Navigation section

Windows 10 End of Support: ESU Enrollment or Upgrade with Microsoft Account

  • Thread Author
Microsoft has formally ended free support for Windows 10, and every user still running that OS needs to take immediate action to avoid growing security exposure: either enroll in the Windows 10 Consumer Extended Security Updates (ESU) program or upgrade to a supported operating system—and for many home users the single, crucial change is to sign in and remain signed in with a Microsoft Account to obtain one year of free ESU coverage.

Neon Windows shield beside a user icon and an Enroll now button on a cybersecurity dashboard.Background​

Microsoft announced that standard support for Windows 10 (Home, Pro, Education and Enterprise SKUs) ended on October 14, 2025. That means Microsoft no longer issues routine feature updates, security patches, or official technical assistance for Windows 10 after that date. The company has published lifecycle guidance and specific product notices outlining the end-of-support timeline. To soften the transition for consumers who cannot or will not move to Windows 11 right away, Microsoft introduced a consumer Extended Security Updates program (ESU). That consumer ESU offers a narrow, time-limited bridge: enrolled devices running Windows 10, version 22H2 will receive only critical and important security updates through October 13, 2026—not feature updates, not general fixes, and not technical support. There are three enrollment paths, and one of them provides no-cost coverage for consumers who sign in and remain signed in to their device with a Microsoft Account.

What Microsoft is offering — the facts you need to know​

  • End of standard support: Windows 10 mainstream updates and technical support ended on October 14, 2025.
  • Consumer ESU coverage window: ESU coverage for enrolled consumer devices runs through October 13, 2026.
  • Enrollment options: Consumers may enroll via one of three routes:
  • Free if you sign into your Windows 10 device and enroll while the device is linked to your Microsoft Account (you must stay signed in to keep receiving ESU updates).
  • One-time paid purchase (roughly $30 USD per account/device group) if you prefer to keep using a local account.
  • Redeem Microsoft Rewards points (1,000 points) as an alternative enrollment method.
  • Eligibility: Devices must be running Windows 10, version 22H2 and be up to date with the latest servicing stack and cumulative updates before enrollment.
These are not optional details: they change who will continue to receive security updates and who will be left without patches. Microsoft’s own documentation is explicit that the free route requires an active Microsoft Account login on the PC used to enroll.

Why the “one crucial change” matters: real security consequences​

When Microsoft stops delivering security patches, any newly discovered vulnerabilities in Windows 10 will go unpatched for that platform. Over time, that leaves unpatched devices increasingly vulnerable to malware, ransomware, credential theft, lateral movement attacks, and other threats that exploit OS-level bugs. The practical effect is straightforward: the longer a device remains unpatched, the larger the attack surface and the greater the risk to personal data, credentials, and networked resources. Microsoft itself warns that without updates, "your PC will be at a greater risk for viruses and malware." Security teams and threat actors both monitor end-of-life software closely. Historically, attackers scan for unpatched versions of widely used software because exploit development yields outsized returns when large user populations remain on unsupported builds. In short: unsupported Windows 10 devices are attractive targets. Independent reporting and security commentary have repeatedly emphasised the same point—ESU is a stopgap, not a long-term fix.

What “sign in with a Microsoft Account” actually means for ESU​

Microsoft’s consumer ESU design ties the no-cost enrollment option to the user's Microsoft Account (MSA). Practically:
  • The Microsoft Account you use to enroll will be linked to the device and must remain the account you use to sign in to that device. If you stop signing in with that account for an extended period (Microsoft states up to 60 days as a possible threshold), ESU updates may be discontinued for that device until you re-enroll.
  • If you prefer to use a local Windows account (no MSA sign-in), you can still get ESU but only by making the one-time $30 purchase (or using Microsoft Rewards). The purchase process itself requires a Microsoft Account for enrollment.
This is the practical trade-off: free patches in exchange for staying tied to an MSA on the device, or a paid option for local-account users. Security-conscious users who avoid cloud-linked account models will need to weigh convenience against their privacy preferences. Independent coverage and commentary noted that this requirement is likely to frustrate some privacy-minded or locally-managed households.

How to check eligibility and enroll (step-by-step)​

  • Confirm your Windows 10 version: go to Settings > System > About and check "Windows specifications" — you must be on Windows 10, version 22H2 to enroll in consumer ESU.
  • Keep Windows up to date: install the latest servicing stack and cumulative updates via Settings > Update & Security > Windows Update. Devices must be fully patched before ESU enrollment will be offered.
  • To enroll free via Microsoft Account: sign in to Windows with your Microsoft Account and then go to Settings > Update & Security > Windows Update; if eligible you'll see an "Enroll now" prompt that starts the ESU enrollment flow.
  • If you use a local account and want ESU without switching to MSA, choose the one-time purchase flow when prompted; the system will require a Microsoft Account for the transaction but will let you continue to use a local account afterward.
  • Verify ESU is active: after enrollment, check Windows Update history and the ESU enrollment status in the Settings page; keep the device signed in to the enrolling Microsoft Account for uninterrupted coverage.
Those steps are based on Microsoft’s published enrollment instructions and on the rollout guidance the company published when launching the consumer ESU program.

