Still on Windows 10 in Mid-2026? Here Is What a Small Business Should Do Now

This one is not a breaking-news scare; it is the slow-motion deadline a lot of small businesses on the Central Coast are quietly sitting on. Windows 10 reached the end of its support life on October 14, 2025. We are now well past that date, and if you still have computers running Windows 10, they have spent the last several months without the monthly security updates that used to arrive automatically. The machines still boot, still run QuickBooks, still print — which is exactly why it is easy to ignore. But the risk does not announce itself; it just accumulates.

The good news: for most small businesses this is a very manageable project, and a lot of your computers can probably move to Windows 11 for free. The thing that makes it urgent rather than optional is a second deadline coming this fall. Here is the whole picture in plain language, and a sane way to handle it.

What "end of life" actually means

"End of support" does not mean Windows 10 stops working. It means Microsoft stopped shipping the free monthly security patches for it. Every month, security researchers and attackers find new flaws in Windows. On a supported OS, those get fixed on Patch Tuesday — the cadence we write about every month. On an unsupported OS, they simply do not get fixed. The vulnerabilities pile up, publicly documented, with no patch coming.

That is why an unsupported machine is a rising risk, not a sudden one. The day after end-of-support it was about as safe as the day before. Eight months later, it is meaningfully worse, because attackers have had eight months of newly disclosed Windows bugs that will never be patched on that box. And it is not only a security problem. For a business, running an unsupported operating system can quietly violate cyber-insurance requirements and compliance obligations (HIPAA, PCI, CMMC, and the like), which means a breach on a Windows 10 machine could also mean a denied insurance claim. We touched on the insurance side in the cyber-insurance renewal checklist.

The deadline you should actually circle: October 2026

Microsoft offers a paid safety net called Extended Security Updates (ESU) — you keep getting critical and important security patches for Windows 10, for a fee, for a limited time. There are two versions, and the dates matter:

• Consumer ESU is a single year of coverage, and you can only enroll up to October 13, 2026. After that, the consumer door closes.
• Commercial / business ESU can be renewed for up to three years, with October 13, 2028 as the last day any Windows 10 device can receive an official security update.

So even the longest paid extension ends in 2028, and the cheap consumer option ends this October. ESU is a bridge, not a destination — paid breathing room to finish a migration on your terms. The mistake is treating it as a way to stay on Windows 10 forever; it is not, by design.

What ESU costs a business

For organizations buying through volume licensing, ESU is priced per device, and it is built to get more painful each year on purpose:

• Year one: about $61 per device (roughly $45 if you manage updates through a cloud tool, about a 25% discount).
• Year two: it doubles to about $122 per device.
• Year three: it doubles again to about $244 per device.

And remember what that buys: security patches only. No new features, no non-security bug fixes, and no technical support included. Add it up across a fleet and you can see Microsoft's intent — a few years of escalating ESU fees often costs more than simply replacing the oldest machines, with none of the benefit of newer, faster, genuinely supported hardware.

The better path for most PCs: free upgrade to Windows 11

Here is the part that pleasantly surprises a lot of owners: if a PC qualifies, upgrading from Windows 10 to Windows 11 is free. The question is just whether each machine clears the Windows 11 hardware bar. The main requirements are:

• TPM 2.0 (a security chip) and Secure Boot enabled.
• A supported 64-bit processor — broadly Intel 8th-generation or AMD Ryzen 2000 and newer, which means roughly 2018 or later.
• 4 GB of RAM and 64 GB of storage (in practice you want more for real work).

Most business PCs bought from 2018 onward meet this. One important catch worth knowing before you write off a machine: a fair number of PCs have TPM 2.0 but it is simply switched off in the BIOS from the factory. A computer that "fails" the Windows 11 check sometimes just needs the TPM and Secure Boot turned on, after which it upgrades fine. That is exactly the kind of per-machine triage worth doing before spending money. You can check the TPM yourself quickly: press Windows key + R, type tpm.msc, and press Enter — if it reports Specification Version 2.0, you are in good shape.

A word of caution on the popular "just bypass the requirements" trick: yes, you can force Windows 11 onto unsupported hardware. For a home tinkerer, fine. For a business, we do not recommend it — Microsoft does not guarantee updates (including security updates) on ineligible machines, so you can end up in the worst of both worlds: a newer-looking OS that still is not reliably patched.

