Windows 10 reached end of support on 14 October 2025. Microsoft is no longer issuing security updates, bug fixes, or technical assistance for it. Devices still running Windows 10 today are not broken, they boot, and most software still works. But the security, compliance, and insurance picture for AU businesses running unsupported operating systems has changed substantially, and most of that change has not been priced into the IT budget conversations we are having with Perth SMBs.
This is a practical playbook for what to do if your business is still running Windows 10 in 2026.
Microsoft has stopped issuing security patches for Windows 10. That is the headline. Any vulnerabilities discovered after October 2025 will not be fixed unless your business pays for Extended Security Updates (ESU), which Microsoft is offering for Windows 10 at a per-device price that escalates each year you stay on it.
What stays the same: Windows 10 still runs. Your existing software still works. The Microsoft 365 apps will continue to function on Windows 10 for now, though Microsoft has signalled that compatibility with newer M365 features will erode through 2026 and 2027.
What changes immediately: your attack surface widens with every month that passes. Threat actors specifically target unsupported operating systems because they know the patches will never arrive. Your cyber insurance underwriter will treat unsupported endpoints as a material risk factor at renewal. And any cybersecurity framework you might be working toward (Essential Eight, SMB1001, ISO 27001) treats running an unsupported operating system as a control failure.
Most AU SMBs sit in one of four positions.
You have already migrated to Windows 11. You are fine. Most of our managed IT clients completed Windows 11 migration during 2024 and 2025 as part of the standard hardware refresh cycle.
You have devices that are Windows 11 compatible but you have not migrated. This is the most common position. The migration is straightforward, mostly an in-place upgrade, and can be done device by device or in batches. The longer you delay, the more risk you accumulate without saving any cost.
You have devices that are not Windows 11 compatible. Common in businesses with hardware bought before 2020 or with older specialised systems. The path here is hardware replacement, which is a real budget conversation. The good news is the typical 3-5 year refresh cycle means most of these devices were already approaching end of useful life.
You have a mix. Most likely. The right answer is to inventory honestly, separate the Windows 11 compatible from the incompatible, and run two parallel programs.
This is the part most coverage of Windows 10 EOL misses. Cyber insurance underwriters have started asking specific questions about operating system support status. The standard application now includes questions like “do you have any endpoints running an unsupported operating system” and “what is your operating system patching policy”.
Underwriters can respond to a “yes, we have unsupported endpoints” answer in three ways. They can raise the premium. They can narrow the coverage (specifically excluding losses arising from incidents involving unsupported endpoints). They can decline to renew. We have seen all three responses in the past six months from underwriters covering Perth SMBs.
The exposure here is significant. If you have a ransomware incident in 2026 that traces to a Windows 10 device, and your policy excludes losses from unsupported endpoints, your insurance is not going to cover the recovery costs. This is not theoretical; we have seen claim disputes already.
The major Australian cybersecurity frameworks all treat running an unsupported operating system as a control failure.
Essential Eight. The “patch applications” and “patch operating systems” strategies specifically require running supported versions with current patches. Running Windows 10 in 2026 means Maturity Level 0 on both controls regardless of how well-patched everything else is. Our Essential 8 compliance guide covers the patching requirements in detail.
SMB1001:2026. Operating system support status is explicitly assessed at all certification tiers from Bronze upward. Running unsupported endpoints disqualifies a business from certification. See our SMB1001:2026 guide for the full control list.
ISO 27001. Annex A controls A.8.8 (technical vulnerability management) and A.8.32 (change management) require supported, patched operating systems on all endpoints in scope.
If your business has compliance obligations through clients, regulators, or insurers, Windows 10 is no longer a viable production operating system in 2026.
Microsoft is selling Extended Security Updates (ESU) for Windows 10 as a paid program. For consumer customers, year one is $30 USD per device. For commercial customers, the pricing escalates substantially in year two and year three. After three years, ESU ends entirely.
ESU is a transitional product, not a strategy. It exists to give businesses time to migrate, not to keep Windows 10 in production indefinitely. The economics rarely favour ESU over hardware refresh for any business of more than 20 devices, and the compliance and insurance issues do not go away just because Microsoft is technically still patching the OS.