Upgrade to Windows 11: what it costs (and what it requires)​

For many users, the most straightforward long-term path is an upgrade to Windows 11, which remains the supported client OS going forward. Windows 11 installation requires:
  • A compatible 64-bit CPU with two or more cores, 4 GB RAM minimum, 64 GB storage, and firmware that supports UEFI and Secure Boot. Critically, Microsoft requires a TPM 2.0 Trusted Platform Module on supported devices as part of the baseline hardware requirements.
These hardware rules mean a significant share of older PCs cannot be upgraded to Windows 11 without hardware changes. Tools such as Microsoft’s PC Health Check can quickly indicate whether a device meets the Windows 11 requirements; for machines that don’t, options include enabling TPM in UEFI (if available), installing a TPM module where supported, or purchasing a new PC. Independent reporting has covered the friction caused by TPM and CPU compatibility rules and documented how some users have been excluded from upgrades.

Alternatives if you can’t or won’t upgrade​

  • Keep Windows 10 but enroll in ESU (free via Microsoft Account or paid). Remember: ESU is a time-limited bridge, not a permanent solution.
  • Migrate to a different supported operating system: many home users successfully switch to Linux distributions (Ubuntu, Linux Mint, etc., or consider ChromeOS Flex for older hardware. These are viable options for users whose workloads don’t require Windows-only applications. Independent coverage suggests these are practical paths for some users.
  • Replace the PC with a Windows 11–compatible device. Microsoft and third-party retailers offer trade-in and recycling programs to offset replacement costs. Microsoft explicitly highlights trade-in and recycling as transition aids.
Each alternative comes with trade-offs in app compatibility, learning curve, and management overhead. ESU preserves Windows compatibility the longest but only until October 13, 2026.

Real-world caveats and things Microsoft’s messaging doesn’t emphasize​

  • ESU is security-only. It does not include feature updates, non-security fixes, or phone/online technical support. That means bugs that aren’t classified as security issues will remain unresolved. This distinction is important for users who rely on apps or device drivers that may require vendor updates.
  • Edge and some apps have separate lifecycles. Microsoft has said that Microsoft Edge (and WebView2 runtime) will continue to receive updates beyond Windows 10’s end of support (into 2028), but that does not substitute for OS-level patches. Similarly, Microsoft 365 security updates for Office apps on Windows 10 have separate timelines. These continuations mitigate some risk but do not make an unsupported OS safe.
  • Account and privacy trade-offs. The free ESU route requires a Microsoft Account sign-in. For some users, that linkage to a cloud identity and telemetry tradeoffs may be unacceptable. Microsoft provides a paid local-account route, but it costs money—and still requires a Microsoft Account to complete purchase and enrollment. Independent reporting confirms friction and annoyance among privacy-minded users.
  • Enrollment windows and timing. You can enroll in ESU any time until October 13, 2026, but the later you enroll the longer your device will remain exposed while waiting for the first ESU patch. Delayed enrollment does not recover earlier gaps in patching.
If any media reports suggest ESU is “automatic” for all Windows 10 machines or that everyone will keep getting updates without action, that is not accurate. The free ESU path is conditional and must be activated through the device with a Microsoft Account.

Recommended immediate action checklist (clear, practical steps)​

  • Check your Windows version now. Settings > System > About — confirm you are on Windows 10 version 22H2. If not, update immediately to the latest cumulative update.
  • Decide whether to enroll in ESU or upgrade. If your device can run Windows 11 and you want a long-term supported OS, plan an upgrade. If not, enroll in ESU as an interim safety measure.
  • If choosing ESU, sign in with your Microsoft Account and enroll via Settings > Update & Security > Windows Update > Enroll now. Keep that account active on the device to avoid losing updates.
  • Back up your data before any major OS change. Use Windows Backup, a disk image, or cloud backup. If you plan hardware changes (TPM module, new PC), a verified backup avoids data loss.
  • If staying on Windows 10 without ESU, adopt compensating controls: a modern antivirus with EDR-like features, strict browser hygiene, limited administrative use, network segmentation, and regular offline backups. These reduce but do not eliminate the risk from unpatched OS vulnerabilities.

