Note: A new version of this blog post was published on February 11, 2020. |
Update 11.26.2019: Windows 7 Extended Security Updates (ESUs) will be available via the Cloud Solution Partner (CSP) program beginning Monday, December 2, 2019. To purchase Windows 7 ESUs through a CSP, please contact a CSP partner. If you are a partner and need details on procuring Windows 7 ESUs through the Partner Center, see Purchasing Windows 7 ESUs as a Cloud Solution Provider.
While many of you are well into your journey of deploying and/or servicing Windows 10, we understand that everyone is at a different point in the upgrade process. If your organization is unable to complete the transition from Windows 7 Pro or Enterprise to Windows 10—or from Windows Server 2008 and 2008 R2 Datacenter, Enterprise, or Standard to the latest version of Windows Server—prior to the end of support on January 14, 2020, we want to help you by ensuring that these devices running these select editions and versions continue to receive security updates while you complete your Windows and Windows Server upgrade projects.
In this blog, we’ll explain how volume license customers can purchase, install, and deploy Extended Security Updates today for eligible Windows 7, Windows Server 2008, and Windows Server 2008R2 devices to ensure those devices stay protected after January 14, 2020. Again, if you are a Windows 7 Pro customer looking to take advantage of paid Extended Security Updates via CSP partners, you will be able to do so once they are available on December 1, 2019. More information on this option will be available in the Windows 7 and Office 2010 End of Support FAQ.
Extended Security Updates are available through specific volume licensing programs. Coverage will be available in three consecutive 12-month increments following Windows 7 end of support on January 14, 2020. Extended Security updates are available for purchase in 12-month increments only, starting January 14, 2020. You cannot buy partial periods (e.g. 6 months).
Eligible customers can use the Azure Hybrid Benefit (available to customers with active Software Assurance or Server Subscriptions) to obtain discounts on the license of Azure virtual machines or Azure SQL Database managed instances. ESUs for select Windows Embedded products are available via your embedded device manufacturer.
Now, let’s walk through how and where to purchase Windows 7 ESU, as well as download the appropriate key from the VLSC.
To purchase Windows 7 ESUs through a CSP, customers should contact a CSP partner. If you are a partner and need details on procuring Windows 7 ESUs through the Partner Center, see Purchasing Windows 7 ESUs as a Cloud Solution Provider.
The following steps must be completed before installing and activating ESU keys:
Once you have addressed the prerequisites, you’re ready to install and activate Extended Security Updates for machines connected to the internet.
First, install the ESU product key using the Windows Software Licensing Management Tool (slmgr):
Note: Installing the ESU product key will not replace the current OS activation method being used on the device. This is achieved by using the Activation ID to differentiate between the operating system’s activation and the ESU activation.
Next, find the ESU Activation ID:
Now, you’ll activate the ESU product key:
ESU Program |
ESU SKU (or Activation) ID |
Windows 7 SP1 (Client) |
|
Year 1 |
77db037b-95c3-48d7-a3ab-a9c6d41093e0 |
Year 2 |
0e00c25d-8795-4fb7-9572-3803d91b6880 |
Year 3; |
4220f546-f522-46df-8202-4d07afd26454 |
Windows Server 2008/R2 (Server) |
|
Year 1 |
553673ed-6ddf-419c-a153-b760283472fd |
Year 2 |
04fa0286-fa74-401e-bbe9-fbfbb158010d |
Year 3 |
16c08c85-0c8b-4009-9b2b-f1f7319e45f9 |
Once you have activated the ESU product key, you can verify the status at any time by following these steps:
Note: We recommend using a management tool, such as System Center Configuration Manager, to send the slmgr scripts to your enterprise devices.
To install and activate ESU for machines that are not connected to the Internet, you will need to follow these steps:
For systems that will not connect to the internet for activation, you can use the VAMT to perform proxy activation; however, KB4519972 must first be installed.
If you use the VAMT for Activation, the tool has the ability to pick up the activation ID as shown below:
Windows 7 SP1 and Windows Server 2008 R2 SP1: Install the optional, non-security update outlined in KB4528069. Please note that the KB4528069 update has no actual security content. This update is a test package and we subsequently recommend that you deploy it in your test environment. Install this update on your on-premises devices that are eligible for ESU.
Windows Server 2008: install the optional, non-securing update outlined in KB4528081. Please note that the KB4528081 update has no actual security content. This update is a test package and we subsequently recommend that you deploy it in your test environment. Install this update on your on-premises devices that are eligible for ESU.
You do not need to deploy an additional ESU key for Azure virtual machines (VMs), Windows 7 ESU with Windows Virtual Desktop, or for bring-your-own images on Azure for Windows 7, Windows Server 2008, and Windows Server 2008 R2. Like on-premises devices, these devices will also require the installation of the SSUs and monthly rollups outlined in the prerequisites section above. A pre-patched Windows 7 image and a pre-patched Windows Server 2008 R2 SP1 image are available from the Azure Marketplace. Azure Stack VMs or Azure VMware solutions should follow the same process as on-premises devices.
After installing the SSUs noted above, VMs will be enabled to download the ESU updates.
For answers to commonly asked questions about ESU for Windows Server 2008 and 2008 R2, see the ESU FAQ.
If your organization still has devices running Windows 7, Windows Server 2008, or Windows Server 2008 R2, we recommend that you take the steps outlined above today to take advantage of Extended Security Updates and help ensure that your devices continue to receive necessary security updates after January 14, 2020.
If you are interested in learning more about Extended Security Updates, please see the following resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.