Leaving Windows 10 in the middle of a hardware shortage

Windows 10 stopped getting security updates on October 14, 2025. Your machines didn’t turn into pumpkins that morning. They still boot, Office still opens, the printer still mostly works. But every month since, the gap between “supported” and “what you’re running” has widened. And the timing is genuinely bad: the moment a chunk of small businesses need to refresh hardware is the moment RAM roughly doubled and SSDs got expensive too. This is the version of the situation I’d give a client who called and asked what to actually do.

What “end of support” means in practice

No more security patches. No more bug fixes. No more technical support from Microsoft. The OS keeps working; it just stops getting fixed when someone finds a way in. For a home machine that browses the web and nothing else, that’s a slow-burn risk. For a machine that touches client data, payment information, or your office network, it’s a liability, and increasingly a documented one, because cyber-insurance questionnaires now ask whether you’re running supported operating systems, and “no” is not a great answer to have on file after an incident.

The Windows 11 hardware wall

The obvious move is to upgrade to Windows 11 in place. It’s free, and for machines that qualify it’s the cheapest path by a wide margin. The catch is the hardware requirements, which are stricter than any previous Windows upgrade:

• TPM 2.0, a security chip. Many business machines from 2017 onward have it, but it’s disabled in the BIOS; some older or budget machines genuinely don’t have it.
• Secure Boot enabled, UEFI firmware.
• A CPU on Microsoft’s supported list, roughly Intel 8th-generation Core and AMD Ryzen 2000-series and newer. This is the one that catches people. A perfectly fast 2016 i7 is simply not on the list, and Microsoft means it.
• 4 GB RAM, 64 GB storage, DirectX 12. (These are easy; the CPU and TPM are the gates.)

Run Microsoft’s PC Health Check tool on each machine. It tells you exactly what’s blocking the upgrade. You can force Windows 11 onto unsupported hardware, but Microsoft warns those machines may be cut off from updates, which puts you right back in the unsupported boat. Don’t build your business on that.

The bridge: Extended Security Updates

If you can’t move everything by now (you can’t, nobody did), there’s a paid bridge: Extended Security Updates. Security patches only, no features, no real support.

• Consumer ESU: one year, through October 2026. About $30 per PC, or free if you sync your settings to a Microsoft account or redeem Microsoft Rewards points. Fine for a handful of personal-ish machines.
• Commercial ESU: up to three years, but it escalates fast. Roughly $61 per device for year one, then it doubles each year ($122, then $244). It’s cumulative, too: if you start in year two you pay for year one as well. Cheaper (around $45 for year one) if the devices are managed through Intune or Windows Autopatch, and free if the machine runs Windows 10 in a Microsoft cloud VM (Windows 365, Azure).

Read the commercial pricing again: by year three you’re paying $244 per device per year to keep an unsupported OS limping. That’s a meaningful fraction of a new low-end PC. ESU is runway, not a destination. Buy yourself twelve months with it if you need to. Don’t buy yourself three years and call it a plan.

What to actually do, by machine

Inventory first. PC Health Check on everything, sorted into three piles.

Pile one: qualifies for Windows 11. Upgrade it. Free, do it now, done. This is probably more of your fleet than you’d expect; most business-grade machines from 2019 on make the cut once you flip on TPM in the BIOS.

Pile two: doesn’t qualify, but you still need it. ESU as a one-year bridge while you replace it. When you do replace it, see the next section, because buying hardware right now needs a strategy.

Pile three: doesn’t qualify, and the workload is light. A 2015 laptop that can’t run Windows 11 can run Linux Mint or Ubuntu, or ChromeOS Flex (Google’s free OS for old hardware), perfectly well: as a reception kiosk, a label-printing station, a guest machine, a warehouse terminal, a kid’s homework laptop at home. Don’t pay ESU on it and don’t landfill it. Re-deploy it somewhere the OS doesn’t matter and the security surface is small.

There’s also a fourth option for some workflows: skip the local machine entirely. A cheap thin client plus a Windows 365 Cloud PC gives each person a supported Windows 11 desktop in the cloud, ESU included, and turns a capital purchase into a monthly line item. It’s not right for everyone (it needs decent internet and it costs more over three years than owning) but for a business that genuinely can’t predict headcount, it sidesteps the hardware question.

On the timing

Yes, it’s a bad year to buy computers. RAM is up roughly 2x, SSDs are climbing, and Dell, Lenovo, and HP have all pushed list prices up 15 to 20 percent or more, with some mid-range laptops up closer to 40 percent. That’s real, and it’s a reason to be deliberate. It is not a reason to keep running an unpatched OS on machines that handle your clients’ data.

The way through: upgrade everything that can be upgraded for free, ESU the rest as a short bridge, redeploy the genuinely-old machines onto something light, and stagger the actual purchases instead of refreshing the whole office in one purchase order. We wrote a separate piece on how to buy hardware sensibly in this market. The short version: buy what you need, look hard at business-grade refurbished machines, and don’t let “future-proofing” talk you into paying spike prices for headroom you won’t use.

If you want help inventorying what you’ve got and figuring out which pile each machine goes in, send us a note.