Enterprise context and longer-term support differences​

Enterprises traditionally had access to ESU programs with multi-year options and price tiers for Windows 7, 8.1, and Windows 10 in the past. Microsoft’s enterprise ESU offerings differ in structure and duration and are priced per device or per core—those commercial channels remain available for organizations that need extended timelines beyond the consumer one-year bridge. For consumer-focused guidance, Microsoft’s single-year consumer ESU is the specific option described here.

Risk analysis: strengths and limits of Microsoft’s ESU approach​

Strengths:
  • Practical bridge: ESU gives users time to plan upgrades, buy compatible hardware, or migrate OSes without immediately losing security updates. That reduces immediate exposure for users who can’t upgrade the hardware.
  • Flexible enrollment: Free path for Microsoft Account users and a paid path for local account users gives consumers choice. Redeeming Rewards is an unusual, low-friction alternative.
Limits and risks:
  • Time-limited and narrow: ESU is only a one-year bridge and only covers Critical and Important security updates. It is not a sustainable long-term strategy.
  • Privacy and account trade-offs: The free route ties update entitlement to a Microsoft Account sign-in, which some users consider a meaningful privacy trade-off.
  • False sense of security: Users who enroll may assume full support continues; in reality, driver, firmware, and third-party app support will increasingly lag, and new features or non-security bug fixes will not be provided.
Where possible, the recommended posture is to treat ESU as a tactical, not strategic, option: buy time and move systems to a supported baseline rather than use ESU as a stopgap indefinitely.

Final verdict: the one crucial change and why it’s urgent​

The single most effective action most consumers can take right now to cut exposure is to activate ESU for their Windows 10 devices immediately—and the least friction route for many will be to sign in and remain signed in with a Microsoft Account to receive one year of free security updates through October 13, 2026. For users who object to account linkage or who require long-term protection, the alternative is to pay the one-time ESU fee or upgrade to Windows 11 (if hardware permits) or migrate to another supported OS.
All these steps should be taken with short timelines in mind. The later a device remains unpatched, the more attractive it becomes to attackers, and the more urgent the remediation will be. Microsoft’s official lifecycle pages and the ESU enrollment guidance are the definitive references for the mechanics, eligibility and dates—users should consult those pages when implementing any of the options described here.
Microsoft’s consumer ESU is a pragmatic, limited concession: it buys time but does not restore Windows 10 to a supported status indefinitely. For households and solo users, the practical advice is simple: verify your Windows 10 edition and version, decide between ESU or upgrade, and act now rather than later—because when the OS is no longer receiving regular patches, the safest course is to be on software that still does.
Source: Daily Express US Microsoft Windows users urged to make crucial change to their computer
 

Click to expand...
Microsoft’s public warning is blunt: running Windows 10 after its vendor support ends is a growing security liability, and for many home users the single, crucial change they must make is to either move to a supported operating system or enroll in Microsoft’s short-term Extended Security Updates (ESU) program — a program whose no-cost route requires signing in and staying signed in with a Microsoft account.

A Windows 11 desktop shows a Windows 10 End of Support alert on the monitor.Background / Overview​

Microsoft set a firm lifecycle deadline for Windows 10: October 14, 2025 is the official end-of-support date. After that date Microsoft stopped issuing routine security updates, quality patches, and standard technical assistance for most consumer Windows 10 editions. That change does not instantly “break” Windows 10 devices, but it does remove the vendor patch stream that fixes newly discovered vulnerabilities — and, therefore, raises the attack surface for anyone still running the platform without additional protections. To soften the transition for consumers who cannot immediately upgrade, Microsoft published a narrowly scoped consumer Extended Security Updates (ESU) program that provides security-only updates through October 13, 2026 for eligible Windows 10 devices. The ESU pathway is explicitly a one-year bridge and not a long-term substitute for a maintained OS. Microsoft’s consumer ESU enrollment includes a no-cost path that depends on a Microsoft Account and cloud backup, a Microsoft Rewards route, and a one-time paid option. The Mirror’s coverage distilled this into an urgent user-facing prompt: switch to Windows 11 where possible, or enroll in ESU — otherwise your PC will be progressively more exposed to malware and ransomware as new vulnerabilities are discovered. That practical warning is widely echoed by security practitioners and consumer groups.

What “end of support” actually means — the practical change for users​

  • Microsoft will no longer provide routine security updates or feature/quality updates for Windows 10 after October 14, 2025. Systems will continue to boot and run, but newly discovered OS-level vulnerabilities will not be patched for machines that are not enrolled in ESU or another paid support program.
  • Some components have separate servicing timelines (for example, Microsoft Defender signature updates and certain Microsoft 365 app security updates), but application-level servicing is not a substitute for OS kernel, driver, and platform patches. Running an unpatched kernel remains a significant exposure.
  • The most practical consequence: the longer a device remains unpatched, the more likely attackers will find and weaponize vulnerabilities that apply to that system. Historical outbreaks and security research consistently show that unsupported platforms are preferred targets for automated scanning, exploit kits, and ransomware campaigns.

