Key Takeaways: Windows 10 standard support ended in October 2025. The Extended Security Updates program that’s keeping many business PCs patched expires on October 13, 2026, and cannot be renewed for consumer and most small business users. After that date, Windows 10 devices will receive no further security patches of any kind. This post explains what that actually means for your business, what your hardware options are, and why planning now avoids the expensive scramble that always comes with last-minute upgrades.
If your business is still running Windows 10 devices and enrolled in Extended Security Updates, they probably feel fine right now. They turn on. They run the applications your team needs. They receive critical security patches. Nothing feels broken.
That’s the thing about deadlines: they don’t announce themselves until they arrive.
Microsoft officially ended Windows 10 standard support on October 14, 2025. The Extended Security Updates program was designed as a short-term bridge to give businesses time to plan their migration. For consumer and most small business users, that bridge ends on October 13, 2026. After that date, the program closes and no further security updates will be issued for Windows 10 devices not covered under a commercial multi-year ESU agreement.
That’s not a technical footnote. For any business running unpatched Windows devices, it’s a direct exposure to every security vulnerability discovered after October 13, 2026, with no fix ever coming.
What Actually Happens When Windows 10 ESU Ends?
It’s worth being precise about what “end of support” means in practice, because the language can feel abstract until it doesn’t.
According to Microsoft’s official ESU documentation, after the program ends, Windows 10 devices will continue to function. Applications will still run. Files will still open. The machine won’t stop working on October 14, 2026. What stops is Microsoft’s commitment to finding and patching security vulnerabilities in the operating system.
Security researchers and attackers both discover new vulnerabilities in operating systems continuously. When a vulnerability is found in a supported OS, Microsoft issues a patch within days or weeks. When a vulnerability is found in an unsupported OS, Microsoft does nothing. The vulnerability stays permanently open. The longer a system runs after end of support, the longer that list of permanently unpatched vulnerabilities grows.
For businesses, this creates a specific set of downstream risks. Cyber insurance policies are increasingly explicit about supported software requirements. A claim submitted after an incident on an unsupported machine may be denied or significantly reduced. Compliance frameworks in healthcare, legal, financial services, and other industries assume your systems are running supported software. And supplier and partner security assessments, which are increasingly common in B2B relationships, treat unsupported operating systems as a finding that may need to be remediated before a contract is signed.
The risk isn’t hypothetical. The FBI’s 2025 Internet Crime Report recorded over $20.9 billion in cybercrime losses, a 26% increase over 2024. Unpatched systems are a consistent entry point for the credential theft, ransomware, and business email compromise attacks driving those numbers.
Can You Upgrade Your Windows 10 Devices to Windows 11?
Maybe. The answer depends on your hardware, and the answer matters for your budget planning.
Windows 11 has specific hardware requirements that older business PCs may not meet. The most common blocker is Trusted Platform Module version 2.0, a security chip required by Windows 11 for features like BitLocker encryption and Windows Hello identity protection. Microsoft’s official hardware requirements also include a compatible processor from Intel’s 8th generation Core series or AMD’s Ryzen 2000 series or later, at least 4GB of RAM, 64GB of storage, and UEFI Secure Boot support.
Devices purchased before 2018 are unlikely to meet these requirements without hardware modifications that typically aren’t practical or cost-effective. Devices purchased between 2018 and 2021 may meet the requirements or may need configuration changes, most commonly enabling TPM 2.0 through the device’s firmware settings. Microsoft notes that TPM 2.0 is present but sometimes disabled by default on many devices, and enabling it through the UEFI settings can make an otherwise incompatible machine eligible for the upgrade.
The practical implication for businesses is that your device estate is almost certainly a mix. Some machines will upgrade cleanly. Some will need configuration work to qualify. Some will need to be replaced entirely because the hardware simply can’t run Windows 11. Identifying which category each device falls into before October 2026 is the planning work that makes the difference between an orderly transition and an emergency hardware purchase.