The only scenarios where ESU makes sense are short-term bridging (you have a six month migration plan and need patches in the interim) or genuinely stuck legacy systems (a specialised industrial control system that cannot move off Windows 10 without replacing the entire production line). For general business workstations, ESU is buying time at premium pricing.
For Windows 11 compatible devices, the migration is an in-place upgrade. Microsoft has streamlined the process and most upgrades complete in 60-90 minutes per device without requiring data migration or application reinstallation.
The real work is in three places. First, compatibility verification on every device against the Windows 11 hardware requirements (specifically TPM 2.0, Secure Boot, supported CPU). Second, application testing: most business applications work fine on Windows 11 but specialised line-of-business software sometimes needs vendor updates or workarounds. Third, user training and change management: Windows 11 has a different start menu, different settings layout, and different default browser behaviour. Most users adapt within a day but it pays to set expectations.
For incompatible devices, the conversation is straightforward: replace at the next refresh cycle, or accelerate the refresh if the device is older than three years. Modern business laptops in Australia run $1,500-2,500 depending on specification. Compare that to the cost of an unsupported-OS-related security incident and the maths is uncomplicated.
For our managed IT clients, Windows 11 migration is part of the standard service. We inventory endpoints quarterly, identify Windows 11 incompatible hardware, plan replacements as part of the IT roadmap, and run the in-place upgrades for compatible devices on a controlled schedule.
For businesses without managed IT in place, we offer Windows 11 migration as a project through our IT consulting team. The scope starts with an inventory and ends with every device on a supported, patched, compliant operating system. We have done this for businesses ranging from 15 to 200 endpoints across Perth.
Inventory every Windows endpoint in your business this week. List operating system version, age, and Windows 11 compatibility. If you do not know how to do this, your IT provider can produce the list within a day from your endpoint management tool. If you do not have an endpoint management tool, that is a separate problem worth fixing.
Check your cyber insurance policy renewal date and your application answers. If you answered “no” to questions about unsupported operating systems but you still have Windows 10 devices, your policy may be at risk. Talk to your broker before the renewal.
Book a Windows 11 migration plan with us. Contact us on 1300 EPIC IT. We will inventory your environment, identify hardware that needs replacing, and give you a costed migration plan within two weeks.
Microsoft ended mainstream support for Windows 10 on 14 October 2025. After this date no further security updates, bug fixes, or technical assistance are provided unless the business pays for Extended Security Updates. Windows 10 devices continue to function but accumulate security and compliance risk with every month they remain in production.
Yes, for now. The Microsoft 365 apps continue to function on Windows 10 in 2026, though Microsoft has signalled that compatibility with newer M365 features will erode through 2026 and 2027. The bigger risk is not application compatibility but the security and compliance exposure of running an unsupported operating system that receives no security patches.
Yes, materially. Cyber insurance underwriters now specifically ask about unsupported operating systems on the application. Carrying Windows 10 endpoints can result in higher premiums, narrower coverage that excludes losses from unsupported endpoints, or non-renewal. If your policy renewal is coming up and you still have Windows 10 devices, raise this with your broker before the renewal.
Extended Security Updates are a transitional product, not a strategy. ESU makes sense for short-term bridging (you have a confirmed migration plan within six months) or genuinely stuck legacy systems (specialised industrial control systems). For general business workstations, ESU is buying time at premium pricing while leaving the compliance and insurance exposure in place. The economics rarely favour ESU over hardware refresh for any business of more than 20 devices.
For Windows 11 compatible devices, the in-place upgrade takes 60-90 minutes per device and most businesses can complete a full fleet migration within 4-8 weeks running in parallel. For Windows 11 incompatible hardware, the timeline depends on when the device replacement budget is available. Epic IT typically delivers a full migration project for a 50-endpoint business in 6-10 weeks end to end.
The most common blocker is TPM 2.0, a hardware security chip that became standard on business-class devices around 2019. Most business laptops bought before 2019 do not have TPM 2.0 and cannot be upgraded to Windows 11 without hardware replacement. The other common blocker is unsupported CPUs (specifically anything older than Intel 8th generation or AMD Zen+).