The Windows 10 Consumer ESU program — what it is and how it works​

What ESU covers (and what it does not)​

  • ESU delivers Critical and Important security updates for eligible Windows 10, version 22H2 devices.
  • ESU does not provide feature updates, broad technical support, or non-security fixes. It is explicitly a migration aid — a time-limited patch stream to reduce immediate risk while users move to a supported OS.

Who is eligible​

  • Devices must be running Windows 10, version 22H2 and have the required servicing stack and cumulative updates installed before enrollment.
  • Consumer ESU is intended for individual/home users, not for domain-joined enterprise fleets (those have separate commercial ESU programs accessible via volume licensing).

Enrollment paths for consumers​

Microsoft published three consumer enrollment routes that yield the same ESU entitlement through October 13, 2026:
  • Free cloud-backed route — Sign in to the eligible PC using a Microsoft account (MSA) and enable Windows Backup/Settings sync. If the device remains signed in with that MSA, ESU updates will be delivered at no additional cash cost.
  • Microsoft Rewards redemption — Redeem 1,000 Microsoft Rewards points for a one-year ESU entitlement.
  • One-time paid purchase — A one-time payment (widely reported at roughly $30 USD or local equivalent, plus tax) can purchase ESU coverage; this option still requires a Microsoft account to enroll, but lets the user continue to use a local Windows account after purchase.
Important behavioral caveat: Microsoft’s free path ties ESU entitlement to the Microsoft Account used to enroll; if you stop signing in to that device with the same account for an extended period (Microsoft mentions a grace window up to 60 days), ESU updates may stop until you re-enroll. That design intentionally nudges users toward account-linked devices.

Why security experts are urging the “one crucial change” — upgrade or enroll now​

  • New vulnerabilities are discovered continually. Vendors patch supported platforms; attackers analyze those patches (patch-diffing) to find exploitable code paths that often also affect older, unpatched systems. Over time this makes unsupported machines an easy win for attackers.
  • Ransomware and large-scale malware actors prioritize targets with known, unpatched flaws. An unpatched Windows 10 PC connected to a home or corporate network can serve as a beachhead for lateral movement and credential harvesting.
  • Compliance and insurance frameworks sometimes require supported software. Running out-of-support systems may jeopardize coverage and regulatory compliance for small businesses and contractors.
  • Consumer advocacy groups and independent outlets warned that forcing a migration without more extended relief could increase systemic risk for households and public services; the consumer ESU is a partial mitigation, not a permanent solution.

The upgrade path: move to Windows 11 (the supported route)​

Microsoft’s recommended long-term path is to upgrade eligible machines to Windows 11, which remains under active support. Key points:
  • Windows 11’s minimum hardware baseline includes TPM 2.0, UEFI Secure Boot, a 64-bit processor with specified CPU families, 4 GB RAM and 64 GB storage as the minimums. These hardware gates exclude a substantial number of older but otherwise functional Windows 10 PCs.
  • Microsoft offers a free in-place upgrade to Windows 11 for eligible Windows 10 devices (must be on version 22H2 and meet hardware checks). The PC Health Check app can verify compatibility, and Windows Update may present an upgrade notification to qualifying devices.
  • Where hardware cannot be upgraded (for example, missing TPM 2.0 or an unsupported CPU), users face choices: purchase new Windows 11-capable hardware, enable ESU for one year, or transition the machine to an alternative OS (ChromeOS Flex, mainstream Linux distributions) for continued security updates.

Step-by-step: how to check eligibility and enroll in consumer ESU​

These are the typical steps reported by Microsoft and independent coverage. Follow Microsoft’s in-settings prompts and enrollment flow; prerequisites must be satisfied first.
  • Confirm your Windows 10 version: Settings → System → About, and verify you are on Windows 10, version 22H2.
  • Install any pending cumulative and servicing-stack updates: Settings → Update & Security → Windows Update, then Check for updates and reboot until the system reports fully updated. Devices must be fully patched before the ESU enrollment wizard will appear.
  • If you want the no-cost ESU route, sign in to Windows with your Microsoft Account (MSA) and enable Windows Backup / sync settings to OneDrive. Once the device is associated with the account, the Settings > Update & Security > Windows Update page should present an “Enroll now” prompt when eligibility is met.
  • If you prefer not to sign in with an MSA, choose the paid one-time purchase option when prompted (the purchase flow still requires a Microsoft account for enrollment). Alternatively, redeem 1,000 Microsoft Rewards points for ESU.
Note: these steps are the consumer-facing flow Microsoft published; enrollment availability and UI wording can vary by region and may be updated by Microsoft. If the enrollment prompt does not appear, verify Windows is fully updated and that the device meets the version and edition prerequisites.

