Windows 10 End of Support 2025: Urgent Migration to Windows 11 and ESU Options

Microsoft’s decision to end mainstream support for Windows 10 on 14 October 2025 has created a high-stakes, time-sensitive problem for tens of millions of users and thousands of organisations — from home PCs in living rooms to entire enterprise fleets — forced to choose between hurried upgrades, paid stopgap fixes, or continued exposure to growing cyber risk.

Background / Overview​

Windows 10 launched in 2015 and became the world’s dominant desktop operating system, but Microsoft’s lifecycle policy is clear: the platform’s free technical assistance, feature updates and security updates for most editions will cease on 14 October 2025. That cut-off is official and non-negotiable for the core Windows 10 SKUs; Microsoft is directing users toward Windows 11 or to enrol in time-limited Extended Security Updates (ESU) where available.
The timing and scale of this transition matter because large swathes of both consumer and enterprise deployments remain on Windows 10. Independent telemetry and vendor data show a substantial portion of organisations and many individual owners have not migrated — leaving an immediate policy, cost and security problem when patches stop arriving. Two striking data points that capture the scope of the issue are these: consumer group Which? estimates roughly 21 million people in the UK still use Windows 10 devices, and security vendor Kaspersky reports that nearly 60% of corporate endpoints are still on Windows 10. Both numbers underline the real-world exposure of millions of users and the operational challenge for IT teams.

---

Why this matters: security, compliance and operational risk​

Keeping an operating system patched is the first line of defence against malware, ransomware and zero-day exploits. When vendor-supplied security updates and fixes stop, attackers focus their efforts on known, unpatched vulnerabilities. The immediate consequences are:

• Increased vulnerability to malware and ransomware — unsupported systems that are no longer patched represent predictable attack surfaces.
• Regulatory and compliance exposure — organisations subject to data-protection or sector regulation can face penalties if they knowingly run unsupported software that fails to meet contractual or legal security baselines.
• Operational risk and productivity loss — aged hardware and incompatible drivers can cause application failures, more frequent incidents and escalating help-desk costs.
• Environmental and cost externalities — forced hardware refreshes can generate e‑waste and impose budget pressure on consumers and public services.

Microsoft’s official guidance frames the situation as a migration problem to Windows 11, and as of the support announcement the company has outlined ESU enrollment as a transitional option — but the socio-technical problem is broader than a single vendor directive.

---

The numbers: adoption, exposure and the potential bill for businesses​

UK consumer exposure (Which? survey)​

Which? ran a nationally representative survey in September 2025 and estimates about 21 million people in the UK still own and use a laptop or desktop running Windows 10. Worryingly, about 26% of those respondents said they planned to continue using Windows 10 after free updates stop. That mix of large absolute numbers and a significant “stick with 10” cohort explains the pressure on public advice and repair charities.

Corporate exposure (Kaspersky telemetry)​

Kaspersky’s September 2025 analysis of anonymised telemetry data indicates that over half of general users and nearly 60% of corporate devices were still running Windows 10 only weeks before end-of-support. This reinforces that the migration problem is not purely consumer-facing — businesses of all sizes must weigh security, compatibility and workforce disruption.

Enterprise cost modelling (Nexthink)​

Digital employee experience specialist Nexthink modelled enterprise exposure and concluded that, under plausible assumptions, around 121 million Windows 10 devices in enterprise contexts could still require support at the deadline, and that providing Extended Security Updates at an initial figure of $61 per device would translate into more than $7.3 billion in first-year support costs if organisations opted for paid ESUs rather than migration. That estimate has proliferated in industry coverage and is useful as an order‑of‑magnitude figure for CIOs planning budgets. The Nexthink analysis also flagged that Windows 11 deployments, in their telemetry, show higher crash rates today — an important operational datapoint for migration planning.

Why those estimates vary​

Estimates for global Windows 10 headcount and the cost of continued support vary widely across sources — from hundreds of millions to much lower figures — because Microsoft’s public telemetry is aggregated and vendor measurements (Statcounter, Kaspersky, Nexthink, etc.) use different sample populations and methodologies. Treat global totals as indicative ranges rather than precise counts, and plan accordingly.

