A

Foreign. Over the past couple of years, Microsoft Meteors have been plunging into enterprises, knocking many long standing enterprise products and services out of Support. This month, October 2025 was especially brutal with Windows 10 Exchange servers 2016 and 19 Skype for Business Server 2015 and 2019 all leaving support as of October 14th. If you're among those who weren't and still are not ready to transition off those products, you hopefully have been able to add extended security updates or ESUs to your mix. If you've been holding off hoping you can win a game of chicken against Microsoft and or bad actors, you are in luck as we've got two guests today who will share everything you want to know or should want to know about ESUs. Welcome to the Directions on Microsoft Briefing Podcast. I'm Mary Jo Foley, the Editor in Chief here at Directions, and I'm your host for this series of podcasts for those interested in the Microsoft Enterprise IT ecosystem. Today we've got two directions analysts here with me to talk about ESUs, Jim Gaynor and Rob Helm. Jim leads the Directions on Microsoft Editorial team and has been writing about technology since the early 1990s. Most recently he's covered teams Windows Server and related operating systems and Enterprise IT infrastructure. Rob is the Managing Vice President here at directions. His 25 plus years of experience analyzing Microsoft technology and strategy has helps him discern the company's overall strategy and direction, and sometimes helps with the confusing and contradictory signals it sends to customers and the industry. Hello both of you. Thank you so much for coming on today to talk about ESUs.

B

Well, thank you for inviting us and thank you for the dramatic introduction. I had to look out my window to make sure there were no meteors headed my way.

C

Yeah, thank you. Yeah. And also I'm like, oh gosh, who are these guys you're talking about? Oh wait, that's us.

A

All right, I'm going to go right into it and put you guys on the spot. So if you were going to give a customer an elevator pitch about ESUs, who maybe somebody who's never heard of them or is somewhat familiar but not really familiar, how would you describe them? Let's start with Jim.

C

Okay, I've used this with lots of other people too. If you've been kicking the can down the road for whatever reason, you know, good reasons, bad reasons, whatever, but you've been kicking the can down the road and you suddenly find yourself facing end of support on things that you don't have time to replace a RE engineer right now. This is a way to buy Literally a little more time. It's just like insurance. You might not even need it, and some things might not even be covered, but Microsoft's still going to make sure that you pay the full term for what you need.

B

For my part, it's just important to remember an ESU is a subscription to security updates, period. It's fixes for security holes in the software versions you're running. You used to get them free, now you'll be paying for them and that's it. In particular, it's not extended support or you don't get any break fix support or anything else from Microsoft except what you need to get ESUs working at your site. They're very narrowly targeted, keeping your system secure while you're migrating to something supported.

A

Okay, that's good. Both very good elevator pitches. So we've had this debate inside of directions a couple of times. Are ESUs a necessary evil or are they a sound way to keep running software, you know, longer? Or as Rob Helm said in one of his recent reports on ESUs, ESUs may be a signal that your IT department needs to make some governance changes. So, Rob, let's start with you. How should people be thinking about this?

B

Well, if you're stuck on old software like Windows 10 or Exchange Server 2019 and you can't get to something supported soon, you should have ESUs. That goes double for any systems that are touching the Internet. But if you find your ESU bill growing every year, you have a bigger problem. You may be chronically underfunding migration projects, or your architects may be just setting out unrealistic product roadmaps that just don't build in enough time to migrate to supported products.

A

Yeah, I talked to some people too, who were, they were counting on Microsoft backing down at the last minute. They're like, you know what, they're going to just keep going with Windows 10. I'm like, no, they're not. They're not going to do that.

B

Sometimes it'll happen on some kind of a narrow technical issue. But something like ESUs, the product teams don't have the power. In this case, the decision is being made elsewhere.

A

Right, Jim, what do you say?