Microsoft’s PC Health Check tool, available through Windows Update settings, is the fastest way to check any individual device’s compatibility. For businesses managing a fleet of machines, our managed IT services team can run a full compatibility audit across your environment and give you a clear picture of what you’re working with before you need to make any decisions under pressure.
What Are the Business Options After October 2026?
Once ESU ends for your Windows 10 devices, there are three paths forward depending on your hardware situation.
Upgrade to Windows 11 on compatible hardware. For devices that meet the hardware requirements, the upgrade to Windows 11 is free through Windows Update. The process is straightforward for well-maintained machines and can be managed centrally for businesses using Microsoft Intune or similar device management tools. If your devices are eligible, this is the most cost-effective path and should be planned and tested before October rather than rushed at the deadline.
Replace incompatible hardware. Devices that cannot run Windows 11 and are several years old were likely approaching replacement consideration anyway. A well-planned hardware refresh cycle, spread across the months before October 2026, avoids the pricing pressure and availability issues that come with everyone in the market needing replacements at the same time. New devices shipping today come with Windows 11 pre-installed and will receive updates and support for years beyond the Windows 10 deadline.
Commercial ESU for specific situations. For businesses with specific legacy applications that require more time, Microsoft does offer commercial ESU agreements extending coverage through 2027 and 2028 at escalating annual cost. Year one is priced at $61 per device, with the price doubling each subsequent year. This is a bridge for genuine migration complexity, not a substitute for planning. The cumulative cost across multiple devices and multiple years adds up quickly compared to a planned hardware refresh.
Whatever combination of these paths applies to your environment, the decisions are better made now than in September 2026. Our data backup and recovery services also play a role here: a hardware transition is a significant data movement event, and having current, tested backups before you begin is how you ensure the transition doesn’t create data risk alongside the OS upgrade.
Does Staying on Windows 10 Affect Cyber Insurance or Compliance?
Yes, and businesses in regulated industries should treat this as a compliance deadline, not just an IT project.
Most cyber insurance underwriting questionnaires now ask explicitly whether devices in the environment are running supported operating systems. Running a significant portion of your fleet on unsupported Windows 10 after October 2026 is a material disclosure that insurers may use to exclude coverage for incidents involving those devices, increase your premium, or require remediation before renewal.
Compliance frameworks including HIPAA, PCI-DSS, and various state-level data security regulations generally require that systems processing regulated data run supported software. An organization running unsupported Windows 10 on machines that access patient records, payment data, or regulated client information faces audit exposure and potential liability that extends beyond the insurance question.
Beyond formal compliance, business clients and partners increasingly include IT security assessments as part of vendor qualification. Unsupported operating systems appear as findings in those assessments. For businesses in professional services, manufacturing, healthcare, and financial services, being able to confirm that your environment runs supported software isn’t just an IT standard. It’s a business continuity and credibility issue.
If you’re uncertain about how your current environment would be assessed under your cyber insurance policy or applicable compliance requirements, contact Z-JAK Technologies for a review. We help Louisville businesses understand exactly where they stand before a renewal conversation or an audit makes it urgent.
What Should Businesses Be Doing Right Now?
With October 2026 roughly five months away, there’s still time to plan well, but that window is narrowing.
The first step is a hardware inventory with compatibility assessment. For each Windows 10 device in your environment, you need to know whether it can upgrade to Windows 11, whether it needs configuration changes to qualify, or whether it needs to be replaced. This assessment determines your budget, your timeline, and which devices need attention first.
The second step is prioritizing by risk exposure. Devices that handle client data, financial systems, or regulated information are higher priority than general productivity machines. Getting your highest-risk devices to a supported OS first, and doing it in a planned way, is better than a last-minute rush across your entire fleet simultaneously.
The third step is testing before deploying broadly. Windows 11 behaves somewhat differently from Windows 10 in interface and some application behaviors. Upgrading a small pilot group of devices, confirming your critical applications run correctly, and addressing any compatibility issues before rolling out to the full fleet prevents the productivity disruption that comes from discovering problems at scale.
