Microsoft will lock critical security updates for Windows 10 behind a Microsoft account sign-in and an annual fee once the operating system hits end of support on October 14, 2025. The company's Extended Security Update program, which has historically been reserved for enterprise customers, is being offered to individual consumers for the first time — but with strings attached. Home and Pro users can pay $30 to receive one additional year of security patches, while organizations face a three-year, per-device price ladder that escalates steeply.
For millions of Windows 10 devices that cannot or will not move to Windows 11, this creates a hard choice: pay up, stay vulnerable, or migrate. With Microsoft's latest OS requiring Trusted Platform Module 2.0 and a relatively modern CPU, Windows 10 remains the dominant platform on over 60% of Windows PCs globally. The impending support cliff is one of the most significant Windows lifecycle events since the XP-to-Vista transition.
End of the Road for Windows 10 Support
October 14, 2025 marks the official end of support for Windows 10 version 22H2, the last feature update the operating system will receive. After that date, devices running Windows 10 will no longer get quality updates, security patches, or technical assistance from Microsoft. While the OS will continue to function, any newly discovered vulnerabilities will remain unpatched, inviting malware, ransomware, and data theft.
The scale of the problem is immense. StatCounter data from early 2025 shows Windows 10 still running on roughly two out of every three Windows systems worldwide. Many of these machines are perfectly functional but lack the hardware to meet Windows 11's strict requirements. Others belong to users who simply prefer the older interface or fear the forced Microsoft account sign-in on Windows 11 Home.
Microsoft's answer to this looming security crisis is the Extended Security Update program. First introduced for Windows 7 after its 2020 end of support, ESUs were previously available only to volume-licensing customers with Software Assurance. This time, the company is broadening access — but not without controversial preconditions.
Who Gets ESUs and What They Cover
The ESU program is strictly limited to Windows 10 version 22H2. Devices running earlier builds, such as 21H2 or 1909, must upgrade to 22H2 before October 2025 to qualify. The updates will cover only critical and important security bulletins rated by the Microsoft Security Response Center. No non-security bug fixes, design changes, or new features will be provided.
For individual consumers, the offering covers Windows 10 Home and Pro editions. Enrollment will require a Microsoft account linked to the device. Microsoft has not yet detailed the exact sign-up process but confirmed the consumer ESU will be a one-year, one-time purchase for $30. That buys security updates from October 2025 through October 2026. There is no option to extend beyond that first year for consumers.
Businesses and education institutions have more flexibility — and a much higher bill. Organizations can purchase ESU licenses in one-year increments for up to three years, extending coverage through 2028. Pricing follows a doubling model:
| Year | Annual fee per device |
|---|---|
| Year 1 (2025–2026) | $61 |
| Year 2 (2026–2027) | $122 |
| Year 3 (2027–2028) | $244 |
The total cost per device for the full three-year course comes to $427. Large enterprises with thousands of Windows 10 PCs could face seven-figure bills. Microsoft recommends that organizations assign ESUs only to devices that absolutely cannot be upgraded and accelerate migration for the rest.
The Microsoft Account Lock-In
Perhaps the most contentious requirement is the need for a Microsoft account. All consumer ESU enrollments must be tied to a personal Microsoft account — such as an Outlook.com, Hotmail, or MSN email address. This effectively forces users who have been running Windows 10 with a local account to convert or create an online identity just to receive security updates.
Microsoft has been pushing Microsoft accounts aggressively for years, positioning them as a gateway to OneDrive, Microsoft 365, and cross-device sync. Windows 11 Home requires an internet connection and a Microsoft account during setup. The ESU mandate extends that pressure to Windows 10 users who have so far resisted. Critics argue it's a data-gathering play disguised as a security measure, collecting telemetry, usage patterns, and advertising identifiers.
From a technical standpoint, a Microsoft account may simplify the ESU license validation. A cloud-based license tied to an account can be checked at boot, making it harder to pirate or share. But for privacy-conscious users and small businesses that rely on local accounts for simplicity or regulatory reasons, the mandate adds friction and erodes trust.
