Operational, Security, and Insurance Impacts of Operating Windows 10 Post End-of-Support

Shaun Struik
Jun 6
3 min read

Updated: Sep 10

Windows 10 will reach end-of-support (EOS) on 14 October 2025. After this date, Microsoft will cease providing free security updates, feature updates, and technical support for systems not enrolled in the Extended Security Updates (ESU) program. Windows 11, released on 5 October 2021, is now a mature platform offering modern security protections, broader hardware support, and native integration with cloud-based device management.

Operational Impacts

Continuing to operate Windows 10 beyond its EOS date introduces growing friction across IT operations, due to a global pivot by vendors towards Windows 11.

Application Drift: OEMs and ISVs are shifting development and optimisation exclusively to Windows 11, reducing compatibility and driver support for Windows 10.
Vendor Support Gaps: Many vendors will no longer support issues on an unsupported OS, delaying incident resolution or entirely removing escalation pathways.
Increased Overhead: Isolating, managing, and remediating unsupported Windows 10 endpoints becomes increasingly resource-intensive for IT teams.

Security Impacts

Operating an unsupported OS exposes organisations to increased cyber risk due to unpatched vulnerabilities and the lack of modern, hardware-rooted protections.

Unpatched CVEs: Unsupported systems are no longer protected against emerging threats.
Missing Protections: Unsupported Windows 10 builds lack TPM 2.0 enforcement, Virtualisation-Based Security (VBS), Credential Guard, and Pluton protections.
Compliance Risk: Non-alignment with standards such as ISO 27001, PCI-DSS, APRA CPS 234, and NIST CSF can result in audit failures or penalties.

Cyber Insurance Implications

Most cyber insurance policies require supported software, active patching, and secure configurations as a condition of coverage.

Unsupported OS Use May:

Void insurance claims
Result in higher premiums
Trigger exclusions for breach-related payouts

Minimum Requirements Now Include:

Use of vendor-supported operating systems
Formal patch management
Documented secure baseline configurations

Option: Extending Windows 10 Support via ESU

Organisations unable to complete their Windows 11 migration by October 2025 may subscribe to Microsoft’s Extended Security Updates (ESU) program, which provides security updates only (no features or technical support) through October 2028.

Cost Structure: Pricing doubles each year and is cumulative, meaning if you start in Year 3, you must pay for Years 1 and 2 retroactively.
Custom Support Agreements (CSA) may be available to large or regulated enterprises, subject to negotiation, higher cost, and Microsoft approval.

ESU Cost Table

Estimated ESU Costs per 1,000 Devices: Note: Enrolment in later years requires retroactive payment for all prior years.

Year	Per Device (USD)	Total (USD)	Cumulative (USD)	Cumulative AUD (est.)
Year 1 (2025-26)	$61	$61,000	$61,000	$91,500
Year 2 (2026-27)	$122	$122,000	$183,000	$274,500
Year 3 (2027-28)	$244	$244,000	$427,000	$640,500

Source: Microsoft ESU Documentation (https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates)

Why Windows 11

Windows 11 is designed for the secure, cloud-first enterprise. It supports zero trust architectures, hardware-based security, and modern device lifecycle management.

Security by Default: Built-in TPM 2.0, VBS, Pluton, Secure Boot, and Windows Hello.
Performance Improvements: Better battery life, optimised I/O, and task prioritisation.
Management: Deep integration with Intune, Autopilot, and Endpoint Analytics.
Support Longevity: Mainstream and extended support through at least 2031.

Windows 11 Readiness Assessment via Intune

Organisations can leverage Microsoft Intune or a custom script to assess device compatibility: Using Intune Endpoint Analytics:

Navigate to Intune Admin Centre → Endpoint Analytics
Go to Work from Anywhere → Windows 11 Readiness
View hardware eligibility by TPM, RAM, CPU, Secure Boot, etc.
Export reports for remediation and planning.

Using PowerShell (for environments without Endpoint Analytics):

Deploy readiness evaluation via script.
Export results to CSV for integration with ITSM tools or automation workflows.

Third-Party Support Risks on Windows 10 Post-EOL

Even with Microsoft’s ESU coverage, most third-party vendors align support policies with Microsoft’s lifecycle, leading to:

Vendor Abandonment: No future testing, patching, or technical support on Windows 10.
App Instability: Breakages or degraded performance as ISVs move to Windows 11 baselines.
Incident Delays: Failure to escalate critical issues due to unsupported OS footprint.
Insurance Risk: Tools that don’t receive updates or fixes due to OS limitations may void coverage clauses.

Final Note

Operating Windows 10 post-EOL significantly increases risk to operations, compliance, and cyber insurance eligibility. ESUs provide short-term relief, but at escalating cost. Proactively migrating to Windows 11 enables a supported, secure, and modern foundation aligned to most organizational strategic IT goals.