What to do with PCs that genuinely can't upgrade

If a machine truly lacks TPM 2.0 and has an older CPU, it is usually old enough that replacement is the honest answer — a no-TPM PC is frequently seven or more years old, and you are otherwise paying escalating ESU fees to keep a slow, aging computer on life support. Three clean options:

• Replace it with a Windows 11 machine. Often cheaper over two to three years than stacking ESU fees, and you get the speed and reliability of new hardware.
• Repurpose it for a role that never touches your network or sensitive data — a standalone, offline task — so an unpatched OS is not sitting on your business LAN.
• Re-platform it, in some cases, to a supported alternative OS if the device is only used for web and email. This is situational, and worth a quick conversation before committing.

A sane, unpanicked plan

You do not need to do this all in one weekend. You need a short, deliberate project:

1. Inventory every Windows 10 device and run the compatibility check on each (Microsoft's PC Health Check app, plus a BIOS look for any "failures" that are just a disabled TPM).
2. Upgrade the eligible machines to Windows 11. For most fleets that is the majority of them, and it is free. Back up first, and schedule it so nobody loses a workday.
3. Make a clear call on the rest: replace, repurpose off-network, or buy a defined, time-boxed stretch of ESU as a bridge with a real end date.
4. Budget and order now. If you need new PCs, ordering on your own timeline is far cheaper and calmer than emergency-buying after a security incident or a failed insurance review.

This is precisely the kind of unglamorous lifecycle work that managed IT exists to handle in the background: knowing exactly which machines you have, which can upgrade, which need replacing, and keeping the whole fleet on a supported, patched footing so an end-of-life date never sneaks up on you again. If you would rather not run the inventory and upgrades yourself, that is a half-day for us and a weight off your plate. It also feeds directly into the break-fix versus managed IT question: deadlines like this are exactly what proactive management is for.

The bottom line

Windows 10 being "end of life" is not a reason to panic, but it is a reason to act — calmly, this quarter, while the consumer ESU option is still open and while you can budget hardware on your own schedule. Most of your computers can probably move to Windows 11 for free today. The few that cannot are telling you they were due for replacement anyway. The expensive version of this story is the one where it gets ignored until an unpatched Windows 10 machine is the thing that lets an attacker in — and the insurer points at the unsupported OS. A few hours of planning now avoids all of that.

Frequently asked questions

Is Windows 10 still safe to use in 2026?

Microsoft stopped issuing free security updates for Windows 10 on October 14, 2025. The PC still runs, but it no longer receives the monthly patches that fix newly discovered vulnerabilities unless you are paying for Extended Security Updates. Every month, the list of unpatched, publicly known flaws on that machine grows, so running unsupported Windows is a steadily rising risk rather than an immediate failure — and for a business it also creates compliance and cyber-insurance problems.

Can my PC upgrade to Windows 11 for free?

If your PC meets the Windows 11 requirements, the upgrade is free. The main requirements are TPM 2.0, Secure Boot, a supported 64-bit processor (roughly Intel 8th generation or AMD Ryzen 2000 and newer, meaning 2018 or later), 4 GB of RAM, and 64 GB of storage. Many business PCs bought from 2018 onward qualify, and some that "fail" the check simply have their TPM switched off in the BIOS, which can be enabled.

What does Windows 10 ESU cost for a business?

For organizations, ESU is sold per device through volume licensing at about $61 per device for year one, doubling each year after that (about $122 in year two and $244 in year three), for a maximum of three years. Cloud-managed update tooling can earn about a 25% discount in year one. ESU delivers critical and important security patches only — no new features, non-security fixes, or support. It is a bridge to buy time, not a long-term plan.

How long can I keep Windows 10 with ESU?

The consumer ESU option covers one year and you can enroll only up to October 13, 2026. The commercial program can be renewed for up to three years, with October 13, 2028 the last date any Windows 10 device can receive an official security update. Treat ESU as paid breathing room during a migration, not a way to stay on Windows 10 indefinitely.

What should I do with PCs that cannot run Windows 11?

A PC that cannot run Windows 11 is usually old enough that replacement is the sensible move; machines without TPM 2.0 are often seven or more years old. The clean options are to replace those devices with Windows 11 hardware, repurpose them for a task that never touches your network or sensitive data, or in some cases move them to a supported alternative operating system. Forcing Windows 11 onto unsupported hardware is possible but not recommended for a business, because Microsoft does not guarantee updates, including security updates, on ineligible machines.

We only have a handful of computers. Is this really urgent?

Yes, and a small fleet is an advantage because the project is small and cheap to finish. The exposure grows every month an unsupported machine stays online, and the consumer ESU safety net disappears in October 2026. Doing an inventory now, while there is still time to budget and order any replacement PCs, is far less stressful and less expensive than scrambling after an incident or a failed compliance or insurance check.

Prefer to talk first? Email sales@ghosxt.com or call (831) 204-0501.