A bit of a dry one this week, but as the end of life for Windows 10 is right around the corner, we wanted to make sure we’ve put out a reminder for any organisations that haven’t started taking steps. This is a crucial consideration for any organisation that holds or is seeking Cyber Essentials certification. After 14 October 2025, Windows 10 will no longer receive free security updates from Microsoft.
Why Software Updates are Critical for Business Compliance
Cyber Essentials requires organisations to use supported and licensed software. All software can contain vulnerabilities that criminals can exploit, either manually in a targeted attack, or automatically using scanning software or online scripts that target vulnerable machines. When a software vendor – like Microsoft, stops releasing updates to fix these vulnerabilities, the software is considered unsupported and becomes a significant security risk. Developers are no longer playing the game of cat and mouse whereby updates are released to fix vulnerabilities that are discovered.
Failing to address these known vulnerabilities can lead to cyber incidents and leave your business assets non-compliant. Continued use of unsupported software is a direct violation of the Cyber Essentials standard, as remaining vulnerabilities often become widely known to attackers, who create automated tools to exploit them. In short, the change in your risk posture is substantial – and so it’s vital you make a risk informed decision to either upgrade to Windows 11 or secure your current Windows 10 devices using the Microsoft Extended Security Updates program.
The decision – Upgrade to Windows 11 or get the Extended Security Updates
When planning for Windows 10’s end of life, first you need to first determine if your current computers are capable of running Windows 11. Upgrading to a supported operating system is the generally recommended solution.
How to Check for Windows 11 Compatibility
To check if your particular machine can be updated to Windows 11:
- Click the Start button and select Settings.
- Go to Update & Security, then select Windows Update.
- Click the Check for updates button. Your system will usually check and display a message if the Windows 11 upgrade is ready, or if your PC meets the minimum requirements.
If your computer is compatible, upgrading to Windows 11 is the most straightforward path to secure, ongoing support.
The Hardware Decision
If your current computer cannot run Windows 11—which is common for older machines that may lack required components like a modern processor or a TPM (Trusted Platform Module) chip, it’s time to make a decision:
- Option A: Purchase New Hardware: For true long-term compliance and security, investing in new PCs that come with Windows 11 pre-installed is the recommended solution. This ensures your systems have the latest security features and can support future software updates.
- Option B: Purchase ESUs: If your business cannot replace all its computers immediately due to budget constraints or reliance on legacy applications, the Windows 10 ESU program is a viable temporary solution. This is a paid service that will provide critical security updates for up to three years. It allows you to maintain Cyber Essentials compliance and manage your business risk while you plan for future hardware investments.
The Microsoft Extended Security Updates (ESU) Program
For commercial organisations, the ESU program is a paid service available through the Microsoft Volume Licensing Program. The cost begins at $61 per device for the first year, with the price doubling in each subsequent year. Remember that this is designed to be a business decision to manage risk and maintain compliance when a full-scale upgrade to Windows 11 is not immediately feasible due to legacy hardware or software dependencies, and not a formal long term fix.
It is important to note that ESU only provides critical and important security updates. It does not include new features, non-security updates, or technical support.
Planning Your Corporate Upgrade Path
Again, continued compliance and long-term security, the generally recommended path is to upgrade your corporate devices to a supported operating system, such as Windows 11. This can be managed by your internal IT team or a managed service provider (MSP); if your MSP hasn’t contacted you about this yet, you should table a meeting with them at your nearest convenience!
It’s a simple pathway to follow that requires some administrative effort, and certainly one that is easier followed sooner rather than later.
Have a great week everyone.