Microsoft Provides Windows 10 Extended Security Updates Requirements and Activation IDs

Microsoft Provides Windows 10 Extended Security Updates Requirements and Activation IDs

End of Windows 10 Support: What You Need to Know About Extended Security Updates

As of last month, Microsoft officially ended support for Windows 10, releasing the final Patch Tuesday update numbered KB5066791. This development marks a significant milestone, prompting the tech giant to share guidance for users eager to maintain security updates beyond standard service provisions.

Understanding Extended Security Updates (ESU)

One key option for users is to enroll in the Extended Security Updates (ESU) program. Through ESU, Microsoft commits to providing essential security updates for an additional year, extending support until October 13, 2026. There are both paid and unpaid methods available for enrollment, making it accessible for varied user needs.

Addressing Support Messages

If you’ve already enrolled in ESU or are using a supported Long-Term Servicing Channel (LTSC) edition but receive a notification stating, “your version of Windows has reached the end of support, ”rest assured. Microsoft has confirmed that this message is a false alert and has implemented a remedy for it.

Special Considerations for Enterprise Systems

For enterprise environments, particularly those using Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs, Microsoft has outlined specific requirements that IT administrators must meet for ESU eligibility. Compliance with these prerequisites is crucial for ensuring continued access to necessary security updates.

Eligibility Criteria for Windows 365 Systems

Devices operating in dedicated mode, such as Windows 365 Enterprise and Frontline Cloud PCs, can automatically qualify for ESU for a period of three years, provided they fulfill the technical criteria. Key requirements include:

  • An active Windows 365 subscription license.
  • Installed version of Windows 10, specifically 22H2 with KB5066791 or a later update.
  • Administrative privileges for IT personnel managing the deployment.

Once the eligibility requirements are confirmed, administrators should deploy a custom policy to activate the EnableESUSubscriptionCheck flag. This can be achieved via the Microsoft Intune admin center or alternative mobile device management (MDM) solutions. The integer value for the OMA-URI policy path must be configured to “1”to enable the ESU check.

Verifying ESU Enrollment

To confirm a device’s enrollment in the ESU program, IT admins should inspect the registry for the following entry on the applicable Windows 10 endpoint:

  • Key: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\ESU
  • Name: EnableESUSubscriptionCheck
  • Type: REG_DWORD
  • Value: 1

Maintaining Eligibility

Furthermore, it is crucial for users to sign in to their physical Windows 10 devices using their Microsoft Entra ID account—used for Windows 365 Cloud PCs—at least once every 22 days to retain their eligibility for ESU.

Activation IDs for Physical Devices

For users relying on physical devices that do not access Windows 365, Microsoft has made available specific activation IDs for the three years of ESU:

  • Year 1: f520e45e-7413-4a34-a497-d2765967d094
  • Year 2: 1043add5-23b1-4afb-9a0f-64343c8f3f8d
  • Year 3: 83d49986-add3-41d7-ba33-87c7bfb5c0fb

For further details, please explore the official Microsoft resources linked below:

Source: Microsoft (link1, link2)

Source & Images

Related Articles:

Samsung Unveils 10.7 Gbps LPDDR6 Memory and 14.8 GB/s PM9E1 M.2 22×42 Gen5 SSD at CES 2026
Master the Elevator Codes: Survival Guide for November 2025

Leave a Reply

Your email address will not be published. Required fields are marked *