Update 2021.11.05: For Windows 7 SP1 and Windows 7 Professional for Embedded Systems, the Extended Security Update (ESU) Program will be entering its third and final year of providing security updates beginning on January 12, 2022 and ending on January 10, 2023.
For Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure, ESU will have one additional year of extended support available beginning on February 14, 2023, ending on January 9, 2024.
The steps to install, activate, and deploy ESUs are the same for first, second, and third year coverage. This post has been updated accordingly.
The Extended Security Update (ESU) program is a last resort for customers who need to run certain legacy Microsoft products past the end of support. Support for the following versions of Windows and Windows Server ended on January 14, 2020:
If your organization has been unable to update devices running the versions of Windows listed above to a currently supported version before January 11, 2022, ESU can provide security updates to those devices through January 10, 2023—helping protect those devices while you complete your Windows and Windows Server upgrade projects.
Many organizations have made the transition to the latest version of Windows 10 or Windows Server. Those who deployed Windows 10 benefit from strong protection against threats plus the latest security and manageability features such as Microsoft Defender Antivirus, richer device management policies, and Windows Autopilot. Other organizations running legacy applications shifted their Windows 7 devices to Windows Virtual Desktop, which includes ESU for Windows 7 virtual desktops at no additional cost, enabling you to continue running critical line-of-business apps while you continue your migration to Windows 10. As a last resort, however, a number of organizations purchased, installed, and activated their second year of ESU to receive security updates for eligible devices through January 11, 2022.
Because ESU are available as separate SKUs for each of the years in which they are offered (2020, 2021, and 2022)—and because ESU can only be purchased in specific 12-month periods—you will need to purchase the third year of ESU coverage separately and activate a new key on each applicable device in order for your devices to continue receiving security updates in 2022. If your organization did not purchase the first, second, and third year of ESU coverage, you will need to purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows 7 or Windows Server devices before installing and activating the Year 3 MAK keys to receive updates.
The steps to install, activate, and deploy ESUs are the same for first-, second-, and third-year coverage. For more information, see Obtaining Extended Security Updates for eligible Windows devices for the Volume Licensing process and Purchasing Windows 7 ESUs as a Cloud Solution Provider for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).
We recommend that you prepare now to install and activate the third year of ESU coverage for the devices in your organization that require it. To learn more about ESU, please watch our Microsoft Ignite 2019 session on How to manage Windows 7 Extended Security Updates (ESU) for on-premises and cloud environments.
We understand that everyone is at a different point in the upgrade process, which is why we offer assistance with tools like Desktop Analytics and services like Microsoft App Assure—as well as monthly Office Hours to help you deploy and stay current with Windows 10 across your organization. More information on ESU for Windows 7 and Windows Server 2008 and 2008 R2 is available in the Windows 7 end of support FAQ and Windows Server 2008 and 2008 R2 FAQ.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.