Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU

Quelle: Link

Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU
Published Dec 05 2023 10:00 AM  9,871 Views

Windows 10 will reach end of support (EOS) on October 14, 2025. While two years may seem like a long runway, ensuring a modernized infrastructure will help keep your organization productive and its data secure. We’re encouraged to see organizations realizing the benefits of Windows 11 by upgrading eligible devices to Windows 11 well ahead of the EOS date. Consider joining organizations like Westpac who recently leveraged Microsoft Intune, Windows Autopatch, and App Assure to efficiently move 40,000 employees to Windows 11, while also incorporating new Windows 11 devices as part of a regular hardware refresh cycle.

In this post, learn about the various options you have to smoothly transition to Windows 11, including extended protection for those needing more time.

What does Windows 10 end of support mean?

When Windows 10 reaches end of support, Microsoft will no longer provide bug fixes for issues, security fixes for vulnerabilities, time zone updates, or technical support for problems that might occur.

As noted on the Windows 10 release information page, version 22H2 is the final version of Windows 10. All editions of Windows 10, version 22H2 will remain in support with monthly security updates through October 14, 2025. Note that the Windows 10 IoT Enterprise Long-Term Servicing Channel (LTSC) and Windows 10 IoT Enterprise will continue to receive updates based on their specific lifecycles.

With the EOS for Windows 10 coming in less than two years, now is the time to migrate to a modern OS. Ensure that your organization isn’t left running unsupported software that is no longer receiving security updates. Organizations running legacy software are vulnerable to significant security risk and potential compliance violations.

Your options to transition from Windows 10 to Windows 11

Windows 11 is the most secure Windows yet. Its extensive capabilities, including Copilot in Windows, are designed to help keep your organization protected and productive. These measures include built-in advanced encryption, data and credential protection, robust system security and network safety, and intelligent safeguards against evolving threats.

In addition to upgrading eligible PCs to Windows 11 using Windows Autopatch or Microsoft Intune, your options to adopt Windows 11 include:

  • Purchase new Windows 11 Pro PCs with all the great security features turned on by default. In addition, suppliers will ship new PCs directly to employees with Windows Autopilot, saving you time from staging them.
  • Migrate to the cloud and subscribe to Windows 365 to make Windows 11 available to users on any device with a Cloud PC.

Let’s walk through those in further detail and discuss our upcoming Windows 10 Extended Security Update program for Windows 10.

Refresh ineligible PCs to new Windows 11 eligible devices

Enable workers to get the most secure Windows ever with Windows 11. It’s AI-enhanced and easy to use with a 250% ROI.

Step 1. To get started, understand which devices in your install base are ineligible through Intune or other management tools.

Step 2. For devices that aren’t eligible for Windows 11, or older devices due for a refresh, now is the time to transition to new PCs running Windows 11. New modern devices from partners like Dell, HP, Lenovo, Acer, and Surface and the rest of the Windows ecosystem offer a wide range of options to suit different worker needs. Explore and purchase new Windows 11 PCs directly from your original equipment manufacturer (OEM) or reseller of choice.

See how Hakutsuru Sake Brewing Co., Ltd. is streamlining security management across countries and time zones with new Windows 11 Pro devices. For Hakutsuru, the deciding factor was out-of-the-box security, including hardware-backed protection like TPM 2.0. Now his teams can work anywhere while protecting trade secrets like brewing data and recipes.

Migrate to Windows 11 in the cloud with Windows 365

As you work on modernizing your endpoint estate, you can move workers with Windows 10 PCs to Windows 11 in the cloud with Windows 365. That way your employees will always be updated with the latest Windows 11 and the latest security protection available.

Windows 365 subscriptions will include Extended Security Updates (ESUs) at no additional cost for Windows 10 devices that access Windows 365.

