Microsoft has quietly opened the door for consumers to get a free year of security updates for Windows 10 after its official end-of-support date—but there’s a catch: you’ll need to link your PC to a Microsoft account and let it sync your settings to OneDrive. The Extended Security Updates (ESU) program, previously a paid enterprise-only offering, now extends to all Windows 10 users with version 22H2, giving them critical and important security patches from October 14, 2025, through October 13, 2026. The move comes as Microsoft faces an estimated 700 million-plus devices still running Windows 10, many of which cannot officially upgrade to Windows 11 due to strict hardware requirements like TPM 2.0 and supported CPUs.

At the same time, Microsoft is turning up the heat on Windows 10 holdouts with persistent full-screen upgrade prompts. These promotions, which were briefly paused for business editions after user backlash, continue to pop up on consumer PCs, often overshadowing the more forgiving ESU enrollment path. The result is a bewildering experience for many users, who are being asked to choose between an operating system they may not want (or cannot install) and a security lifeline that demands deeper integration into Microsoft’s cloud ecosystem.

The Windows 10 End-of-Life Clock Is Ticking

Windows 10’s mainstream support ends on October 14, 2025. After that date, devices that haven’t enrolled in ESU will stop receiving security updates, leaving them exposed to newly discovered vulnerabilities. Microsoft has been clear about this timeline for years, but the size of the remaining Windows 10 base makes this a uniquely high-stakes transition. According to StatCounter, Windows 10 still held 64% of the Windows desktop market share as of early 2025, while Windows 11 barely crossed 30%. Even conservative estimates peg the number of active Windows 10 devices at over half a billion.

The problem is compounded by Windows 11’s stringent hardware requirements. To officially upgrade, a PC needs a compatible 64-bit processor, TPM 2.0, Secure Boot-capable firmware, and at least 4 GB of RAM. Many perfectly functional devices from as recently as 2019 or 2020 fail these checks, forcing their owners to either replace hardware, switch to an alternative OS, or remain on an unsupported Windows 10.

What the Consumer ESU Program Offers

Microsoft’s consumer ESU program is a direct response to this dilemma. It delivers only security updates—no new features, non-security fixes, or technical support. To receive them, devices must run Windows 10 version 22H2. Enrollment is done through Windows Update (Settings → Update & Security → Windows Update), where an “Enroll now” link will appear during the staged rollout.

Users have three payment options:
- Free: Enable Windows Backup to sync PC settings to a Microsoft account and OneDrive.
- 1,000 Microsoft Rewards points: Redeem points for a one-year ESU license.
- One-time purchase of $30 (USD) per device.

Each license is tied to the Microsoft account used at enrollment and can be applied to up to 10 devices on that account. The free path is clearly designed to drive adoption of Microsoft’s cloud services, tying security to account creation and data syncing. The reward points option offers a middle ground for those already in the Rewards ecosystem, while the $30 fee provides a direct purchase route for users who want neither.

The Upgrade Nag Campaign: Full-Screen Prompts and User Pushback

If you’ve booted a Windows 10 PC in the past year, you’ve probably seen the full-screen “Upgrade to Windows 11” prompt. Microsoft has been testing these notifications for a long time, tweaking their aggressiveness based on feedback. In August 2024, Windows Latest reported that Microsoft paused a planned expansion of these alerts after receiving complaints. A Microsoft 365 advisory stated: “To honor our user’s feedback, these invitations will no longer begin with the April 2024 monthly security update. We will share a new timeline in the coming months.”

But the pause was selective. It applied to managed devices—those controlled by IT via Intune, Configuration Manager, or similar tools—and business editions like Pro and Enterprise. Windows 10 Home users, who make up a large consumer base, continued to see the prompts. These popups are hard to dismiss permanently and can reappear after a reboot, causing confusion and frustration. They rarely mention the ESU alternative, pushing users to upgrade even if their hardware isn’t compatible.

The Verge documented the prompt’s design: a multi-page, full-screen window with a prominent “Upgrade” button and a small, easily overlooked “Decline” link. Users report that declining doesn’t stop the prompts from returning. This has led to widespread irritation and accusations that Microsoft is dark-patterning its user base into a hasty upgrade.

Your Options: A Decision Matrix

With support ending on October 14, 2025, every Windows 10 user must decide among three paths:

  1. Upgrade to Windows 11 – If your hardware is compatible (TPM 2.0, supported processor) and you’re ready for the change, this is the long-term solution with ongoing feature updates.
  2. Enroll in consumer ESU – Buy a year of security patches via one of the three payment methods. This is ideal for devices that don’t meet Windows 11 requirements or for users who want more time.
  3. Do nothing – After October 14, 2025, your system will receive no security updates, making it increasingly vulnerable to exploits.

The decision hinges on hardware compatibility and willingness to use Microsoft services. Microsoft offers a PC Health Check tool to verify compatibility, accessible through Windows Update. For those who cannot upgrade, ESU is the only official way to stay secure—but it’s a one-year bridge, not a permanent fix. By October 14, 2026, the safety net vanishes.

