Windows 10 reached end of life in October 2025. If your business is still running it, you're operating on an unpatched, unsupported operating system. Here's your practical upgrade plan.
Windows 10 reached its official end of life on 14 October 2025. Microsoft has stopped releasing security updates for the operating system, which means any new vulnerabilities discovered from that date forward will not be patched. Devices running Windows 10 are now accumulating unaddressed security risk with every passing month.
If you’re reading this in 2026 and your business still has Windows 10 devices in service, you need a plan - and you need to execute it.
What “End of Life” Actually Means
End of life doesn’t mean Windows 10 stops working. It means:
- No more security patches. Vulnerabilities discovered after October 2025 will not receive fixes from Microsoft. Attackers actively exploit known vulnerabilities in end-of-life software.
- No more feature updates. The OS is frozen at its current state.
- Reduced application support. Software vendors will progressively drop support for Windows 10. Some enterprise software already requires Windows 11.
- Compliance implications. Many cyber security frameworks (including the ASD’s Essential Eight) require that operating systems be current and receive security patches. Running an end-of-life OS is a compliance failure that can affect your cyber insurance coverage.
Microsoft has offered Extended Security Updates (ESU) as a paid option for organisations that genuinely cannot upgrade immediately - but this is a stopgap, not a solution, and it’s not cheap.
Assessing Your Current Situation
Before planning your upgrade, you need to know what you’re dealing with. Run an audit of your device fleet:
How many devices are running Windows 10? Export this from your RMM (if you have managed IT), or query via PowerShell: Get-WmiObject Win32_OperatingSystem | Select-Object Caption, Version.
Which of those devices can run Windows 11? Windows 11 has specific hardware requirements that not all existing Windows 10 devices meet. The key requirements:
- 64-bit processor (1GHz or faster, with 2+ cores)
- 4GB RAM minimum (8GB practical minimum for good performance)
- 64GB storage minimum
- TPM 2.0 (Trusted Platform Module - this is the most common blocker)
- Secure Boot capable (UEFI firmware, not legacy BIOS)
Run Microsoft’s PC Health Check tool on each device to get a definitive compatibility assessment. Many devices manufactured before 2018 do not have TPM 2.0 and cannot be upgraded without hardware modification.
What’s the age of incompatible devices? A device that can’t run Windows 11 is likely 5–8+ years old. Even if it were technically possible to keep it running, ageing hardware is a reliability risk that compounds the security risk.
Your Three Upgrade Paths
Path 1: Upgrade Eligible Devices to Windows 11 In-Place
For devices that pass the Windows 11 hardware checks, an in-place upgrade is the lowest-disruption option. The upgrade preserves existing applications, user profiles, and data. It can be deployed centrally via Microsoft Endpoint Manager (Intune) or WSUS for managed environments.
In-place upgrades do carry risk - compatibility issues with older applications occasionally surface, and some driver updates are needed. Test on a sample of devices before rolling out broadly.
Timeline: for a managed environment with proper tooling, 30–50 devices can be upgraded in a weekend.
Path 2: Replace Ineligible Devices
Devices that can’t run Windows 11 need to be replaced. There’s no sensible alternative - continuing to run unpatched Windows 10 on hardware that’s already end-of-specification is doubling down on risk.
When replacing, consider:
New vs. refurbished. Windows 11 business laptops start at around $800–$1,000 new for entry-level business models (HP ProBook, Dell Latitude, Lenovo ThinkPad E-series). Reputable refurbishers of 12th-gen Intel or newer devices offer a meaningful cost saving for budget-constrained businesses.
Hardware standardisation. A refresh cycle is a good opportunity to standardise your fleet on fewer models, which simplifies support, spare parts, and driver management.
Autopilot deployment. If you’re using Microsoft 365 with Intune, Windows Autopilot allows new devices to be shipped directly to employees and self-configure with your business applications and security policies. Zero-touch provisioning saves significant IT time during a large refresh.
Path 3: Extended Security Updates (ESU) - a Bridge, Not a Destination
Microsoft’s ESU program for Windows 10 allows organisations to receive security patches beyond the October 2025 deadline - at a cost. Year 1 of ESU is priced at $61 USD per device; Year 2 doubles, and Year 3 doubles again.
ESU is appropriate as a bridge for specific scenarios: where a critical application is not yet Windows 11 compatible, or where a hardware replacement project is underway but not yet complete. It is not appropriate as a long-term strategy. The cost escalates rapidly, the underlying compliance exposure remains, and it’s money spent on extending a problem rather than solving it.
Building Your Upgrade Plan
Here’s a practical framework for getting this done:
Step 1: Complete your audit. Know how many devices you have, which are Windows 11-eligible, and which need replacement. This is the foundation everything else builds on.
Step 2: Classify by urgency. Devices handling sensitive data (accounting systems, customer records, HR files) should be prioritised. Devices with limited network access and low-sensitivity workloads can wait slightly longer.
Step 3: Budget. For devices needing replacement, budget $800–$1,500 per device depending on specs and whether you go new or refurbished. For in-place upgrades, the cost is IT labour only. ESU costs should be calculated and presented as a comparison against replacement cost to support the business case.
Step 4: Communicate with staff. An OS upgrade or device replacement affects everyone’s workflow. Give staff reasonable notice, clear timelines, and a contact for issues. Doing upgrades overnight or over a weekend minimises business disruption.
Step 5: Test applications. Before deploying Windows 11 broadly, test your critical business applications - accounting software, industry-specific tools, custom-built applications - on Windows 11. Most modern software is compatible, but older applications with legacy components can have issues.
Step 6: Execute and document. Update your asset register as each device is upgraded or replaced. Maintain records of new device serial numbers, warranty dates, and Windows 11 licence information.
What Happens If You Don’t Upgrade?
Running Windows 10 past end of life is not a theoretical risk. Attackers actively scan for and exploit vulnerabilities in end-of-life operating systems. The WannaCry ransomware attack in 2017 - which caused billions in damage globally - specifically targeted an unpatched Windows vulnerability. The pattern repeats with every end-of-life operating system.
Beyond the security risk, your cyber insurance policy likely requires you to maintain supported, patched operating systems. Running Windows 10 in 2026 may void your cover or result in a claim being denied following a breach. Review your policy’s specific language.
CX IT Services helps Melbourne businesses plan and execute Windows upgrade projects, from audit through to deployment and documentation. If you need to get your fleet onto Windows 11 and want expert support, we can help.