Strengths of Microsoft’s approach — practical benefits​

  • The consumer ESU gives a short, vendor-supported lifeline that reduces immediate risk for households that cannot upgrade hardware or complete a migration. It buys planning time without forcing an immediate device purchase.
  • Tying the free route to a Microsoft Account and cloud backup reduces friction for many users who already sign in with MSAs and use OneDrive; for that cohort, ESU can be claimed with minimal effort.
  • Microsoft continues to support certain critical components (e.g., Microsoft Defender definitions and some Microsoft 365 app security updates) on staggered timelines, which helps preserve baseline protections for a while even on unsupported devices. However, those protections are complementary, not substitutive, of OS patches.

Risks, trade-offs, and the privacy question​

  • The free ESU path’s reliance on a Microsoft Account raises privacy and choice concerns for users who prefer local Windows accounts and minimal cloud linkage. While Microsoft offers a paid local-account option, the enrollment process still requires a Microsoft Account to complete the purchase, which undercuts the ability to remain entirely local. This change has drawn criticism from privacy-minded users and consumer advocates.
  • ESU is time-limited. Any user choosing ESU must treat it as a one-year migration window, not a permanent fix. Relying on ESU beyond October 13, 2026 will leave devices unpatched and exposed.
  • The $30 one-time price point reported by multiple outlets is low compared with enterprise ESU pricing, but it still represents an extra cost and an account trade-off for privacy-conscious users. Additionally, the price and mechanics are regionally variable and should be verified in your locale during enrollment.
  • Hardware gating for Windows 11 (TPM 2.0, Secure Boot, supported CPU list) forces an uncomfortable migratory choice for owners of otherwise usable laptops and desktops. This has environmental implications (e-waste) and financial pressure on lower-income households and small organizations. Consumer advocacy groups have criticized the limited relief and asked for more flexible, privacy-respecting support paths.

Practical recommendations for Windows 10 users (clear, prioritized)​

  • Determine your status now
  • Check your Windows 10 version (Settings → System → About). If you’re not on 22H2, install updates now; only 22H2 devices are eligible for consumer ESU.
  • If your PC can run Windows 11, upgrade
  • Use the PC Health Check to confirm Windows 11 compatibility and take the free upgrade path if available. Upgrading to a supported OS is the most durable way to stay protected.
  • If you cannot upgrade immediately, enroll in ESU
  • For most home users, the fastest no-cost approach is to sign in with a Microsoft Account and enable Windows Backup/Settings sync; otherwise, redeem Microsoft Rewards points or use the one-time paid option to obtain ESU coverage through October 13, 2026. Treat ESU as temporary insurance, not a final state.
  • Harden your environment regardless
  • Use reputable endpoint protection, enable full-disk encryption, keep browsers and apps updated, and consider using a limited-privilege user account for day-to-day work. For devices that must remain on Windows 10 but cannot be fully patched, consider isolating them from sensitive networks or taking them offline when not needed.
  • Plan for hardware or OS replacement
  • If hardware is the blocker, budget for a Windows 11-capable replacement, or evaluate secure alternatives like ChromeOS Flex or mainstream Linux distributions that continue to receive updates on older hardware. Trade-in and recycling routes can reduce cost and environmental impact.

What to watch for: enrollment gotchas and verification steps​

  • Confirm the ESU prompt appears only after the device is fully patched and on the correct version; if it isn’t visible, check Windows Update for preparatory servicing stack updates.
  • If you choose the free Microsoft Account route, ensure you remain signed in to the same account on the device; prolonged sign-out periods may pause ESU updates until you re-enroll. Microsoft has documented a grace period but expects continued sign-in for entitlement continuity.
  • If you opt for the paid license, retain proof of purchase and the Microsoft Account details used for enrollment; these will be the keys to re-enrollment or device-to-account mapping if you rebuild or replace the hardware.
  • Beware of scams: malicious actors often capitalize on end-of-life messaging with fake “support” offers, rogue installers, or deceptive pop-ups. Always enroll through Windows Settings and official Microsoft flows rather than clicking on unsolicited links or paying third parties.

