Last month Windows 10 support ended as Microsoft released the final Patch Tuesday update under KB5066791. Alongside that, the company also published information on how users can proceed if they want to keep using their system in a supported state, ie, continue receiving regular OS security updates outside of the Defender updates.
One of the ways is to enroll for Extended Security Updates (or ESU in short) wherein Microsoft will provide security updates for one more year till October 13 2026, and there are three fairly simple ways to get it done, both paid and unpaid.
If you have already enrolled in the ESU or are using a still-supported LTSC edition of Windows 10 but are seeing the message that "your version of Windows has reached the end of support" Microsoft has assured that it is not the case and that it is a false alert. The company has shared a fix for it too.
In the case of enterprise systems, specifically for Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs, Microsoft has reminded that IT admins and sysadmins must ensure that those devices must meet certain prerequisites and requirements so that ESU is offered to them.
Microsoft notes that Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs in dedicated mode are automatically entitled to ESU for three years given that they meet the criteria. The requirements include that the endpoint device (the local PC that is accessing Windows 365 Cloud) must have an active Windows 365 subscription license, have Windows 10 22H2 with KB5066791 or later installed, and, of course, admins must have valid administrative privileges.
If those conditions are met, admins will need to deploy a custom policy that enables the EnableESUSubscriptionCheck flag, which can be done through the Microsoft Intune admin center or other MDM (mobile device management) providers. Here, the integer value for the corresponding OMA-URI policy path must be set to "1" to enable the ESU check flag.
To verify a device is enrolled in the ESU program, admins can check for the following registry entry on the Windows 10 endpoint PC that would connect to a Windows 365 Cloud PC:
- Key:
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\ESU - Name:
EnableESUSubscriptionCheck - Type: REG_DWORD
- Value: 1
Aside from that, Microsoft has also added that users must continue to sign in to their physical Windows 10 devices using their Microsoft Entra ID account they use for Windows 365 Cloud PCs at least once every 22 days to maintain eligibility for ESU.
Besides that, Microsoft has also shared activation IDs for the three years of ESU in case of physical devices too, ie, those which do not access Windows 365 in their enterprise environments:
-
Win10 ESU Year1: f520e45e-7413-4a34-a497-d2765967d094
-
Win10 ESU Year2: 1043add5-23b1-4afb-9a0f-64343c8f3f8d
-
Win10 ESU Year3: 83d49986-add3-41d7-ba33-87c7bfb5c0fb
You can find more details at the source links below on Microsoft"s official site.