C

Yeah, well, yeah, I mean, to be blunt, I mean, there's a lot of things, enterprise business that, or where organizations, they spend money, Capex or opex, so they can defer making hard decisions. It's like, okay, well we can spend a lot of effort right now planning or we can spend money. And ESUs are one of them. It's not like the organizations didn't know these dates were coming. But there's always some new priority, some fire burning hotter. So you defer a decision, you know, until it become, until it becomes the hottest fire, till it is now your emergency, the meteor. So I agree with Rob's report. If you need them too often, then you really need to sit down and look at lifecycle planning. You need to make those hard decisions and like, hey, we need to plan in the future, we need to plan to save money in the future, else we're just going to be hurting our future selves. But if, in this case, if external forces did keep you from making those thoughtful decisions earlier, esus let you claim to be supported. And again, as Rob said, the support here is very narrow. It's just security updates. And even then it can even be just essential security updates that can be minor ones that Microsoft won't even cover with ESUs. But it gives you that claim to be supported while you work on making those decisions now. And it's important to note that there's several kinds of like regulated industries where it's required that the systems you're running be under support. If you're running things unsupported, then you've got, you're non compliant. So.

A

Right, right, Good point. Okay, so say your company does decide to pay up and go with ESUs to keep a legacy product supported. That's not the end of things. Right? Like, there's still other considerations you need to factor in. So let's talk about some of those. Jim, you want to start?

C

Yeah, yeah, I guess it segues. Well, from what I just said. Yeah, again, the thing is, just because you've got support for ESUs, again, it doesn't. It means you're just getting those really focused security updates. You're not getting compatibility updates, you're not getting featured updates. It doesn't mean that other necessary software you have is going to stay compatible or even that you'll get drivers that you need. I mean, let's say you're using ESUs. It's not just the products we listed earlier. Yes, Windows 10, Exchange Server, Skype for Business Server are top of mind right now. But you still have ESUs for Windows Server, SQL Server, they're really common. Let's say you're using ESUs right now to keep Windows Server 2012 around. Well, that doesn't mean you're going to get drivers to run Windows Server on newer hardware or even newer hardware versions of VMs to take advantage of, say, network adapters or new storage, or that software from other vendors will keep supporting it even if you're getting ESUs. So it's not just a matter of oh, this is, I've got support for this. But you're not getting feature compatibility or even bug fix updates. And all of your software, none of it exists in a silo anymore. It all has to interoperate with other things. And so if it's not, you know, if it's not supporting the new version of tls, it's not supporting this given API, it doesn't not cooperate, not cooperating. And with this other plugin you've got, then an ESU isn't going to help you.

B

And just take the brute, simplest example we can possibly think of, Office running on Windows on the desktop. If you've got Windows 10 with ESU, suddenly you have exactly one office suite that Microsoft will support on that plethora. So and that's Microsoft 365 apps for enterprise, which is a subscription suite of course for Microsoft 365 customers mostly. But now good luck, you're going to be one of those Microsoft 365 customers, even if you've avoided it before.

A

Another thing to factor in when you're weighing your ESU strategy is what Microsoft is telling you you should do. Where do they want you to go when you get off Windows 10 or an older version of Exchange or SQL Serv? And then how difficult is it to actually get there? So how do customers think about these questions and maybe even capitalize on them when they're negotiating their Microsoft contracts? Who wants to start with this one?

B

I'd say it's all about migrating to the cloud and adopting subscription licensing. That's where Microsoft's business and sales incentives are. And to the extent that you can do that, you will have more leverage in negotiation with Microsoft.

C

Yeah, yeah, yeah, it's exactly that. I mean if you're in the negotiation, you want to use the possibility of moving from your on prem software to a Microsoft hosted online service because that's more likely to get you something. Because that's like Rob just said, it's that it's their sales incentives. What are the salesmen? What are the salespeople get incentives for? Well if you can give them some of that, then they might give you a little something. So you know, the hypothetical here is you're engaged in contract negotiation, you know, micro Microsoft wants you to do this, say, well we could see moving there. If you give us this other thing we want like maybe a discount on Copilot or something, you know that's always a tactic. But the challenge here is that Microsoft's all about AI now. And that's a whole other topic. Different podcasts, different many podcasts. And, and they really want any kind of licensing spiffs to be tied to adopting AI, which of course is part of why they want you on their cloud services. Because your data is there, it can be grabbed by the AI. But like I said, different stuff.