You might have scenarios in your organization where you’re looking for options and the flexibility to continue using older Windows 10 PCs longer. Extending the life of Window 10 PCs with Extended Security Updates and Windows 365 becomes a real possibility to support certain worker cohorts and still migrate to Windows 11. You can extend the life of these devices for an additional 3 years.

Windows 365 recently made a new service option generally available for frontline and shift workers. If workers don’t use a dedicated personal computer, but rather use a device that is shared or an older device, they can access Windows 11 using Windows 365. In these scenarios, you can extend the use of older Windows 10 PCs.

Check out how we’re extending Windows to the cloud with Windows 365. Our Windows 365 blog posts provide in-depth information on the latest features, deployment guidance, and best practices.

Extended Security Update program for Windows 10

While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date. Therefore, Microsoft will offer Extended Security Updates.

Like the Windows 7 ESU program, your organization will be able to purchase a yearly subscription to security updates. The yearly commitment is renewable for three years. Devices enrolled in ESUs will receive monthly security updates to keep these Windows 10 PCs secure.

The ESU program for Windows 10 will include critical and/or important security updates. ESUs do not include new features, customer-requested non-security updates, or design change requests. Technical support beyond the ESU itself is also not available.

  • For Windows 365 customers, ESUs will be provided for the Windows 10 devices that connect to a Cloud PC running Windows 11 at no additional cost.
  • If you run a Windows 10 instance in Azure Virtual Desktop, ESUs will also be available at no additional charge on those virtual machines (consumption not included).

Stay tuned for more ESU program updates as we approach availability, including an ESU program for individual consumers.

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

[2023 October Tips & Tricks] Why deprecate L2TP over IPSec in the USG FLEX H Series?

Quelle: Link

Why deprecate L2TP over IPSec in the USG FLEX H Series?

L2TP over IPSec was a popular VPN protocol in the past, but it has become less common and is often deprecated and discouraged for several reasons:

Security Concerns: It does NOT provide encryption or confidentiality to traffic passing through it. It relies on other protocols like IPsec for encryption and security.

Limited Platforms: Not all platforms and devices support L2TP/IPSec. For example, some mobile devices and operating systems have moved away from supporting this protocol in favor of more modern and secure alternatives. Android has removed L2TP VPN in its version 12 onward so that consumers can enjoy better security, performance, and interoperability with other systems.

Performance: L2TP over IPSec can be less efficient in terms of performance compared to newer VPN protocols. The additional overhead introduced by the combination of L2TP and IPSec can result in reduced throughput, which may be a concern in high-speed or high-bandwidth scenarios.

Zyxel is determined to deprecate the L2TP over IPSec in favor of a more modern and secure VPN protocol like IKEv2 in our USG FLEX H series, while keeping L2TP over IPSec in the ZLD-based product lines USG FLEX series and ATP series. IKEv2 is a VPN protocol known for its security, reliability, and efficiency. The best part is it’s widely adopted and provides outstanding interoperability, working with different types of VPN clients, OS, and VPN gateway.

To help our customers migrate to IKEv2, we provide Remote VPN Wizard in every product (ZLD, uOS, Nebula firewall, and future SCR), which generates a VPN script for use with free OS native- IKEv2 VPN clients e.g., Windows, macOS, iOS, Android (StrongSwan) in just a few clicks. As a result, our customers can enjoy the benefits of IKEv2 without the additional cost of purchasing IKEv2 client software.

With the subscription-based Zyxel SecuExtender VPN client, we take a step further allowing customers to enjoy auto-provisioning by simply retrieving the VPN settings right from our firewalls.


Office versions and connectivity to Microsoft 365 services

Quelle: Link

Office versions and connectivity to Microsoft 365 services

The following table lists the Office versions that are supported for connecting to Microsoft 365 services. For example, connecting to Exchange Online, SharePoint Online, or OneDrive for Business.

