Windows 10 reached its end of support on 14 October 2025, but many organisations are already planning for Windows 10 end of support 2026 as they consider their next steps. Microsoft no longer provides free security updates for any Windows 10 device. If your business still has machines running Windows 10, you have three options: pay for Extended Security Updates (ESU) as a temporary measure, upgrade eligible machines to Windows 11, or replace hardware that cannot make the jump. Doing nothing means running unpatched systems that become more vulnerable with every month that passes.
What Extended Security Updates Actually Give You
ESU is a paid subscription that continues delivering critical and important security patches for Windows 10 devices after end of support. It does not include new features, design changes, or general technical support. It is a security-only stopgap.
Year 1 (October 2025 to October 2026) costs approximately £60 per device. Year 2 doubles to around £120 per device. In year 3 doubles again to around £240. You cannot skip years, so if you start in Year 2, you must pay for Year 1 as well. The total three-year cost per device reaches roughly £420.
Devices must be running Windows 10 version 22H2 to qualify. Earlier versions need updating before ESU can be activated.
ESU makes sense for businesses with a small number of devices that cannot yet be upgraded, typically because of legacy software dependencies or a hardware refresh cycle that extends into 2027. It buys time. It does not solve the underlying problem.
When Upgrading to Windows 11 Is the Right Move
If a device meets Windows 11’s hardware requirements, upgrading is free for licensed Windows 10 users and is the most cost-effective long-term option.
The key hardware requirements are a TPM 2.0 chip, Secure Boot capability, and a supported processor. Most business laptops and desktops purchased from 2019 onwards meet these requirements. Machines older than that typically do not.
To check your estate, run the Microsoft PC Health Check tool on each device or use a centralised tool like Intune to assess compatibility across all machines at once. This gives you a clear picture of how many devices can upgrade in place and how many cannot.
Upgrading in place preserves applications, files and settings. For most users, the transition is straightforward, but testing any specialist or line-of-business software against Windows 11 before rolling out across the team is worth the time.
When Replacement Is the Only Practical Option
If a device fails the Windows 11 compatibility check, particularly on the processor or TPM requirement, it cannot be upgraded. ESU extends its life temporarily, but you are paying £60+ per year per device for a machine that is already at the end of its useful life.
For devices over five years old, replacement is usually more cost-effective than ESU once you factor in declining performance, battery degradation, increased failure rates and the cumulative ESU cost. A new business laptop running Windows 11 Pro costs roughly £400 to £700 depending on specification.
Replacement does not have to happen all at once. A phased approach, replacing the oldest or most critical machines first and scheduling the rest across two or three quarters, spreads the cost and reduces disruption.
A Simple Decision Framework
For each Windows 10 device in your business, ask three questions.
Can it run Windows 11? Check hardware compatibility. If yes, schedule the upgrade. If no, move to the next question.
Does it run software that requires Windows 10? If yes, ESU buys time while you work with the software vendor on Windows 11 compatibility. If no, move to the next question.
Is the device less than four years old and performing well? If yes, ESU for one year while you plan a phased replacement may make sense. If no, replace it.
What Happens If You Do Nothing
After October 2026, ESU Year 1 expires and consumer devices stop receiving any patches at all. Businesses on the enterprise ESU programme can extend to October 2028, but at escalating cost.
Running unpatched Windows 10 devices creates real risk. New vulnerabilities discovered after your ESU coverage ends will not be fixed. Attackers specifically target end-of-life operating systems because they know patches are not coming. Cyber insurers ask about operating system currency during underwriting, and unpatched devices may affect your coverage.
The Windows Server 2016 end of support deadline in January 2027 creates a similar pressure point for server infrastructure. If your business has both ageing desktops and ageing servers, planning both transitions together is more efficient.
Get a Device Estate Audit
If you are not sure which devices can upgrade, which need replacing, and how to plan the rollout without disrupting your team, contact The Unite Group for a device estate audit. We will assess every machine, recommend the right path for each, handle procurement for any replacements, and deliver them configured and ready to use as part of your managed IT services.