Beginning February 17, James Madison University will cut network access to any JMU-owned computer running unsupported versions of Windows or macOS — a hard campus enforcement that targets Windows 10/11 builds 22H2 and below as well as macOS Ventura and older releases. This move is a strict, date-driven push to eliminate insecure endpoints from the university network and protect campus systems and data from escalating threats. (jmu.edu)
Upgrading an OS is rarely frictionless — hardware checks, driver updates, enterprise imaging, and application compatibility all add complexity. That said, running unsupported software on a university network is a recipe for data exposure and serious operational headaches. Use the tools available (Microsoft’s PC Health Check for Windows eligibility, Apple’s Software Update and hardware checks for Macs), engage JMU IT early, and follow the step-by-step checklist above to minimize downtime and keep the campus secure.
Source: James Madison University Update Your Operating System
Why institutions enforce OS lifecycles
Universities and large organizations rely on vendor-supplied security patches to reduce exposure to zero-day vulnerabilities, prevent lateral movement by attackers, and satisfy compliance requirements for student and research data. When an operating system reaches end of support, the vendor stops delivering security updates — leaving machines vulnerable to new exploits and increasingly incompatible with modern management tooling. Microsoft and Apple both publish lifecycle and security update guidance that organizations use to decide network access policies.The specific JMU policy
James Madison University's notice (published February 9, 2026) lists the affected systems as:- Windows 10 Enterprise/Education/Professional versions 22H2 and below (excluding LTSB/LTSC)
- Windows 11 Enterprise/Education/Professional versions 22H2 and below
- macOS Ventura and below (JMU cites Apple’s practice of providing security updates for the most recent macOS releases as the rationale)
What “unsupported” means — and why it matters
Microsoft’s lifecycle for Windows 10 and 11
Windows version 22H2 marked the last feature release for many Windows 10 editions and reached end of servicing dates tied to Microsoft’s lifecycle timeline. Microsoft has already ended servicing for certain 22H2 builds and set fixed cutoffs for Windows 10 support that reached their final dates in 2025; Windows 11 feature releases also have individual servicing windows. After the end-of-servicing date, Microsoft no longer issues security or reliability updates for those versions. For organizations, that means unpatched machines are prime targets and are frequently excluded from corporate networks until remediated.Apple’s macOS support cadence
Apple’s security bulletin pages show security updates being issued for older macOS releases (including Ventura) on a case-by-case basis, but Apple generally focuses fixes on the most recent major releases and their immediately preceding versions. That practical reality drives organizations to limit network access to machines running the current or near-current macOS releases. JMU’s note that “Apple provides security updates for the latest three versions” aligns with how many enterprise support contracts and vendor tools treat macOS compatibility.Immediate risks of staying on unsupported versions
- No security patches for new CVEs means a higher probability of compromise.
- Compliance failures for regulated data (research datasets, student records).
- Management blind spots as modern endpoint management tools may not support legacy releases.
- Application incompatibility — modern apps, VPNs, and SSO tooling may cease to support older OS releases.
Who is affected and why some devices are exempted
Affected device types
- JMU-owned Windows machines (Enterprise/Education/Professional) running 22H2 or older.
- JMU-owned Windows 11 devices running 22H2 or older in Enterprise/Education/Professional SKUs.
- JMU-owned Macs running macOS Ventura (13.x) or any earlier macOS releases.
Not affected / Exceptions called out by JMU
- Windows LTSB/LTSC editions are explicitly excluded from the “22H2 and below” block because those channels follow a different servicing cadence and often have long-term support windows intended for specialized systems.
- Devices not owned by JMU (personal machines) are not explicitly addressed by the notice, but if personal devices connect to the campus network they may be subject to separate access controls or conditional access rules. (jmu.edu)
Practical impact for users: what to expect
If your machine is blocked on Feb 17
Expect network authentication failures and loss of access to campus file shares, printers, and services that require network access. Wireless may drop onto a guest segment with limited access; VPN and remote access are likely to be blocked until the device is upgraded and reauthorized.Common user scenarios
- Faculty or staff with older lab/workstation PCs may find classroom or research machines unjoinable to domain services until reimaged.
- Researchers with legacy instrumentation tied to older drivers or control software could lose networked data collection.
- Mac users running Ventura on older hardware may not be able to install newer macOS versions due to hardware retirement, requiring a hardware refresh or alternative arrangements.
