Starting October 14, 2025, Microsoft will stop issuing security updates for Windows 10—unless users enroll in the Extended Security Updates (ESU) program, and the free path requires syncing with OneDrive right now. That deadline is less than a month away for the hundreds of millions of devices still running Windows 10, and the single most important action consumers can take is to enable Windows Backup, which links a Microsoft account and syncs settings and files to OneDrive. Without enrollment, those PCs will remain functional but will no longer receive monthly patches, exposing them to any new vulnerabilities discovered after support ends.
Microsoft announced the consumer ESU program as a tightly focused bridge. It offers security-only updates for one additional year, through October 13, 2026, for devices running Windows 10, version 22H2. The program does not extend feature updates, non-security fixes, or technical support. It is a stopgap for personal devices that cannot or will not upgrade to Windows 11, and it arrives as the company faces a class-action lawsuit in California alleging that the strict hardware requirements for Windows 11 are engineered to force hardware purchases.
The Three Doorways into ESU
The enrollment process is built into Windows Update, where eligible devices will see an “Enroll now” option. Microsoft has rolled out the experience in waves, fixing early enrollment bugs with an August cumulative update. Three paths exist:
- Free route: Activate Windows Backup, which syncs PC settings and files to OneDrive, and sign in with a Microsoft account. This path is the quickest and most accessible for everyday users.
- Rewards route: Redeem 1,000 Microsoft Rewards points to qualify. However, this route has been plagued by intermittent availability issues and is not consistently offered to all users.
- Paid route: A one-time purchase, reported at approximately $30 USD, which can cover multiple devices tied to the same Microsoft account. Exact pricing, regional terms, and device-count limits vary, so users must verify details in the enrollment wizard.
The free route is the most widely advertised, but it comes with a significant trade-off: users must embrace cloud backup and a Microsoft account. For those who prefer local control or who have privacy reservations, the paid or Rewards options may be more palatable—if they work.
Why Inaction Is a Security Gamble
An unpatched Windows 10 machine after October 14 becomes a static target. Microsoft will no longer test and release fixes for newly discovered vulnerabilities, including zero-day exploits. Historically, attackers reverse-engineer updates for supported versions and quickly weaponize unpatched flaws on unsupported systems. The risk is not theoretical: past end-of-life events for Windows 7 and XP saw spikes in successful attacks against devices that lacked the latest patches.
Beyond security, organizations and individuals face compliance and compatibility risks. Regulated industries may violate contractual or regulatory requirements by running unsupported software. Independent software vendors and hardware manufacturers often stop certifying their products on outdated OS builds, leading to reliability problems that accumulate over time. The practical message is clear: the longer a system lingers without patches, the larger the operational and legal blast radius becomes.
Step-by-Step: How to Lock In Your Free Security Year
For the majority of home users, the free path is the simplest route. Completing these steps before October 14 secures eligibility:
- Confirm your Windows 10 version. Go to Settings > System > About and ensure you are on version 22H2. If not, install all pending updates from Settings > Update & Security > Windows Update until 22H2 is applied.
- Sign in with a Microsoft account. The consumer ESU enrollment binds eligibility to a Microsoft account, so make sure you are signed in on the device you want to protect.
- Create a full backup. Perform a local image backup (using a tool like Windows System Image or third-party software) and copy critical files to an independent cloud service. OneDrive sync is convenient, but it should not be your only backup.
- Enable Windows Backup. In Settings > Accounts > Windows backup, turn on the syncing of your files, folders, and settings to OneDrive. This step qualifies your device for the free ESU enrollment.
- Look for the “Enroll now” prompt. Navigate to Settings > Update & Security > Windows Update. If you see the enrollment link, follow the wizard and select the free pathway. If the link is missing, install all pending updates, reboot, and check again—Microsoft has deployed the feature gradually.
- Verify ESU updates. After enrollment, future security patches should be labeled with “ESU” in Windows Update history. Confirm that Critical and Important updates are being applied.
If the free path isn’t visible or acceptable, users can attempt the Rewards redemption (check your Microsoft Rewards account beforehand) or pay the one-time fee. In all cases, act early. Last-minute enrollment attempts may fail due to server load or lingering bugs.
When Upgrading Beats Extending
ESU buys a year, but it is not a final destination. Users should use that time to migrate to a supported platform. The first checkpoint is determining whether the current hardware can run Windows 11. Microsoft’s PC Health Check tool evaluates processor compatibility, TPM 2.0 presence, Secure Boot status, and other requirements. If the tool reports incompatibility, users can often enable TPM and Secure Boot in the BIOS, but unsupported CPUs remain a hard block. For most people, a motherboard or CPU swap is impractical, leaving two realistic options: stick with ESU until the deadline, or purchase a new Windows 11 device.