A

Right?

B

And in general, moving to the cloud, Microsoft cloud, there's a lot of pros and cons, but one thing you have to remember is that doing that, migrating to the cloud, it doesn't protect you from the kinds of end of life problems that drive people to ESUs like we've been talking about. In some ways they're worse because you don't set the schedule when you migrate. You, in the worst case, you could end up like project online customers. So they all just learned they have less than 12 months to get off that service before it shuts down. And you also, there's really no equivalent to ESUs for cloud services. When a cloud service shuts down, it's final data settings, they're all gone. You can't keep using the old service while you're migrating the new one the way you can with ESUs and software on premises.

C

Yeah, we've had that. Yeah, we've had that too. There was a customer that I was recently talking with that was finally making the move from Skype for Business Server to teams. And they're looking at all these teams features and they're saying, well, how can we control access to these new features? They roll out this new feature. We don't want our users to have it. And I had to say that you can't. I mean there's some things, yes, you can control it at a micro level, but at the macro level, these new features come out and you can't not take them.

A

Yeah, you don't have the choice the

C

way you did what was on prem. If you get it, then you get it. Yeah.

A

Yep, good point, Jim. Okay, since we've been talking a little bit about negotiation and negotiating with Microsoft, I'm going to take a quick break here for a quick reminder. So if you are a customer facing a Microsoft renewal or enterprise agreement negotiation, you don't need to do this by yourself. Directions on Microsoft's advisory service for contract and EA Negotiation support gives you expert guidance from people who sat on both sides of the table, including former Microsoft deal desk execs like Dean Bedwell, who is our lead negotiator here at Directions. Via our advisory service, we can help you spot hidden cost drivers, build a smarter negotiation strategy, and lots more. You can learn more by going to directions on Microsoft.com get-advice. And if you've got a renewal coming up, please feel free to reach out to salesessirections on Microsoft.com okay, let's go back to ESU Madness with Rob and Jim. All right, so for a growing number of Microsoft legacy products, there is a way around paying steep fees for ESUs that involves migrating to the Windows 365 Cloud Desktop Service as well as many Azure services that bundle ESUs. So how should customers think about this and decide whether going this route makes sense for them? Let's start with Rob.

B

Well, it's interesting. The cloud Virtual desktop services, Windows 365 and Azure virtual Desktop, those are places where that offer free ESUs and it can really affect your costs if you want to run Windows 10 on them because, or keep running Windows 10. If you want to keep running Windows 10, for example, by running it in those virtual desktop services, the ESUs can really affect your costs. If you're taking your current pre Cs with Windows 10 ESUs and just keep them going, it's going to be expensive. The first year of ESUs costs about the same as the original Windows licenses. And that fee doubles year two and it doubles again year three. So for small groups of kind of left behind PCs, moving them to a cloud virtual desktops and getting the free sus into the bargain can make a lot of sense. But the bigger and more complex your PC fleet, the less ESU discounts are going to matter because of migration costs and just the sheer costs of the service. For the biggest free ESUs are not going to be a big factor. They're going to be kind of like those mints that come free when the waiter delivers the bill.

C

It's only a WAPA Mint, So insert

B

Monty Python excursion here.

C

We've got to, we've got to, we've got to. Yeah. And, and the, the bundling. I mean, I'm going to approach it more from the enterprise side because I've spent a lot of time writing about Windows Server and it's still expensive. You know, even if you're kind of getting it with those, you know, it's a, it's not that you're getting it. There's a phrase that I try to use a lot in our reports is I don't say you're getting it for free, I say you're Getting it at no additional cost because you're already paying. That's. Don't forget, you're not like, oh, it's for free. It's like, no, you're buying something and this comes with it at no additional cost. And that really shouldn't be your sole motivator. I mean, for example, you can Get Windows Server ESUs at no additional cost when you move to an Azure VM or if you adopt Azure Local. But if you're running Windows Server 2012, which is the current version for which ESUs are available, that's not happening in a bubble. Like I said before, it depends on local storage network configurations, your on premises, active directory, on premises server management tools. So moving to Azure vms or to Azure Local is going to require refactoring. So that lift and shift still takes engineering effort. It's less than it is, say with Windows 10 ESUs, but you get the idea. So if you're already planning to go the route of one of these surfaces that offers ESUs, you're going to go to Azure VMs. You've got that plan already. Hey, that's a great bonus. It can give you a bit more time to migrate your systems properly, but it's just one factor and it shouldn't be the main one. You pick when you're choosing how you're going to modernize and move forward.

