Windows 10 users now have a clear, albeit time-limited, path to keep their systems patched after the operating system hits its end-of-support milestone on October 14, 2025. Microsoft has opened enrollment for a consumer Extended Security Updates program that offers three distinct options: a no‑cost route tied to Microsoft account settings sync, redemption of 1,000 Microsoft Rewards points, or a one‑time $30 payment. The program, which recently resolved a gnarly enrollment bug via the August cumulative update KB5063709, will provide critical and important security patches through October 12, 2027 — effectively buying up to two years of breathing room for those unable or unwilling to upgrade to Windows 11 immediately.

The End‑of‑Support Countdown Becomes Official

Microsoft’s lifecycle policy has marked October 14, 2025, as the date when Windows 10 (version 22H2, Home, Pro, Pro Education, and Workstation editions) will stop receiving regular monthly security updates. After that date, any device not enrolled in ESU will be left without official patches for newly discovered vulnerabilities. This is not a theoretical risk; unpatched Windows machines rapidly become targets for ransomware, credential theft, and other attacks. Microsoft has been unambiguous: you either upgrade, enroll in ESU, or accept the consequences.

The consumer ESU program, first announced in June 2025 and detailed on Microsoft’s support pages, is separate from the commercial ESU offerings available to enterprises. It is designed for individual consumers and small offices that cannot yet move their hardware to Windows 11. The official support page — updated to reflect current terms — confirms that enrollment can be done any time until the program ends on October 12, 2027, and that once enrolled, coverage continues automatically through that date. This two‑year window is longer than the one‑year bridge many early reports suggested, giving consumers more flexibility.

Three Paths, One Goal: Staying Protected

The program offers three distinct enrollment methods, all leading to the same security outcome:

  • Free with Microsoft account sync: By enabling Windows Backup to sync PC settings (which includes OneDrive integration) and signing in with a Microsoft account, users can enroll at no additional cost. This is the simplest route for those already comfortable with cloud‑backed profiles.
  • Microsoft Rewards redemption: Those who have accumulated 1,000 Rewards points can use them to cover the cost. This effectively makes the program free for active Rewards users, as points can be earned through Bing searches, shopping, and other activities.
  • One‑time payment of $30 USD: For users who prefer not to tie their security to cloud sync or Rewards, a one‑time license fee of $30 covers up to 10 devices linked to the same Microsoft account. Local pricing may vary — for example, the Australian support page lists AU$44.95 inclusive of tax.

All methods grant access to critical and important security updates as rated by the Microsoft Security Response Center (MSRC) through October 12, 2027. The license is not a subscription; it’s a single purchase that remains valid for the duration of the program. Importantly, once any user on a device enrolls, all other users on that PC are also protected.

Eligibility Requirements: Not Every PC Qualifies

Before planning to enroll, users must verify that their device meets strict prerequisites:

  • The operating system must be Windows 10, version 22H2 (Home, Pro, Pro Education, or Workstation). Older versions or Enterprise editions do not qualify.
  • The latest Windows updates must be installed. This includes the critical August 2025 cumulative update (KB5063709) that fixed enrollment wizard glitches.
  • The Microsoft account used for enrollment must be an administrator account on the device. Child accounts cannot be used.
  • The device must not be domain‑joined, managed by a mobile device management (MDM) solution, or running in kiosk mode. However, devices that are Microsoft Entra registered (not joined) are eligible.

These restrictions mean that many home users will qualify, but small businesses that rely on Active Directory or MDM will need to look at commercial ESU options instead.

How to Enroll: A Step‑by‑Step Walkthrough

Enrollment is handled entirely through the Windows Update settings. The process is designed to be straightforward, but early hiccups required manual patching.

  1. Start → Settings → Update & Security → Windows Update
    If the device is eligible, an “Enroll now” link will appear. If it’s missing, proceed to step 2.
  2. Install KB5063709 (or any subsequent cumulative update)
    This August update resolves the enrollment wizard issue that prevented many users from seeing the option.
  3. Select an enrollment method
    - If you are already syncing settings, you’ll be offered immediate enrollment.
    - Otherwise, choose between starting Windows Backup sync, redeeming Rewards points, or making the $30 purchase.
  4. Sign in with your Microsoft account
    The account must have administrative privileges on the PC. Once enrolled, you can add up to 9 more devices by repeating the process and signing in with the same account.

After enrollment, the device will receive security updates through Windows Update as usual. There is no separate ESU license key to manage; the license is tied to the Microsoft account.

The August Fix That Saved the Day

For weeks after the initial announcement, many eligible users saw no enrollment option. Microsoft traced the problem to a missing prerequisite and delivered the solution in the August 2025 cumulative update (KB5063709). This patch not only enabled the enrollment flow but also ensured that devices were correctly flagged as ESU‑eligible. Without it, the “Enroll now” link simply never materialized. The fix was rolled out to all Windows 10 22H2 systems, and installing it is now a mandatory first step for anyone considering ESU.

Privacy: The Unspoken Cost of Staying on Windows 10

One major theme in the Windows 10 end‑of‑support conversation is less about patching and more about what comes next. Windows 11 integrates a suite of AI‑powered features — Copilot, Recall, Click to Do — that have drawn intense scrutiny from privacy advocates. Recall, in particular, takes periodic snapshots of on‑screen activity and makes them searchable. While Microsoft has repeatedly emphasized that Recall is opt‑in, that snapshots are stored locally and encrypted, and that access requires Windows Hello authentication, the feature has sparked fear among users who worry about accidental exposure of sensitive data.

