Microsoft officially ended free support for Windows 10 on 14 October 2025. That doesn’t mean your Windows 10 laptops stopped working — they’ll keep booting and running apps. It does mean the operating system is no longer receiving security updates, which quietly turns every Windows 10 machine into a growing risk.

If your business still has Windows 10 in service, here’s what that actually means and what to do next.

What “end of life” actually changes

When Microsoft ends support for a Windows version, three things happen:

1. No more security updates. Any new vulnerabilities discovered in Windows 10 won’t be patched. Attackers know exactly when a platform goes out of support and actively look for unpatched end-of-life systems.

2. No more feature updates. Not critical in itself, but it means Windows 10 will slowly lose compatibility with new apps, new hardware, and new Microsoft 365 features.

3. No technical support from Microsoft. If something breaks, you’re on your own.

What doesn’t change: existing Windows 10 installations keep working. Microsoft doesn’t remotely disable your laptops. That’s why many businesses put off the upgrade — nothing obviously breaks on day one. The risk is cumulative and mostly invisible until an incident.

Your options

Option 1: Upgrade eligible devices to Windows 11

Most Windows 10 PCs from the last 4-5 years will run Windows 11 fine. Microsoft provides a free in-place upgrade for eligible devices.

The minimum requirements that typically rule a device out are:

8th-generation Intel or Ryzen 2000-series CPUs or newer
TPM 2.0 (a security chip most modern PCs have but often disabled in BIOS)
Secure Boot enabled
4GB RAM minimum (8GB or more recommended)
64GB storage

We can check which of your devices are eligible using Microsoft’s PC Health Check tool or Intune reports, if your fleet is managed.

Option 2: Replace ineligible devices

For devices that don’t meet Windows 11 requirements — typically 6+ years old — replacement is usually more cost-effective than upgrading. Battery life has degraded, performance is slow, and the cost of the upgrade work often exceeds the cost of the remaining life.

Budget for replacement on a rolling basis rather than all at once. A three-year refresh cycle spreads capital cost and keeps the fleet current.

Option 3: Pay Microsoft for Extended Security Updates (ESU)

Microsoft offers paid Extended Security Updates for Windows 10, pricing roughly doubles each year:

Year 1 (Oct 2025 - Oct 2026): ~$61 USD per device
Year 2: ~$122 USD per device
Year 3: ~$244 USD per device

ESU is a stopgap — designed to be painful enough that businesses migrate rather than extend indefinitely. For most SMBs it’s not a good long-term plan; the cumulative cost approaches new hardware.

For enterprise and healthcare clients with specific line-of-business apps that don’t yet support Windows 11, ESU has its place. For everyone else, use the time to actually migrate.

What a migration project looks like

For a typical 50-100 user business:

Discovery (1 week). Inventory every Windows 10 device, check Windows 11 eligibility, identify critical apps and verify Windows 11 compatibility.

Pilot (1-2 weeks). Upgrade a small group of devices across different roles. Confirm apps, printers, VPN and peripherals all work. Validate Intune / group policy / security tools post-upgrade.

Rollout (4-8 weeks). Phased upgrade of the fleet, typically grouped by department or by device age. Schedule upgrades at the device level, not all at once, so the service desk isn’t overwhelmed.

Hardware refresh (ongoing). Ineligible devices get replaced as budget allows, usually prioritising the oldest first.

Most businesses we support have already completed this migration. If yours hasn’t, the window is closing — Microsoft’s ESU pricing doubling each year is deliberately designed to make procrastination expensive.

What to avoid

Running Windows 10 indefinitely without ESU. Every month that passes after October 2025 adds unpatched vulnerabilities to the stack. Insurance policies and compliance frameworks increasingly require supported operating systems as a minimum control.

Upgrading without a plan. In-place upgrades on unprepared devices regularly break line-of-business apps, peripherals, or VPN clients. Pilot first.

Assuming Intune automatically upgrades. Intune can drive the upgrade, but you have to configure the policy. Unmanaged devices need manual intervention.

Ignoring the firmware side. Many eligible devices need a BIOS setting change (enable TPM 2.0 and Secure Boot) before the Windows 11 installer will proceed. This usually needs a tech to touch each device once.

The bottom line

Windows 10 end of life isn’t a crisis — it’s a migration project that should already be underway. The longer a business waits, the more expensive and urgent the fix becomes.

If you’re not sure where your fleet stands, we can run a quick audit: which devices are eligible to upgrade, which need replacement, which apps need verification, and what a realistic timeline and budget look like. Get in touch — it takes a couple of days and removes the biggest source of uncertainty.