How to Enroll in the ESU Program

If ESU is your choice, follow these verified steps:

  1. Ensure you’re on Windows 10, version 22H2 (check in Settings → System → About).
  2. Go to Settings → Update & Security → Windows Update.
  3. Look for the “Enroll now” link once the rollout reaches your device. If it’s missing, check back later—Microsoft is graduating the feature.
  4. Click the link and sign in with your Microsoft account (you’ll be prompted to create one if using a local account).
  5. Choose your payment method: start Windows Backup for free, redeem Rewards points, or pay $30.
  6. Confirm enrollment; updates will continue via Windows Update from October 15, 2025, onward.

Note: The free option automatically enables Windows Backup, which syncs settings and certain files to OneDrive. You can review what gets synced in Settings → Update & Security → Backup. Microsoft has stated that the feature syncs system settings, browser data, saved passwords, and some other preferences, but not all files unless you specifically select folders to back up.

Limitations and Compatibility Pitfalls

Not every device qualifies for consumer ESU. Exclusions include:
- Devices in kiosk mode.
- Domain-joined or Microsoft Entra-joined devices (Entra-registered may work).
- MDM-managed devices.
- Devices with existing commercial ESU licenses.

If your PC falls into these categories, you’re likely in an enterprise environment and should use the commercial ESU track, which has separate licensing and delivery methods. Also, devices must be running 22H2; older Windows 10 feature updates will not receive ESU updates.

The full-screen upgrade prompts can be especially disruptive for users ineligible for Windows 11. Microsoft has yet to clearly message the ESU option within those popups, leading to dead ends for users with incompatible hardware. Community forums are filled with workarounds, but officially, Microsoft recommends upgrading if possible and washing its hands of the PR mess.

The Privacy Trade-Off: Security for Your Data?

The free ESU path is a clever funnel for Microsoft account adoption. By requiring sign-in and Windows Backup, Microsoft gains deeper telemetry, settings sync, and potential OneDrive usage—tying users more tightly to its ecosystem. For privacy-conscious users, this is a significant concession. The $30 one-time purchase or Rewards redemption avoids direct data sync but still ties the license to a Microsoft account, meaning no escape from account association altogether.

Microsoft’s FAQ states plainly that enrollment “requires a Microsoft account” and that backup must be enabled for the free option. While the company hasn’t hidden this requirement, the upgrade prompts don’t highlight it, potentially leading users to unknowingly enable cloud syncing. This has reignited debates about Microsoft’s broader push toward a service-based model where the OS becomes a gateway to recurring revenue and data collection.

What Enterprises Should Do

For businesses, the consumer ESU program is irrelevant. Domain-joined and managed devices must use the commercial ESU program, which involves volume licensing and is not free. Pricing for commercial ESU has historically been steep, starting at $61 per device for the first year and doubling each subsequent year. Organizations should already be planning hardware refreshes or Windows 11 migrations. The consumer offer does not apply to them.

Small businesses without dedicated IT might have devices that qualify as consumer, but relying on consumer ESU for business-critical machines is risky. These devices aren’t managed, lack centralized update control, and the one-year clock is tight. Microsoft advises using Windows Autopilot or Intune for management, but that’s a separate conversation. The commercial ESU program, meanwhile, provides up to three years of coverage, giving enterprises more breathing room.

Security Analysis: The Good and the Risk

From a security standpoint, the consumer ESU program is a net positive. It prevents a large population of machines from becoming instant targets for cybercriminals on October 15, 2025. Without updates, Windows 10 devices would be vulnerable to any newly discovered flaws in the OS, browsers, and related components—a risk amplified by the platform’s ubiquity.

However, the one-year limit is a gamble. If Windows 11 adoption doesn’t accelerate, or if economic pressures delay hardware upgrades, Microsoft could face pressure to extend ESU again. The company has left that door slightly ajar, stating only that no further extensions are planned but not ruling them out entirely. Security experts warn that relying on perpetual extensions is not a strategy; it merely shifts the cliff edge.

Practical Recommendations for Windows Forum Readers

  • If your PC is eligible for Windows 11: Upgrade now after a full backup. Verify driver support for critical apps and peripherals, and use Microsoft’s PC Health Check tool.
  • If your PC is not eligible or you need time: Enroll in ESU immediately. The free route is ideal if you don’t mind a Microsoft account; otherwise, use Rewards or the $30 purchase.
  • Always back up before enrolling or upgrading: Use an external drive or a non-Microsoft cloud service to ensure data isn’t locked in.
  • Manage full-screen prompts: There is no official way to permanently disable them on consumer devices, but some community workarounds exist. Power users can create a registry key to block the “Campaign Manager” component, though this is unsupported and may break other notifications.
  • Consider the long game: ESU is a stopgap. Start planning your next OS or hardware purchase now so you aren’t scrambling in 2026.

The Bottom Line

Microsoft’s consumer ESU is a pragmatic, if self-serving, solution to a problem of its own making. It keeps millions of devices safer for another year while gently (or not so gently) steering users toward Windows 11 and Microsoft’s cloud. The trade-offs are clear: security in exchange for account lock-in, and a time-limited reprieve from a forced hardware upgrade.

The most important step for any Windows 10 user is to not wait. Back up your data independently, verify your device’s compatibility, and choose a path before the October 14, 2025, deadline. Whether that’s upgrading, enrolling in ESU, or migrating to a different OS altogether, inaction will leave you exposed. Microsoft has given you a grace period—use it wisely.