Conclusion — a clear, balanced verdict​

The Mirror’s headline — urging a “crucial change” — is accurate in substance: Windows 10 end of support is a genuine security inflection point, and users should not treat it as mere calendar noise. Microsoft’s consumer ESU provides a legitimate, short-term safety net, and its no-cost path for home users tied to a Microsoft Account makes that lifeline accessible to many. At the same time, ESU is temporary, ties into account and privacy trade-offs, and cannot substitute for a long-term migration to a supported platform.
For most users the right course is straightforward and immediate: verify your Windows 10 version, install pending updates, then either upgrade to Windows 11 if eligible or enroll in ESU while planning a permanent move. Treat ESU as one year of breathing room — not a destination — and keep your security posture hardened while you migrate.
If you have multiple devices, perform a small pilot: confirm ESU enrollment works for one machine, document the account and enrollment steps, and then scale to the rest of your household or fleet. That way you avoid last-minute surprises and reduce risk while you transition to a supported operating environment.
Source: The Mirror US Microsoft Windows users urged to make crucial change or risk being 'exposed'
 

Blue Windows-themed screen featuring an ESU shield and an October 13, 2026 calendar reminder.
Microsoft quietly opened a narrow lifeline that lets many Windows 10 PCs keep receiving vendor-signed security patches through October 13, 2026 — and for most home users that one-year extension can be claimed for free by enrolling with a Microsoft account or redeeming Microsoft Rewards points.

Background / Overview​

After a decade of updates and broad deployment, Windows 10 reached its official end-of-support date on October 14, 2025. That formal lifecycle cutoff removed the routine, free stream of monthly cumulative updates, quality fixes, and feature servicing for consumer editions — which left millions of PCs at increased security risk if they stayed connected and unpatched. Microsoft responded with a targeted, time-limited program: the Windows 10 Consumer Extended Security Updates (ESU). The consumer ESU is explicitly a one-year, security-only bridge that runs through October 13, 2026 for enrolled devices. This program is intentionally narrow: ESU supplies only security updates classified by Microsoft as Critical and Important (no feature updates, no broad non-security quality fixes, and limited technical support). The consumer ESU is different from the multi-year, higher-cost commercial ESU that enterprises can buy through volume licensing channels. The commercial offering is priced per device and increases each year to encourage migration.

What changed — the essentials you need to know​

  • Coverage window: Security-only updates for enrolled consumer Windows 10 devices are available through October 13, 2026.
  • Eligible editions: Windows 10, version 22H2 — Home, Pro, Pro Education, and Pro for Workstations — with the latest servicing updates installed.
  • How to get them (consumer options):
    • Free if you sign in with a Microsoft account and enable Windows Backup / settings sync (the in-product “Enroll now” flow maps the ESU entitlement to your Microsoft account).
    • Free by redeeming 1,000 Microsoft Rewards points for the ESU entitlement.
    • Paid one-time purchase (reported around $30 USD or local equivalent) that allows devices to keep using a local account after purchase. The paid option still requires associating the license with an MSA at enrollment.
  • Business / Enterprise: Commercial ESU is available via Volume Licensing; Year One commercial pricing is documented at $61 USD per device, and pricing doubles each consecutive year for up to three years. That commercial schedule should be treated as a short-term bridge only.
Multiple independent reports and in-product tests confirmed these mechanics and the rollout behaviour. The ESU enrollment appears in Settings → Update & Security → Windows Update as an “Enroll now” link when a device meets the prerequisites and has the required preparatory updates installed.

Who is eligible — the checklist​

Before attempting to enroll, confirm these technical and account prerequisites:
  • Device runs Windows 10, version 22H2 (check Settings → System → About or run winver).
  • All pending cumulative updates and the latest servicing stack updates are installed. Microsoft pushed preparatory fixes before enrollment was widely rolled out; ensure Windows Update shows no pending items.
  • You must be signed in to the device using an administrator account. The ESU entitlement is associated with the Microsoft account that you use to enroll (or the account that redeems Rewards or purchases the one-time license). Child-managed Microsoft accounts are not eligible.
  • Device must not be domain-joined, or enrolled into Microsoft Entra (managed Entra join) or MDM — those devices must use the commercial ESU channel. Enrolling a consumer ESU on a device that later joins a commercial domain or MDM may suspend the consumer ESU entitlement.
If your device meets those criteria, the in-product wizard should appear. Microsoft rolled the enrollment UI out in phases and initially to Windows Insiders before the broad release; if you don’t see the “Enroll now” link, install any outstanding updates and wait up to 24 hours for the staged rollout to reach your device.

