 systems. Ransomware gangs specifically target unsupported software; an unpatched OS is a welcome mat.
Beyond the technical risk, compliance and insurance liabilities stack up. Cyber insurers routinely ask whether endpoints run supported software. A breach involving a Windows 10 machine after end of support could lead to claim denial or higher premiums. Third-party application vendors—from antivirus to productivity suites—will sunset their own Windows 10 support on varying timelines, further shrinking the defensive perimeter.
Financial Tradeoffs: CAPEX vs OPEX and the Leasing Advantage
Headline-grabbing estimates that a global Year-One ESU bill could run into billions serve as a stark planning signal. The arithmetic is simple: multiplying Microsoft’s published per-device ESU list price by estimated device counts. But actual costs vary with negotiation, volume licensing, and cloud activation credits. Rather than fixate on total market numbers, IT leaders should model their own estate.
The core financial choice is between capital expenditure (buying new hardware) and operational expenditure (paying ESU or leasing replacement devices). Leasing, as EMS demonstrated, transforms a large upfront outlay into predictable monthly payments and often includes services that reduce internal overhead. For organizations with tight budgets, leasing or cloud desktop services can accelerate migration without breaking the bank.
Sustainability also enters the calculus. A mass hardware refresh without proper IT asset disposition (ITAD) could generate substantial e-waste. Responsible programs that trade in, refurbish, and resell old devices not only cut environmental harm but can recover residual value—a win for both the balance sheet and ESG metrics.
Strategic Recommendations: A 90-Day Action Plan
The window for action is narrow but sufficient—if leaders move decisively. A practical checklist distilled from successful migrations includes:
- Inventory and classify: Use automated tools to tag every endpoint by upgradeability, application criticality, and user role.
- Pilot early: Test upgrades on representative hardware models and software stacks to surface compatibility issues.
- Triage ruthlessly: Assign each device to one of four buckets: upgrade in place, replace, cloud desktop, or short-term ESU with a firm decommissioning date.
- Model the money: Compare capex and opex scenarios, including leasing offers and resale/recycling costs.
- Govern ESU usage: Treat Extended Security Updates as a bridge—set explicit, non-negotiable sunset milestones to avoid creeping permanence.
- Communicate: Prepare end-user training, bolster help desk staffing, and publish rollout timelines to set expectations.
The Inflection Point
October 14, 2025 marks more than a contract end; it’s a forced modernization moment. Enterprises that treat it as a compliance checkbox risk undermining their security posture. Those that treat it as an opportunity—to adopt hardware-backed security, modern management, and zero-trust patterns—will emerge stronger.
Brazilian early movers prove that with clear leadership, even large fleets can be transitioned smoothly. Gerdau’s steady cadence, Nestlé’s aggressive early push, and EMS’s creative leasing all point to a key insight: the cost of inaction is unpredictable and potentially catastrophic, while the cost of action, though painful, can be managed and amortised. For consumers, the message is equally clear: if your PC supports Windows 11, upgrade now; if not, start planning for its replacement or budget for the $30 stopgap—but don’t mistake a one-year patch for a permanent solution. The calendar is fixed; the only variable is how much risk you’re willing to carry into 2026.