Migration Is Still the Recommended Path
Microsoft's official guidance remains unwavering: move to Windows 11. For most users, the upgrade is free if their hardware qualifies, and it brings features like improved security baselines, native AI integration, and a modernized interface. The company has used the ESU pricing to nudge organizations toward migration — the cost quickly surpasses that of a new Windows 11 Pro license.
However, the hardware barrier is real. Windows 11 requires an 8th-generation Intel Core or AMD Ryzen 2000 series processor and TPM 2.0. Millions of older but capable PCs — including many sold as recently as 2017 — are locked out. Microsoft has not budged on these requirements, even for commercial customers. This leaves admins with unenviable options: replace perfectly good hardware ahead of its natural lifecycle, use unapproved workarounds to install Windows 11 on incompatible machines, or pay the ESU tax.
Environmental groups have criticized the forced obsolescence, pointing to the e-waste generated by discarding functional devices. Microsoft's response has been to double down on security benefits of TPM 2.0 and hardware-based isolation, arguing that the bar is necessary to combat modern threats. The ESU program is, in effect, a paid bridge for those who can't or won't cross yet.
What Happens When ESUs Run Out
For consumers, the one-year lifeline ends in October 2026. After that, no further security updates will be available for Windows 10 at any price. Businesses that buy all three years will reach the hard cut-off in 2028. At that point, every Windows 10 machine becomes a perpetual liability unless it is air-gapped from the internet.
Microsoft has hinted that it could extend or modify the program in response to demand, but as of now, the stated timelines are final. The company views Windows 10's sunset as a necessary step to unify its platform around the Windows 11 security model and to drive adoption of new hardware with AI acceleration.
Community Reaction and Alternative Solutions
The reception has been mixed. Enterprise IT managers appreciate the structured timeline and predictable costs, but many SMBs feel blindsided by the expense. Consumer forums and social media are filled with users vowing to switch to Linux or to run Windows 10 unpatched behind aggressive firewalls — a risky bet. Some third-party security vendors have begun marketing extended support services that promise to fill the patch gap without Microsoft, though these come with their own costs and compatibility caveats.
A small but vocal contingent is exploring the gray market of third-party patchers or registry hacks that trick Windows Update into delivering patches meant for other OS versions. These approaches are fundamentally unsupported and could break system stability or introduce new vulnerabilities.
How to Prepare Now
With the October 2025 deadline approaching, Windows 10 users should act immediately:
- Check your hardware: Run the PC Health Check app to see if your device meets Windows 11 requirements.
- If eligible, plan your upgrade: Back up your data, note your software licenses, and schedule the migration at a convenient time. Windows 11 offers a familiar experience and better security.
- If not eligible, consider hardware replacement: Budget for a new PC that comes with Windows 11 preinstalled. Trade-in programs and recycling incentives can offset costs.
- If you must stay on Windows 10, set a calendar reminder: Enrollment details for the consumer ESU will be published closer to the end-of-support date. You'll need a Microsoft account and $30 ready.
- Business customers: Engage with your Microsoft licensing partner immediately. ESU keys can be purchased through the Volume Licensing Service Center or Cloud Solution Provider program. Evaluate which devices can be upgraded, which need ESUs, and which can be decommissioned.
For organizations, the three-year window is deceptively short. Testing and deploying Windows 11 across a large fleet, especially with custom line-of-business applications, can take 18 months or more. Delaying until 2025 risks running into the support cliff mid-migration.
Microsoft's ESU gambit is a realistic, if expensive, solution to a problem of its own making. By drawing a hard line on hardware requirements, the company forces users into a corner: pay for security, or leave. The Microsoft account mandate adds a layer of digital identity lock-in that will concern privacy advocates. As the clock ticks, the choice for Windows 10 loyalists becomes increasingly stark.