Office version Supported for connecting until this date
Microsoft 365 Apps Supported as long as you’re using a supported version.
Office LTSC 2021 October 13, 2026
Office 2019 October 10, 2023
Office 2016 October 10, 2023


As stated in a April 2017 blog post, only perpetual Office versions in mainstream support are supported for connecting to Microsoft 365 services. Office 2016 is no longer in mainstream support, but we made an exception for it until October 2023, as stated in a September 2018 blog post.

Older Office versions not supported for connecting to Microsoft 365 services

Older Office versions might still be able to connect to Microsoft 365 services, but that connectivity isn’t supported.

In practical terms, what this means is that these older Office versions might not be able to use all the latest functionality and features of Microsoft 365 services. In addition, over time, these older versions might encounter other unexpected performance or reliability issues while using Microsoft 365 services. That’s because as we make improvements to Microsoft 365 services, we’re not taking into account or testing with these older Office versions.

We won’t take any active measures to block older Office versions from connecting to Microsoft 365 services if they’re in extended support and are kept up to date. This includes Office 2019 and Office 2016 after October 10, 2023. Both of these versions are in extended support until October 14, 2025.

Therefore, to provide the best experience with using Microsoft 365 services, we strongly recommend that you move off older Office versions to versions supported for connecting to Microsoft 365 services.


Windows 11 Home and Pro – Modern Lifecycle Policy.

Quelle: Link

Windows 11 Home and Pro

Windows 11 Home and Pro follows the Modern Lifecycle Policy.

This applies to the following editions: Home, Pro, Pro Education, Pro for Workstations, SE

Support dates are shown in the Pacific Time Zone (PT) – Redmond, WA, USA.

Support Dates

Listing Start Date Retirement Date
Windows 11 Home and Pro Oct 4, 2021 In Support


Version Start Date End Date
Version 22H2 Sep 20, 2022 Oct 8, 2024
Version 21H2 Oct 4, 2021 Oct 10, 2023

Microsoft announces changes to Microsoft 365 and Office 365 to address European competition concerns


EU-Kartellverfahren: Microsoft entfernt Teams aus Office-Paket

Die Änderung gilt ab 1. Oktober. Betroffen sind Office 365 und Microsoft 365 für Geschäftskunden im Europäischen Wirtschaftsraum und der Schweiz.




Microsoft announces changes to Microsoft 365 and Office 365 to address European competition concerns

New subscription structure for Microsoft 365 in Europe




Changes to Microsoft 365 Business suites:

Microsoft 365 Business suites will coexist with the new lineup. Customers in the EEA and Switzerland will be able to choose between the existing Microsoft 365 Business Basic,

Microsoft 365 Business Standard, and Microsoft 365 Business Premium suites with Teams or the new EEA-specific versions of those suites without Teams.




USG FLEX vs. USG FLEX H-Serie – Vorteile

Quelle: Link

1) Überblick

Worry-Free Business Security (On-Premises) and Worry-Free Business Security Services (WFBS-SVC) minimal Windows requirements for ACS (Azure Code Signing)

Quelle: Link


Worry-Free Business Security (On-Premises) and Worry-Free Business Security Services (WFBS-SVC) minimal Windows requirements for ACS (Azure Code Signing)
Product/Version includes:Worry-Free Business Security Advanced , Worry-Free Business Security Standard , Worry-Free Business Security Services , View More
Update Date: 2023/05/29
Article Number: 000291908
Category: Install, Update

Microsoft requires security vendors to sign binaries using ACS. WFBS (On-Premises) and WFBS-SVC will be changing to this new certificate accordingly. However, a minimal update of the Microsoft KB will be required to support this new certificate.


Customers who do not have the minimum OS build/patch of Microsoft Windows after February 18, 2023 may encounter the following errors:

  • Agent Program and Services may not work properly.
  • There will be a reporting issue between the Windows Security Center (WSC) and the Trend Micro Security Agent which could result to the agent co-existing with Windows Defender. This could possibly lead to slow login, application lockup, or machine unresponsiveness.

