The Extended Security Update (ESU) program is a last resort for customers who need to run certain legacy Microsoft products past the end of support. Support for the following versions of Windows and Windows Server ended on January 14, 2020:
Windows 7 SP1
Windows 7 Professional for Embedded Systems
Windows Server 2008 R2 SP1 and Windows Server 2008 SP2
Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems
If your organization has been unable to update devices running the versions of Windows listed above to a currently supported version before January 12, 2021, ESU can provide security updates to those devices through January 11, 2022—helping protect those devices while you complete your Windows and Windows Server upgrade projects.
Many organizations have made the transition to the latest version of Windows 10 or Windows Server. Those who deployed Windows 10 benefit from strong protection against threats plus the latest security and manageability features such as Microsoft Defender Antivirus, richer device management policies, and Windows Autopilot. Other organizations running legacy applications shifted their Windows 7 devices to Windows Virtual Desktop, which includes ESU for Windows 7 virtual desktops at no additional cost, enabling you to continue running critical line-of-business apps while you continue your migration to Windows 10. As a last resort, however, a number of organizations purchased, installed, and activated their first year of ESU to receive security updates for eligible devices through January 12, 2021.
What you need to know about year two coverage for ESU
Because ESU are available as separate SKUs for each of the years in which they are offered (2020, 2021, and 2022)—and because ESU can only be purchased in specific 12-month periods—you will need to purchase the second year of ESU coverage separately and activate a new key on each applicable device in order for your devices to continue receiving security updates in 2021. If your organization did not purchase the first year of ESU coverage, you will need to purchase both Year 1 and Year 2 ESU for your applicable Windows 7 or Windows Server devices before installing and activating the Year 2 MAK keys to receive updates.