Windows 10 is nearing its end of support, but if you’ve already tried to install the new version that’s supposed to be the successor, and still ran straight back into Microsoft-given wall, you have one safe option – as long as you follow a few careful steps.

Microsoft’s Extended Security Updates (ESU) can also patch critical vulnerabilities on aging hardware, and no less than consumer-friendly methods exist for enrolling — without the need of a corporate IT department or large budget.

Table of Contents

What ESU Actually Covers (and What It Doesn’t)
Three Methods to Have ESU on Personal PC
How to Register Without IT Assist
Harden Windows 10 Past ESU
Do It Now, Not Later
If You’re Thinking About Windows 11
Bottom Line: Plan and Commit

Screenshot showing the Windows Update screen with a pop -up window titled Enroll in Extended Security Updates at no extra cost and text overlays Windo

What ESU Actually Covers (and What It Doesn’t)

ESU is providing security fixes only which are critical and important. You’re not going to get any new features, cosmetics enhancements or run-of-the-mill bug fixes, and there’s no guarantee of technical support. Consider ESU to be like a seatbelt on a car that’s no longer being built: It won’t make the car new, but it can help protect you from some of the most serious risks.

Security agencies that include CISA warn both before and after when it comes to running unsupported operating systems due to the potential for attackers to use the same pool of unpatched vulnerabilities over and over again, at scale. The outbreak of WannaCry is the classic cautionary tale — unsupported Windows machines were hit hardest because key patches weren’t in place.

Three Methods to Have ESU on Personal PC

For consumers who want to extend security updates on Windows 10 running version 22H2, Microsoft is providing three options:

Redeem Microsoft Rewards points. Redeem 1,000 points at check out to pay for registration. You can earn points by using Microsoft services — just installing the Bing app gets you a quick chunk of the total.
Turn on Windows Backup to save a backup of your files, setting a schedule and frequency. Setting up backups on OneDrive is how your device becomes eligible. Pay attention to storage: Your backup will use up 5GB for free, so check that it’s manageable or consider cleaning up your backup or getting a storage plan if necessary.
Pay directly. If you want to take the easy path, you can pick up a one-year ESU license for around $30/device.
So far Kinikin (Microsoft) has only promised us consumers up to a year of ESU after support expires. You can re-enroll after your support expires, but any gaps in coverage mean no protection for your device during that time.

How to Register Without IT Assist

For eligible devices running Windows 10 22H2, Microsoft is introducing the enrollment wizard through system notifications and in Settings. The flow is intended for single-user use cases—no VL/Azure management scenario. If you’re not seeing prompts, go to Settings and search for “Extended Security Updates” and look at the on-screen steps that correspond with your option (Rewards, OneDrive backup or direct payment).

Harden Windows 10 Past ESU

ESU is just one piece of a safe setup. To reduce risk further:

A screenshot of the Windows Update settings page, showing a pop-up window that reads Youre eligible to enroll in Extended Security Updates at no extra

Keep Microsoft Defender turned on and updated. Even when the OS itself ages out, you still need to get signature updates. If you favor a third-party suite, verify that the vendor still supports Windows 10.
A modern, updated browser And extensions to a minimum. At some point the browser makers will curtail support for these old platforms; when that day comes, it’s a leading indicator you need to upgrade those devices.
Stick to a standard user for day-to-day, admin for installs. Because it’s such a simple tweak, this stops more attacks than you might think.
Uninstall neglected applications and legacy implants, as well.

Every additional component increases your attack surface and patching burden.

Switch on the device encryption and see that the firewall is switched to be on. Do you use remote desktop? Lock down or disable.

Do It Now, Not Later

Before you do anything, take a full backup. Windows Backup to OneDrive should be enough for ESU eligibility whilst keeping all your files safe, but you can never have too many backups so do keep an offline copy as well—ideally a few versions of the most important files on a USB stick or external HDD that is disconnected when it’s not updating. You get a rollback plan in case of driver, update or disk failure with a periodical full system image.

If You’re Thinking About Windows 11

Windows 11 needs a compatible processor, TPM 2.0, Secure Boot and other modern security features rapidly shuttling you to the future of computing. Many older PCs won’t qualify. There are unofficial workarounds, but Microsoft doesn’t endorse them and you may not receive crucial protections. If your device can’t make the leap, look for a cheap new PC that can; retailers and technology manufacturers regularly have entry-level systems that outpace the minimums on sale.

For office users: Microsoft has said it will keep updating its app through security updates on Windows 10, for a limited time beyond that, although new features are not mentioned. The buys time, but not parity with newer platforms.

Bottom Line: Plan and Commit

If you have to stay on Windows 10, then either sign up for ESU through Rewards, backup in OneDrive or purchase outright and harden your set-up with disciplined backups and some basic security hygiene. The fact that Windows 10 is still plenty in use was, and still is, the reason why it will continue to be a target of attackers. A bit of preparation now can make the process of riding out the transition much safer — and far less stressful.