Finally, schedule the replacements your hardware inventory identifies and space them across the remaining months. Hardware procurement has lead times, and waiting until September 2026 to discover you need to replace twelve machines means competing for inventory and rushed purchasing decisions.
Conclusion
Windows 10 ESU has served its purpose as a bridge. For consumer and most small business users, that bridge closes permanently on October 13, 2026. What comes after is an operating system with no security updates, growing vulnerability exposure, and insurance and compliance implications that compound over time.
The businesses that handle this well are the ones that treat October 2026 as a project deadline, not a future concern. A hardware inventory, a compatibility assessment, and a phased replacement and upgrade plan created now makes the next five months manageable. The same transition planned in September makes it expensive and stressful.
Contact Z-JAK Technologies here to schedule a Windows 10 end-of-life assessment for your environment. We’ll help you understand exactly what you have, what needs to change, and what a realistic, cost-effective transition plan looks like for your business.
Frequently Asked Questions
When does Windows 10 ESU actually end and what happens after?
For consumer and most small business users, the Windows 10 Extended Security Updates program ends on October 13, 2026. After that date, Microsoft will no longer issue any security patches for Windows 10, including for newly discovered vulnerabilities. The computers will continue to function, but every security flaw found in Windows 10 after October 13, 2026, will remain permanently unpatched. Commercial customers can purchase multi-year ESU coverage through 2027 and 2028 at escalating annual cost, but this is a bridge for complex migrations, not a long-term solution.
How do I know if my business PCs can upgrade to Windows 11?
The fastest check is Microsoft’s PC Health Check tool, available through Windows Update settings on any Windows 10 device. Windows 11 requires a compatible processor from Intel’s 8th generation Core series or AMD’s Ryzen 2000 series or later, TPM 2.0, at least 4GB of RAM, 64GB of storage, and UEFI Secure Boot. Many devices that appear incompatible actually have TPM 2.0 present but disabled in firmware settings, which can be enabled without hardware replacement. Devices older than approximately 2018 are likely to need replacement rather than upgrade. Our managed IT team can run a compatibility assessment across your full device fleet.
Does running Windows 10 after ESU ends affect my cyber insurance?
It can, and it’s worth checking your policy before the deadline. Most cyber insurance underwriting questionnaires now ask whether devices run supported operating systems. Running a meaningful portion of your fleet on unsupported Windows 10 after October 2026 is a disclosure that some insurers use to exclude coverage for related incidents, adjust premiums, or require remediation before renewal. If your policy is coming up for renewal before or after October 2026, raising this with your broker now is better than discovering the coverage gap after an incident.
Is the $61 per device commercial ESU worth paying for Windows 10?
It depends on your situation. Commercial ESU at $61 per device for year one, doubling to $122 in year two and $244 in year three, makes financial sense when you have a specific migration blocker: a legacy application that requires more time to update or replace, or a hardware refresh that can’t practically be completed before the deadline. It doesn’t make financial sense as a substitute for planning, because the cumulative cost across a multi-device fleet across multiple years adds up to a significant sum that would typically cover a well-planned hardware refresh on a better timeline.
What’s the biggest risk of waiting until September 2026 to start planning?
The biggest operational risk is hardware availability and lead times. If your inventory assessment reveals you need to replace a meaningful number of devices, hardware procurement typically takes weeks, and a concentrated rush of businesses all discovering the same problem in the same month can create pricing pressure and availability constraints. The biggest security risk is the gap between when you needed to act and when you do: devices that miss the October 13 deadline and stay on Windows 10 are unpatched from that day forward, and the longer they stay that way, the longer the list of known vulnerabilities with no fix. Starting the assessment and planning process now, with five months still available, gives you the most options at the lowest cost. Our cybersecurity consulting services can help you prioritize which devices need immediate attention.
Don’t Let October Catch You Off Guard
A Windows 10 end-of-life transition planned in advance is a manageable IT project. The same transition handled in a rush is an expensive one. Contact Z-JAK Technologies now to get a clear view of what your environment needs and a realistic plan for getting there before the deadline.