Blog Post
Enabling Extended Security Updates (ESU) for Windows 10 with Intune
Thanks for the post, Jon. This is extremely useful. I was wondering regarding the part where you have mentioned "If you are wondering about how patching will work with the ESU program, and if there will be any special steps for the security patches released under the ESU program. Good news, just continue to patch your devices as you do today. When the ESU patches are targeted to a device, if they have the appropriate key installed and activated, the patch can be installed. When the ESU patches are targeted to a device that does not have the ESU key installed and activated, the patches will not be applicable and will not attempt to install."
After applying the ESU keys using the method shown in your post, will this work for devices where patching is managed via another product other than Microsoft (Intune, WSUS)? i.e. Ivanti EPM, ManageEngine Patch Manager Plus etc..?
- Jon WarnkenAug 22, 2025
Microsoft
Yes, any patching method will work. The patches released for the ESU program will have a detection for the appropriate key. If the key is not installed and activated the patch will show as not applicable.