Other viable migration paths include:
- Virtualization: Running a Windows 10 virtual machine for legacy applications, while moving daily productivity to a Windows 11 host or cloud PC.
- Cloud desktops: Windows 365 or similar services can offload compatibility burdens and provide a secure, always-updated environment.
- Alternative OS: For technically skilled users, Linux distributions offer a supported, cost-free environment, though application compatibility and peripheral support must be carefully evaluated.
Organizations face a more complex landscape. Staged migrations, application compatibility testing, and enterprise-grade ESU (available through volume licensing) may be necessary. For them, ESU is a time-boxed mitigation, not a solution.
The Wider Context: Lawsuits, LTSC, and Application Updates
The October 14 deadline is not absolute for every Windows 10 variant. Specialized editions, such as Windows 10 IoT Enterprise LTSC 2021, follow separate lifecycle policies and enjoy support into the 2030s. This nuance often gets lost in sweeping headlines, but it matters for embedded systems and industrial environments. Similarly, Microsoft has indicated that updates for Microsoft 365 Apps and Edge may continue on Windows 10 for a time, but those application patches do not secure the underlying OS. The operating system kernel itself must remain supported to be considered secure and compliant.
A consumer lawsuit filed in California in August 2025 accuses Microsoft of using the end-of-support deadline and strict Windows 11 hardware requirements to push unnecessary hardware purchases. The suit is an active legal claim, not a proven fact, but it has amplified the public debate around planned obsolescence, e-waste, and consumer choice. Whether or not the courts intervene, the lawsuit underscores a palpable frustration among the Windows 10 holdout majority.
Real-World Enrollment Friction and How to Overcome It
The ESU rollout has not been seamless. Users have reported missing “Enroll now” buttons, erratic Rewards redemption, and confusion about how many devices a paid license covers. Based on community feedback and official guidance, these are the most common pitfalls:
- Missing enrollment link: If you don’t see the prompt, double-check that you are on 22H2 with all cumulative updates installed. A full restart (not just a shutdown) often helps the Windows Update client refresh its eligibility check.
- OneDrive privacy concerns: Syncing to Microsoft’s cloud means your documents and settings reside on their servers. Users who treat this as a dealbreaker can opt for the paid route and maintain a local-only backup routine. However, the paid path may still require a Microsoft account for license binding.
- Rewards unreliability: If the Rewards option does not appear or fails to redeem, document the error and consider switching to the free or paid path to avoid missing the deadline.
- Regional pricing gaps: The $30 figure is an estimate for U.S. consumers. Prices in other markets may differ, and the purchase flow might reject payment methods from certain regions. Always confirm final terms on the enrollment screen before paying.
If all else fails, Microsoft support or the Windows Update help pages are the official escalation points—but resolution times vary, so don’t wait until October 13.
A Ten-Point Checklist for the Final Countdown
- Mark October 14, 2025 in big red letters on your calendar—and set a reminder for a week earlier.
- Verify your Windows 10 version and upgrade to 22H2 if needed.
- Sign into a Microsoft account on every Windows 10 PC you intend to keep secure.
- Create a full image backup on an external drive and test it.
- Run an independent cloud backup (not only OneDrive) for irreplaceable files.
- Enable Windows Backup/OneDrive sync if you plan to use the free ESU path.
- Open Windows Update and look for “Enroll now”; follow the wizard promptly.
- If enrollment is missing, install all updates, reboot, and check again. Escalate if needed.
- Run PC Health Check on machines you hope to upgrade to Windows 11 and start testing critical apps in a lab or VM.
- Document your plan: timeline, hardware budget, and migration milestones. Treat ESU as a one-year bridge, not a permanent state.
Final Verdict: A Bridge, Not a Home
Microsoft’s consumer ESU program is a pragmatic concession to the enormous Windows 10 installed base. It keeps personal devices patched for another year, but it demands a Microsoft account and, for the free tier, active OneDrive backup. The program is narrow by design—security-only updates, no features, no support—and it expires on October 13, 2026. After that, all supported paths evaporate.
For users who cannot upgrade to Windows 11, ESU is an essential safety net, but it is a temporary one. The safest long-term strategy remains moving to a supported operating system, whether that means upgrading eligible hardware to Windows 11, buying a new PC, or migrating to a different platform. For businesses, ESU should be a deliberate, time-boxed mitigation while parallel migration efforts proceed.
The deadline is non-negotiable, and the enrollment process has proven to be uneven. Back up your data, check your version, enable Windows Backup if you want the free pass, and complete enrollment before October 14, 2025. The alternative—running an unpatched OS—is a risk no one should take.