Third‑party proof‑of‑concept tools have demonstrated that earlier versions of Recall allowed snapshots to be extracted under certain conditions. Microsoft responded by hardening storage, requiring re‑authentication via Windows Hello whenever Recall data is accessed, and adding a full uninstall option. Nonetheless, the mere existence of a system‑level screenshotter has become a prominent reason many users prefer to remain on Windows 10 — an OS that does not include these AI features. For them, the choice between paying $30 for ESU or upgrading to a privacy‑concerning Windows 11 is a moral calculation, not a financial one.

This tension is heightened by the free ESU path: enrolling without cash requires users to enable Windows Backup and sync settings to a Microsoft account, thereby deepening their integration with Microsoft’s cloud. Privacy‑conscious individuals may see this as trading one type of risk for another, and the $30 fee may feel less like a security charge and more like a privacy tax.

Strengths of Microsoft’s Approach

Despite the controversy, the consumer ESU program has clear merits:

  • Predictability: A hard cutoff date and a well‑documented enrollment process give consumers and IT planners a concrete timeline.
  • Accessibility: The free and low‑cost options dramatically lower the barrier for households that cannot afford new hardware.
  • Multi‑device support: One $30 purchase covers up to 10 devices, making it economical for families and power users.
  • Ecosystem continuity: Microsoft has committed to updating Microsoft Edge and WebView2 on Windows 10 until 2028, and Microsoft 365 Apps will receive security updates for three years after the OS end‑of‑support date. This reduces the web browser surface as a vulnerability vector, even on ESU‑protected machines.

Risks, Trade‑offs, and What the Program Won’t Do

ESU is not a full support contract. Users must understand its limitations:

  • Security‑only updates: Only critical and important patches are delivered. No feature updates, no non‑security bug fixes, no performance improvements, and no technical support. Over time, application compatibility and driver support from OEMs may erode.
  • No long‑term solution: Even with coverage until 2027, the clock is ticking. Hardware that fails after that date will leave users stranded unless they upgrade.
  • Privacy concessions: The free enrollment route demands Microsoft account sign‑in and cloud sync, which may be unpalatable for some. While the $30 option avoids this, it still ties the license to a Microsoft account.
  • Potential for confusion: Early enrollment glitches (now fixed) underscore how fragile the process can be when millions of users depend on a single wizard.
  • Excluded scenarios: Devices in enterprise management, kiosk mode, or joined to a domain are shut out, forcing businesses into more expensive commercial ESU plans.

Economically and environmentally, the ESU structure has drawn fire. Advocacy groups argue that requiring new hardware to run Windows 11 creates e‑waste and disproportionately affects lower‑income households. A pending lawsuit claims Microsoft is deliberately ending Windows 10 support to push sales of AI‑infused Copilot+ PCs. While the legal outcome remains uncertain, the debate highlights the real tension between security necessity and forced obsolescence.

Action Plan for Windows 10 Users

Time is short. Here is a concrete, sequential plan:

  1. Verify OS version. Settings → System → About must show Windows 10, version 22H2. If not, apply all pending updates immediately.
  2. Install the latest patch. Open Windows Update and ensure KB5063709 (or a later cumulative update) is present. This is the gateway to ESU enrollment.
  3. Assess your privacy stance. Are you willing to sync settings and sign in with a Microsoft account for free ESU? If not, check your Rewards balance or budget $30.
  4. Enroll. In Windows Update, click “Enroll now” and follow the prompts. Choose your payment/redemption method and confirm.
  5. For eligible PCs, consider upgrading to Windows 11. Run the PC Health Check tool to verify hardware compatibility. If your device passes, start planning the migration — you can still revert to Windows 10 within 10 days if issues arise.
  6. If your PC cannot run Windows 11, start planning a hardware replacement. Look into trade‑in programs, refurbished Copilot+ PCs, or alternatives like Windows 365 Cloud PC, which provides a cloud‑based Windows 11 instance accessible from older hardware.

What Remains Uncertain

Several variables could reshape the landscape:

  • Legal and regulatory actions: The aforementioned lawsuit and complaints from consumer groups could pressure Microsoft to extend support further or relax hardware requirements. Any court ruling might compel a policy shift.
  • AI feature pushback: As Windows 11 adoption grows, privacy tools and enterprise group policies that disable Recall and other AI features will become more critical. Microsoft may be forced to offer more granular controls.
  • Market dynamics: StatCounter data from mid‑2025 showed Windows 10 and Windows 11 trading share leads month‑to‑month. How quickly the remaining Windows 10 base migrates — or enrolls in ESU — will influence Microsoft’s future support decisions.

Conclusion

Microsoft’s consumer ESU program is a pragmatic lifeline for the hundreds of millions still running Windows 10. It offers a free or low‑cost way to keep machines secure for two more years, but it does not resolve the underlying pressures: incompatible hardware, privacy concerns, and a rapidly shifting AI‑centric vision for Windows. For users, the immediate steps are clear — install KB5063709, evaluate your privacy trade‑offs, and enroll before the October deadline. The decisions made in the next few weeks will determine whether a generation of PCs stays protected or becomes a open target in a threat landscape that never sleeps.