Immediate checklist: prepare before you upgrade
- Confirm your OS version — Windows: Settings > System > About; macOS: Apple menu > About This Mac.
- Back up critical data — File-level backups to OneDrive/Network share or Time Machine for Mac; verify backups before upgrading.
- Check hardware compatibility — Windows: run Microsoft’s PC Health Check; macOS: confirm model support in Software Update.
- Document installed applications and licenses — especially specialized lab software and VPN clients.
- Contact JMU IT Help Desk if you need administrative assistance, imaging, or exception requests.
Upgrading Windows on campus devices: options and pitfalls
Two primary upgrade paths
- Upgrade in place to a supported Windows build (Windows 11 or newer Windows 11 feature build) — easiest when hardware meets Microsoft’s requirements.
- Reimage to a supported enterprise image — recommended for machines with complex configurations or for large rollouts where imaging ensures driver and policy consistency.
Hardware checks and compatibility
Windows 11 requires UEFI, Secure Boot, and TPM 2.0, plus a compatible CPU family (newer-generation Intel, AMD, or Qualcomm CPUs). Microsoft’s PC Health Check tool will flag incompatibilities and explain remediation steps (e.g., enabling TPM in UEFI). For university-managed devices, firmware updates or BIOS configuration changes may be required prior to the upgrade.BitLocker and disk encryption
If the machine uses BitLocker, suspend protection before major OS upgrades, and ensure you have access to the BitLocker recovery key or that the key is escrowed to your Azure AD/Active Directory account.Extended Security Updates (ESU) as a stopgap
If a device cannot be upgraded immediately and must remain in operation, Microsoft’s Extended Security Updates (ESU) program can provide critical security patches for Windows 10 version 22H2 through a time-limited subscription window. ESU is a remediation, not a replacement for an upgrade; it costs and has prerequisites (including account requirements in many consumer scenarios). Organizations should evaluate ESU only as a bridge while planning OS migrations.Don’t rely on “unsupported” bypasses
Community-created bypasses or hacked installers that allow Windows 11 on unsupported hardware exist, but they carry real risks: lack of official updates, potential to break future patches, and the danger of downloading malware-laden copies of bypass tools. For campus-managed systems, these approaches are not a safe alternative to supported upgrades or hardware refreshes.Upgrading macOS on JMU-owned Macs: guidance and caveats
Determining upgrade eligibility
Open Apple menu > About This Mac to see model year and current version. Then go to System Settings > General > Software Update. If Apple lists an update, confirm with the IT Help Desk whether the update is approved for campus-managed Macs.Practical steps
- Back up with Time Machine to an external drive or verify cloud backup.
- Ensure management tooling compatibility — confirm that MDM profiles (if used) will function after the upgrade.
- Update third-party apps such as VPN clients, endpoint protection, and lab-specific software prior to upgrading.
- Install the macOS update via Software Update; expect a reboot and potentially long post-install steps.
For IT teams: campus-scale remediation playbook
1. Inventory and prioritization
- Run an authoritative asset inventory (SCCM/Intune/MDM/NetScan).
- Identify devices by OS, build, and application dependencies.
- Prioritize high-risk endpoints: servers, domain controllers, research systems, and devices with elevated privileges.
2. Communication and support channels
- Send targeted emails with step-by-step upgrade instructions, screenshots, and scheduled drop-in support sessions.
- Offer "upgrade clinics" for faculty and staff with restricted schedules.
- Publish clear instructions for how to get Help Desk assistance for devices that need imaging or in-place repair.
3. Automated remediation where possible
- Use Autopatch, Microsoft Intune, or WSUS to push upgrades to managed Windows devices.
- For Macs, leverage MDM (Jamf or similar) to orchestrate upgrades and configuration profiles.
4. Exception handling and temporary segmentation
- Enforce network segmentation for legacy systems that cannot be immediately remediated: put them into a tightly controlled VLAN with limited network resources and strict monitoring.
- Define a clear, auditable exception policy with expiration dates.
5. Test and validate
- Test upgrades on a representative sample of devices before broad rollouts, including peripherals, lab instrumentation, and vendor-supplied apps.
- Validate VPN, SSO, printing, and specialized applications after upgrade.
6. Timing and scheduling
- Be transparent about enforcement windows and any grace periods.
- Coordinate lab scheduling and class disruptions well in advance to avoid mid-term interruptions.