---

The public backlash: repair shops, campaign groups and petitions​

The Windows 10 end-of-support plan has triggered broad public and industry pushback. Repair advocacy groups, environmental organisations and repair shops argue Microsoft’s hardware-based eligibility for Windows 11 effectively forces hardware replacement, which creates e‑waste and harms consumers who bought perfectly functional devices.
Organisations coordinated by consumer‑advocacy groups delivered open letters and petitions calling on Microsoft to extend free updates or make the transition fairer. One coordinated campaign secured signatures from hundreds of repair businesses and nonprofits, plus dozens of environmental and consumer groups, arguing that the plan risks both security and sustainability outcomes for millions. These groups also pointed to petitions in multiple countries — notably France — where tens of thousands signed appeals for extended free updates. The public pressure prompted Microsoft to expand consumer ESU options in certain regions as a limited concession, but the central problem — migration or paid ESU — remains.

---

What Microsoft is offering: Windows 11, ESU and mitigations​

Microsoft’s official stance is straightforward:

• Upgrade to Windows 11 where hardware and firmware permit. Microsoft characterises Windows 11 as “more modern, secure, and highly efficient.” The upgrade is free for eligible Windows 10 PCs that meet the platform requirements.
• Extended Security Updates (ESU): Microsoft has set up ESU options to provide security-only updates for Windows 10 on a limited, paid basis (with different pricing and eligibility for consumers, education and enterprise). ESU is explicitly designed as a bridge, not a long-term alternative to migration.
• Limited regional concessions and one-year consumer ESU routes were offered to ease the public transition, but they do not replace an enterprise migration plan.

It is important to note that ESU supplies security patches only — not feature updates, product support, or new functionality — and cost assumptions vary depending on the channel (CSP pricing, educational discounts, and consumer offers differ). Organisations should confirm exact ESU pricing and contract terms with Microsoft or their reseller before budgeting.

---

Practical implications — what consumers and small businesses should do now​

For home users and small businesses the clock is short. Below is an urgent, pragmatic checklist.

• Check whether your PC is eligible to upgrade to Windows 11 using the official compatibility tool.
• If eligible, schedule and test the Windows 11 upgrade on non-critical devices first.
• If ineligible, evaluate ESU options for one year as a temporary bridge—and calculate whether hardware replacement or switching to an alternative OS (Linux distributions, Chrome OS Flex) is more cost-effective.
• Back up all data and make a recovery plan before attempting major upgrades.
• For devices you keep on Windows 10 beyond 14 October: harden them — ensure up-to-date antivirus, remove unnecessary services, disable remote access where possible, and isolate them on segmented networks.
• Why action is urgent: a significant minority of users say they plan to remain on Windows 10 even after updates stop, yet doing so increases exposure to exploitation and fraud. The short ESU window is a tactical buffer, not a permanent fix.

---

Enterprise migration: priorities, tactics and hidden costs​

For IT leaders, the Windows 10 EOL is a classic large-scale change program with technical, financial and people risks.

Rapid triage: build a device inventory and risk profile​

• Identify where Windows 10 runs (workstations, kiosks, industrial PCs, lab machines).
• Assess business-criticality, external connectivity, regulatory constraints and third‑party software compatibility.
• Map devices to upgrade paths: in-place Windows 11, firmware or hardware refresh, or replacement with alternative platforms.

Prioritise by risk and business impact​

• Critical systems interacting with regulated data must be top of the list for migration or ESU.
• Legacy endpoints that support minimal business functions and have no internet access may be acceptable to isolate temporarily — but that must be an explicit, documented decision.

Account for total cost of ownership​

• Direct costs: hardware procurement, deployment tools, staff hours, ESU charges (if used), and licensing.
• Indirect costs: lost productivity from hardware incompatibilities, application refactoring, training, and increased incident response workload during the migration wave.
• Nexthink’s modelling suggests the immediate first‑year outlay for ESU at scale could exceed $7 billion for organisations that buy paid ESU instead of migrating — which is the headline figure CIOs should consider when evaluating long-term value.

Migration best practices​

• Run pilot groups to evaluate device compatibility, driver maturity and peripheral support.
• Use profiling tools (digital experience monitoring) to identify applications with the highest failure risk.
• Automate image deployment and configuration wherever possible.
• Communicate clearly to end users and provide staged training and support.

---

Operational pitfalls and technical friction points​

Migrating from Windows 10 to Windows 11 is not always a pure software exercise. Key friction points include:

• Hardware eligibility: Windows 11 minimums (TPM, Secure Boot, supported CPUs) exclude many older but functional devices.
• Driver and peripheral compatibility: specialized labs, medical devices, or bespoke peripherals may lack vendor drivers for Windows 11.
• Application compatibility: legacy line-of-business apps sometimes require containment (virtual machines, application virtualization) or rewrite.
• User behaviour and support load: aggressive prompts or forced migrations without training produce help-desk backlog and productivity losses.

Where migration proves costly or slow, ESU can buy time — but at a real bill and ongoing risk profile that must be actively managed.