To prevent this situation, Trend Micro will add a mechanism to the products to check whether ACS is already supported on the machine. If minimum OS build/patch of Microsoft Windows is not applied, it will prevent security agent fresh installation and agent hot fix after February 18, 2023.

Agent Program Upgrade blocking on non-ACS machines is a best effort implementation to prevent accidental deployment of new build on non-ACS compliant system. The ACS complaint detection logic however may not work correctly on some environment. Customers are strongly advised to apply appropriate MS KB to enable ACS support before deploying WFBS Patch 2472 or later.

Check Mechanism Release Schedule

  • Worry-Free Business Security Services (WFBS-SVC): January 9, 2022 Hot fix Maintenance
  • Worry-Free Business Security (On-Premises): To be included in all patches released after Patch 2459.

Customers who will be performing an update or install newer builds released after February 18, 2023 must have applied a minimum Microsoft Windows patch depending on the version of Windows you have deployed mentioned on the article, IMPORTANT BULLETIN: Trend Micro Server and Endpoint Protection Agent Minimum Windows Version Requirements for Updated Binaries After Mid-February 2023.

For machines that do not allow “trusted root CA auto update” or are in air-gapped or otherwise locked down environments, please make sure to apply Microsoft Identity Verification Root Certificate Authority 2020. A tool can be utilized for this by following the steps mentioned in this KB article. You may use the command EasyFixSysCerts.exe A1 .

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Windows 10 Home und Pro – Version 22H2 – Supportende 14. Oktober 2025

Quelle: Roadmap

Windows 10 support lifecycle

As documented on the Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles.


  • We highly encourage you to transition to Windows 11 now as there won’t be any additional Windows 10 feature updates.
  • If you and/or your organization must remain on Windows 10 for now, please update to Windows 10, version 22H2 to continue receiving monthly security update releases through October 14, 2025. See how you can quickly do this via a servicing enablement package in How to get the Windows 10 2022 Update.

The final end of support date for Windows 10 does not change with this announcement; these dates can be found on the Windows 10 Lifecycle page.


Quelle: Link

Windows 10 Home und Pro

Windows 10 Home und Pro folgen der Modern-Lifecycle-Richtlinie.

Dies gilt für die folgenden Editionen: Home, Pro, Pro Education, Pro for Workstations


Ab Windows 10, Version 21H2 (das Windows 10 November 2021 Update), werden Funktionsupdates jährlich in der zweiten Hälfte des Jahres über den Kanal für allgemeine Verfügbarkeit veröffentlicht. Weitere Informationen finden Sie hier. Microsoft wird bis zum 14. Oktober 2025 weiterhin mindestens einen Windows 10-Kanal unterstützen.

Die Supportzeiträume werden in Pacific Time (PT) für Redmond (Washington, USA) angegeben.


Auflistung Startdatum Deaktivierungsdatum
Windows 10 Home und Pro 29. Juli 2015 14. Okt. 2025


Version Startdatum Enddatum
Version 22H2 18. Okt. 2022 14. Okt. 2025
Version 21H2 16. Nov. 2021 13. Juni 2023
Version 21H1 18. Mai 2021 13. Dez. 2022
Version 20H2 20. Okt. 2020 10. Mai 2022
Version 2004 27. Mai 2020 14. Dez. 2021
Version 1909 12. Nov. 2019 11. Mai 2021
Version 1903 21. Mai 2019 8. Dez. 2020
Version 1809 13. Nov. 2018 10. Nov. 2020
Version 1803 30. Apr. 2018 12. Nov. 2019
Version 1709 17. Okt. 2017 9. Apr. 2019
Version 1703 11. Apr. 2017 9. Okt. 2018
Version 1607 2. Aug. 2016 10. Apr. 2018
Version 1511 10. Nov. 2015 10. Okt. 2017
Version 1507 29. Juli 2015 9. Mai 2017