A

Okay, all right. So another thing about the high cost of ESUs is it's a not so subtle deterrent for running software on prem and or in third party, meaning non Azure data centers. So customers still need to consider, as both of you have been saying, how expensive it can be to move non Azure hosted services and software to the Microsoft cloud. Do you have any kind of broad guidance on this front for customers?

C

You just segued over there really nice, didn't you?

A

I tried.

C

Skilled, skilled. So as a lot of customers did, a lot of customers did find like during COVID they were all like, move my data center to Azure now. So they're, I mean, or AWS or whatever, but they found that those abrupt lift and shifts, they could do them, but it didn't really work long term because if you want to be in the cloud or even if you want, you want, you want to go to Exchange Online From Exchange Server, SharePoint Online From SharePoint Server, you name it. When you do that lift and shift, you can go over, but you're moving systems that are designed for a certain way of operating on premises. You'd build for the high water mark. You spend Capex to buy servers, let them depreciate. That doesn't work the same way in these online services that ideally are more flexible. You can scale up, you can scale down, you can build all that in. So if you do that, you've got to spend time, money, effort, re engineering refactoring your systems to be effective in those environments, both to run well and be cost effective. And if you don't do that, it's going to cost you. We've seen lots of customers like hey, we moved everything to the cloud and now suddenly our bill is n number of times higher. And first off, Microsoft wants your money whether you're on premises or on in the cloud. So it's people are finding that moving to the cloud isn't always the cheaper thing. But if you want to optimize your cost, you've got to spend that effort. So just saying I can move here and get free Asus doesn't solve all your problems by any means.

B

Yeah, and I'd say even with Windows 10, you need to be able to identify the right user roles that can live with a virtual desktop. If you're talking about moving them to something like Windows 365, you need the right hardware matched to them. Do they need to run super powerful graphical applications or some weird custom application you've made? You still have to do that planning or at least post hoc re engineering and that that's still going to be a big cost. But it's also important to remember in the end it's not always about cost. A large customers. Sorry, there is still a small group of very large organizations that just can't move to Microsoft cloud no matter how cheap it is. And Jim referred to this at the beginning. There's customers who need to certify that their data centers meet certain standards. They can't do it for Microsoft Services. Microsoft Services are on very impressive data centers but you can't get the access to them necessarily to certify them for what you need. Or there's customers who just need to run completely disconnected from the Internet, air gapped. And these customers may well need to deploy ESUs and they are available, but they're not going to go to the Cloud because of ESUs because compliance and security in the end are trump any cost considerations.

A

Yeah, that's a good point, Rob. All right, on that note, I'm going to say thank you to our guests. Lots of great tips for those facing the ESU or not to ESU decision now and in the future. So thanks Rob and Jim hey, thanks for having us.

B

Yeah, thank you. This is fun.

A

I want to remind our listeners they can find lots more coverage of all things Microsoft related on directions on Microsoft.com thank you so much for listening. If you have questions, comments, or any topics that you would like to hear the Directions analysts cover in one of these podcasts, please do not hesitate to contact me via X or BlueSky. Directions on Microsoft is on LinkedIn, so make sure you give us a follow there. And we at Directions have converged our social media channels into a single platform, so give us a follow at Directions MSFT on X or Directions on Microsoft on bluesky if you want to keep up with all of the latest Microsoft Enterprise and licensing information. Thanks again, Sam.