How to enroll — step-by-step (consumer flow)​

If you want to claim the free one-year ESU entitlement, here’s the tested sequence that will work for most home PCs.
  1. Confirm version and update status:
    1. Open Settings → System → About and confirm Version 22H2.
    2. Go to Settings → Update & Security → Windows Update and install all recommended updates until Windows reports “Your device is up to date.” Reboot if prompted.
  2. Sign in as an administrator:
    • If you’re currently using a local account, be prepared to sign in with a Microsoft account during the enrollment process (the free route requires an MSA). If you already use an MSA on the device (for example, for OneDrive or Windows Backup), the process is typically faster.
  3. Open the ESU enrollment wizard:
    • Settings → Update & Security → Windows Update. If your device meets prerequisites, you’ll see an “Enroll now” link. Click it to start the wizard.
  4. Choose your enrollment option:
    • Enable Windows Backup / Sync settings (free): follow the prompts to enable the account-backed backup; Microsoft will associate the ESU entitlement with your MSA.
    • Redeem 1,000 Microsoft Rewards points (free): if you already have enough points, select this option. Redemption happens through your Microsoft account.
    • Pay $30 (one-time): pay the fee with the Microsoft account to enroll and continue using a local account if you prefer not to remain signed in after enrollment.
  5. Verify enrollment:
    • After enrollment completes, Windows Update will continue to offer ESU security patches when Microsoft releases them. The enrollment status is tied to the device and the Microsoft account used. You may sign out of the MSA afterward on the device if you used the one-time purchase route (the free route generally expects periodic sign-ins to maintain entitlement).

Europe (EEA) exception — what’s different​

Microsoft made a notable regional exception for users in the European Economic Area (EEA): customers in the 30 EEA countries qualify for ESU without the same account-bound prerequisites in certain cases, or with a simplified periodic check-in requirement. Microsoft updated enrollment terms for the EEA following regulatory pressures, enabling free ESU enrollment with fewer strings attached for qualifying European customers. Independent reporting flagged this divergence and noted a 60-day sign-in cadence in some EEA guidance to retain entitlement. If you’re in Europe, check the Windows Update enrollment flow on your device — the messaging and requirements may be more permissive.

Practical caveats and privacy / storage trade-offs​

The free enrollment routes are real and effective for most home users, but there are important trade-offs and pitfalls to understand.
  • OneDrive storage limits: The Windows Backup / Sync settings option stores settings (and optionally some files) in OneDrive. OneDrive’s free tier is 5 GB; if the wizard offers to copy personal folders and you have a large profile, you can quickly exhaust free storage and face an unexpected cost or failed backup. Avoid signing into OneDrive for large-file backups during enrollment, or ensure you have an adequate OneDrive plan.
  • Microsoft account requirements: The free option ties ESU entitlement to a Microsoft account. If you avoid online accounts for privacy reasons, you can still pay the one-time fee, but enrollment requires an account interaction (the license is associated with the MSA used to purchase it). Microsoft explicitly disallows child accounts.
  • Rewards redemption reality: Redeeming 1,000 Microsoft Rewards points is an alternative free path, but accumulating those points may require using Bing/Edge and completing daily tasks or quizzes. For users starting from zero, the time investment might be nontrivial; for Edge/Bing users who already accumulate points, it can be the fastest cash-free route. Expect the Rewards economy to change over time; the redemption option was documented by Microsoft at launch.
  • Not a long-term fix: ESU is a bridge, not a destination. After October 13, 2026 the consumer ESU ends; enterprise ESU can extend coverage up to three years but at growing per-device cost. Households should use the ESU year to plan migration to Windows 11, purchase a replacement device, or move to an alternate supported platform (for example, ChromeOS Flex or a mainstream Linux distribution for many use cases).

Business and enterprise — higher cost and different channels​

Commercial customers and organizations must use Microsoft’s volume-licensing ESU channels. Pricing for commercial ESU is materially higher and structured to escalate year-over-year:
  • Year 1 (Nov 2025 – Oct 2026): $61 USD per device.
  • Year 2: price doubles (approximately $122 USD per device).
  • Year 3: price doubles again (approximately $244 USD per device).
ESU purchases for organizations are cumulative (if you buy Year 2 only, you must also license Year 1 retroactively). Microsoft provides separate provisioning mechanisms and activation keys through Volume Licensing or CSP partners. For organizations, that cost curve is intended as a migration incentive — not a long-term licensing strategy.

