top of page
Search

The Definitive SMB Guide to Microsoft ESU for Windows 10

ree

(Costs, Limits, and Risks as Support Ends in October 2025)

October 14, 2025 marked the official end of support for Windows 10. If your business still relies on Windows 10 PCs, Microsoft now offers a lifeline: Extended Security Updates (ESU)—but it comes with limits and costs.

At TEC Services Consulting, Inc., we’re helping businesses evaluate whether ESU is a short-term solution or a costly delay. This guide breaks down exactly what ESU provides, how to get it, and when to avoid it altogether.

What Is Microsoft ESU for Windows 10?

Extended Security Updates (ESU) provide critical and important security patches for Windows 10 after it officially reaches end of support on October 14, 2025. It does not include:

  • Feature updates

  • Non-security bug fixes

  • Microsoft technical support

  • New hardware compatibility

Microsoft offers up to three years of ESU coverage—ending October 14, 2028—for eligible systems running Windows 10, version 22H2.

Key Requirements

To receive ESU coverage, your devices must meet the following:

  • Running Windows 10, version 22H2

  • Licensed for Windows 10 Pro, Enterprise, or Education

  • Enrolled via Microsoft 365 Admin Center or through a Microsoft CSP (Cloud Solution Provider)

  • Internet-connected (for activation and patch delivery)

Activation instructions: Enable and deploy ESUs
TEC Tip: You can’t opt in mid-cycle. If you skip Year 1, you must still pay retroactively to access Year 2.

What Does ESU Cost?

Microsoft has confirmed ESU pricing for commercial users through CSPs and Microsoft 365:

Year

Windows 10 Pro (per device/year)

Windows 10 Enterprise (per device/year)

Year 1 (2025–2026)

$61

$45

Year 2 (2026–2027)

$122

$90

Year 3 (2027–2028)

$244

$180

Consumer ESU pricing (if offered) may differ, with Microsoft indicating a $30/year option for personal devices via the Microsoft Store, though full details are pending as of this writing.

How to Buy

1. Microsoft 365 Admin Center

For organizations already using Microsoft 365 Business Premium or E3/E5, you can purchase ESU directly via the admin portal.

2. Microsoft CSP Partner

For businesses not on M365—or those managing fewer than 300 seats—you can purchase ESUs through a certified CSP.

  • TEC Services can help with CSP enrollment and license management.

What You Do Get

✔ Monthly patches for critical and important vulnerabilities✔ Delivered via Windows Update, WSUS, or Endpoint Manager✔ Continued patch compliance for certain insurance and regulatory policies✔ Time to plan hardware refresh or app migration

What You Don’t Get

✘ No new features or performance improvements✘ No Microsoft support calls or troubleshooting✘ No support for new apps or hardware✘ No guarantee of cyber insurance compliance✘ No protection against rising costs in Year 2 and 3

What’s the Risk in Relying on ESU?

  • Costs add up fast. Over $400 per machine by Year 3.

  • Delays modernization. Devices won’t get the full benefit of Microsoft 365 or security tools like Defender for Business or Intune.

  • Security exposure. While you’ll get patches, these are limited to known vulnerabilities. Zero-day threats remain a concern.

  • Operational friction. ESU keys must be renewed yearly and managed across every eligible device.

TEC Tip: Consider ESU a safety net—not a plan. It’s designed to give you breathing room, not avoid Windows 11 forever.

When ESU Makes Sense

  • Critical apps can’t run on Windows 11 (yet)

  • Hardware refresh isn’t feasible before Oct 2025

  • You need more time to test new systems or complete training

  • You’re bound by regulations or contracts requiring support coverage

When to Avoid ESU

  • You’re already planning a Windows 11 rollout in the next 12 months

  • Your devices are over 3–4 years old

  • Your insurance or compliance requires current, supported operating systems

  • You want to take advantage of newer features like Copilot, Windows Hello for Business, or Autopilot provisioning

Action Plan for SMBs

✅ Audit all Windows 10 devices✅ Identify which are eligible for upgrade vs. replacement✅ Enroll qualifying devices in ESU only if needed✅ Budget for replacement over 6–12 months✅ Partner with a CSP to streamline license management

Bottom Line

ESU is a temporary bridge—not a long-term solution. For most SMBs, the smarter play is to refresh or upgrade to Windows 11 and use ESU only for legacy holdouts.

📩 Need help with device inventory, ESU enrollment, or building a Windows 11 roadmap? Contact TEC Services Consulting at info@tecsinc.com or call 630-305-7486.

We’ll help you plan your next move—before the clock runs out.

 
 
 

Recent Posts

See All

280 Shuman Blvd. #230

Naperville, Illinois 60563

(630)305-7486

TEC Services Logo

© 2021 TEC Services Consulting Inc. All rights reserved.

bottom of page