Real-world complications and how to address them
Legacy software and drivers
Many lab and research instruments were designed around older drivers and Windows versions. Work with vendors to obtain updated drivers or plan for controlled migration strategies, including retaining segregated legacy workstations when absolutely necessary.Hardware that cannot run Windows 11 or modern macOS
- For Windows: if hardware fails PC Health Check, consider BIOS updates, enabling TPM (if present), or a hardware refresh.
- For macOS: some older Macs are unable to install new macOS releases. Options include replacing hardware, using virtualization/containers for legacy apps, or isolating the device off the primary network.
Licensing and administrative constraints
Upgrades may require licensing considerations (Windows Enterprise vs. Pro, macOS deployment licensing for imaging), so coordinate with procurement and legal for campus-wide transitions.User pushback and productivity loss
Prepare clear messaging about security risks, available support, and timelines. Offer alternate devices or remote desktops for users who cannot upgrade immediately.A practical, step-by-step upgrade checklist for JMU device owners
- Identify OS and build immediately. (Windows: Settings → About. Mac: Apple menu → About This Mac.)
- Back up your data to an approved campus location or external media.
- Verify hardware compatibility:
- Windows: run PC Health Check to confirm Windows 11 eligibility and TPM status.
- macOS: check model support in Software Update.
- Check and record installed applications and licenses; note any that might break on newer OS versions.
- Suspend disk encryption temporarily (BitLocker/FileVault) if recommended by IT; ensure recovery keys are protected.
- Update firmware/BIOS to the latest OEM release.
- Schedule the upgrade during a low-impact time; allow time for post-upgrade driver and app updates.
- Re-enroll the device in campus management (Intune/JAMF) if needed and verify network access.
- Report any post-upgrade issues to the IT Help Desk promptly.
Strategic choices for departments and labs
- Replace vs. upgrade: For devices that cannot support modern OSes, calculate the total cost of ownership for a hardware refresh versus ongoing security and management risk.
- Long-term segmentation: For legacy research equipment requiring older OSes, segregate into a monitored VLAN with limited Internet access and strict authentication.
- Standardize images: Build approved images for classrooms and labs to accelerate remediation and minimize per-device troubleshooting.
Legal, compliance, and research considerations
Unsupported systems increase the risk of data breaches and noncompliance with federal or grant-driven data handling rules. Research data involving personally identifiable information or regulated datasets must be prioritized for remediation. IT and compliance offices should collaborate on risk assessments and document decisions about exceptions.What to do if your hardware is not upgradable
- Request a temporary exception with documented compensating controls (network isolation, stricter monitoring).
- Use a supported remote desktop or virtual machine hosted on campus infrastructure if the application can run on modern hosts.
- Plan for a hardware refresh funded through departmental capital budgets or centralized replacement programs.
Final analysis: strengths and risks of JMU’s approach
Strengths
- Clear deadline (February 17) sets a firm expectation and enables decisive action.
- Targeted scope (22H2 and below) aligns with vendor lifecycle realities and reduces ambiguity.
- Focus on owned assets allows IT to control remediation pathways for devices they manage. (jmu.edu)
Risks and potential downsides
- Short notice risks disruption to research and teaching if upgrades or hardware refreshes are not completed in time.
- Legacy device fallout: lab equipment and specialized peripherals may require vendor coordination that takes weeks or months.
- Support bottlenecks: Help Desk capacity could be overwhelmed by a concentrated surge of upgrade requests.
- Edge-case exceptions: Devices legitimately needing older OSes for business-critical apps will require careful exception handling to maintain security posture.
Conclusion — act now, but plan carefully
James Madison University’s announcement is an explicit call to action: unpatched, unsupported endpoints will not be tolerated on the campus network after February 17. For device owners, the sensible path is clear — identify your OS, protect your data, and schedule an upgrade or seek IT assistance immediately. For administrators, the moment demands accelerated inventorying, prioritized remediation, and clear communication to avoid classroom and research disruptions.Upgrading an OS is rarely frictionless — hardware checks, driver updates, enterprise imaging, and application compatibility all add complexity. That said, running unsupported software on a university network is a recipe for data exposure and serious operational headaches. Use the tools available (Microsoft’s PC Health Check for Windows eligibility, Apple’s Software Update and hardware checks for Macs), engage JMU IT early, and follow the step-by-step checklist above to minimize downtime and keep the campus secure.
Source: James Madison University Update Your Operating System
Similar threads
- Article
- Replies
- 0
- Views
- 149