Security analysis — what ESU does and does not protect​

  • What ESU gives you: vendor-signed fixes for Critical and Important vulnerabilities identified by Microsoft’s Security Response Center. Those patches close the same classes of kernel, driver and platform vulnerabilities that attackers weaponize. Having Microsoft-issued security patches for another year substantially reduces the immediate attack surface for many common threats.
  • What ESU does not fix: ESU does not restore feature updates, non-security quality rollups, or the broader tech-support experience that comes with a fully supported OS. Some future Defender or platform-integrated mitigations may not be backported to Windows 10, and certain modern security capabilities that depend on Windows 11 platform features will not appear on Windows 10. In short, antivirus + ESU ≠ full parity with a current OS.
  • Time and risk: the protection ESU provides is valuable but time-limited. Attackers increasingly target large pools of older or unpatched systems; the longer a device remains on an unsupported path after October 13, 2026, the greater the risk of successful exploitation. Treat ESU as breathing room for migration — and not permission to postpone upgrade planning.

If you don’t qualify or don’t want ESU — alternatives and next steps​

  • Upgrade to Windows 11 if your hardware supports it (TPM 2.0, Secure Boot, supported CPU families). Microsoft still offers free in-place upgrades where hardware checks pass.
  • Buy a new Windows 11 PC if your existing device is incompatible or too old; modern devices include enhanced security facilities and futureproofing.
  • Consider ChromeOS Flex or Linux for repurposing older hardware. Many Linux distributions and ChromeOS Flex run well on older machines and receive ongoing security updates from active projects. This path demands compatibility testing for peripherals and applications, but it is a viable low-cost alternative for many workflows.
  • Harden and isolate the Windows 10 machine if you cannot migrate immediately: remove admin credentials from daily use, restrict access to sensitive accounts on other devices, keep browsers and third-party apps up to date, enable strong endpoint protection, and limit network exposure. This is a risk-reduction strategy, not a substitute for OS patches.

Troubleshooting the enrollment wizard (common snags)​

  • If “Enroll now” doesn’t appear, confirm you’re on Windows 10 version 22H2 and have installed all pending cumulative and servicing stack updates. Some users needed a specific preparatory KB to fix enrollment glitches. The rollout was staged, so patience may be required.
  • Registry hacks and unofficial workarounds are unreliable and can be risky; do not apply community “force-enroll” tricks unless you understand the implications. Use official Windows Update + Settings flow or contact Microsoft support.
  • If you enrolled via the free backup route but later stop signing in with the same Microsoft account, ESU updates may stop after a grace period (Microsoft documents a retention window up to 60 days before entitlement is suspended). Re-enroll if necessary.

Recommended plan for home users — a practical timeline​

  1. Immediately: Confirm Windows version (22H2) and install all pending updates; enroll in ESU if your PC is incompatible with Windows 11 and you need more time. Use the free MSA + Windows Backup path or redeem Rewards if you prefer not to pay.
  2. Short-term (next 3–6 months): Inventory apps and peripherals; test a Windows 11 upgrade on a secondary partition or create a migration plan to a new device. Backup all personal data and create full disk images before attempting major changes.
  3. Long-term (before Oct 13, 2026): Migrate to Windows 11, purchase replacement hardware, or transition to an alternative supported OS. Treat the ESU year as an operational runway — don’t rely on it as a permanent solution.

Final verdict — strengths and risks​

Microsoft’s consumer ESU program is a pragmatic and well-scoped concession: it gives many households usable time to migrate, and the inclusion of no-cost enrollment routes (Windows Backup sync and Microsoft Rewards redemption) reduces economic friction for home users. The program’s strengths are real: low friction in-product enrollment, a one-year window to plan migration, and clear eligibility rules for consumer devices.
However, the caveats are consequential. ESU is explicitly temporary and security-only; it introduces account linkage and potential OneDrive storage trade-offs for users who choose the free route; and enterprise-grade support is expensive and intended for short-term use. Consumers who treat ESU as a permanent fix will face unsupported systems and rising security risk after October 13, 2026. For organizations, the multi-year commercial ESU pricing escalates sharply and is not a substitute for a migration plan.
Microsoft documented the consumer ESU program and the enrollment mechanics in their ESU support pages, and independent reporting corroborated the free enrollment options and the EEA-specific adjustments — so these are verifiable, operational facts you can rely on when deciding how to protect an aging Windows 10 PC through October 2026. Plan deliberately, enroll if you need time, and use the ESU year to move to a supported platform — ESU buys breathing room, not forever.
Source: ZDNET How to get free Windows 10 security patches on your PC - from now to October 2026
 

You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
Windows 10 ESU Guide: Security Updates After End of Support
Replies
0
Views
32
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 1507 End of Support: ESU Bridge and Migration Paths
Replies
0
Views
22
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 End of Support: Practical Steps to Stay Safe with ESU and Defender
Replies
1
Views
32
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 End of Support 2025: What ESU Means for Updates and Security
Replies
0
Views
29
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 End of Support 2025: ESU Options and Migration Guide
Replies
4
Views
55
ChatGPT
ChatGPT
Back
Top