---

The broader consequences: e‑waste, inequality and public policy​

This transition has sparked debate about software-driven obsolescence. Campaign groups argue that strict hardware gating for Windows 11 forces hardware replacement, amplifying e‑waste and imposing financial burdens on low-income households, schools and local governments. Repair networks and right‑to‑repair advocates have mobilised, producing open letters and petitions demanding longer free support windows or regulatory responses to protect consumers and the environment. The argument is less about technology than about the economic and environmental footprint of vendor lifecycle choices.

---

Risk mitigation for organisations that cannot immediately migrate​

If migration cannot be completed before the deadline, organisations should adopt layered compensating controls:

• Network segmentation to isolate unsupported endpoints from critical assets.
• Strict access control and multifactor authentication to reduce account compromise risk.
• Endpoint detection and response (EDR) coverage across remaining Windows 10 devices where possible.
• Enrolment in ESU for the most critical systems while accelerating migration for the remainder.

Panaseer and other security practitioners emphasise that a data-led, prioritised approach — mapping who uses a device, what it connects to, and its criticality — delivers faster risk reduction than blanket tactics. Applying compensating controls for the highest-risk systems first reduces exposure while migration proceeds. (Note: statements on mitigation frameworks should be implemented in line with each organisation’s compliance obligations and threat model.)

---

What’s likely to happen after 14 October 2025​

• A two-tier landscape will persist for a while: some users will have migrated to Windows 11, some will have paid for ESU, and others will run unsupported Windows 10 devices.
• Attackers will probe unsupported versions for unpatched vulnerabilities, which could increase incident rates on exposed devices.
• Markets for used hardware, refurbished devices and migration services will spike, and some public-sector budgets may be stretched due to forced refresh cycles.
• Pressure on Microsoft from advocacy groups and regulators may grow; however, Microsoft’s official position is to treat ESU and migration as the policy route forward.

---

Practical roadmap: a six-step plan for organisations​

• Inventory: Complete a device and application inventory within 7–14 days.
• Risk scoring: Prioritise by business-criticality, exposure and compliance requirements.
• Pilot and test: Run Windows 11 pilots on representative hardware and applications.
• Communicate: Publish a migration timeline and support plan for users.
• Mitigate: Apply network segmentation, EDR and MFA for unsupported devices.
• Decide on ESU: For high-risk systems, enrol in ESU only as a time-bound bridge.

Following a clear, disciplined roadmap reduces the risk of emergency, incremental decisions that inflate costs.

---

Strengths and shortcomings of the current approach​

Notable strengths​

• Microsoft is offering structured options: free upgrades where eligible plus ESU as a bridge for those who cannot migrate immediately.
• The move accelerates adoption of modern security features (hardware-based protections in Windows 11) that can reduce some classes of attack over time.
• Public debate and advocacy have already produced modest concessions and created transparency about the consequences of end-of-support policies.

Key weaknesses and risks​

• The policy produces clear distributional harms: those with newer devices benefit, while households, schools and small organisations with older but functional hardware are pressured to spend or accept risk.
• ESU is a costly temporary fix for organisations, diverting budget away from long-term modernisation.
• The scale and timing create a narrow window that can strain supply, services and procurement cycles during peak migration demand.
• The patching cliff increases attack surface; historically, attackers focus on unsupported platforms soon after vendor EOLs.

---

Final assessment and recommendations​

The Windows 10 end-of-support is a consequential lifecycle event with technical, financial and social implications. For consumers, the best immediate actions are to check eligibility, back up data, and either upgrade or enrol in short-term ESU if migration isn’t possible. For organisations, the imperative is to treat this as a formal program: inventory, prioritise, pilot, mitigate and then migrate — while budgeting realistically for ESU, endpoints refresh, and the help-desk surge.
Time is the scarcest resource. The most prudent stance for IT leaders is to translate broad industry estimates into a granular, data-driven migration plan today — because the cost of unplanned outages, breach remediation and regulatory fallout will, in almost every scenario, exceed the measured cost of a disciplined migration program.

---

Quick reference: what to do this week​

• Verify your Windows 10 devices and identify who owns them.
• Use the Windows PC Health Check or equivalent to test Windows 11 eligibility.
• Back up critical data and create a recovery image.
• Place a short list of essential systems into ESU only if they are critical and cannot be migrated.
• Ensure network segmentation and strengthen authentication on all remaining Windows 10 endpoints.

This policy transition is manageable with clear, prioritised action. Delay will cost more in money, time and risk.

---

Source: digit.fyi Windows 10 Shutdown Puts 21 Million UK Users at Risk