While paid Extended Security Updates (ESU) will remain available through October 13, 2026, that program only delays the inevitable - at a growing cost.
With over 400 million devices* still running Windows 10 as of late 2025, organizations around the world are facing a familiar dilemma: pay extra to stay temporarily secure, or take on the risk of running unpatched systems.
And it’s not just Microsoft stepping away. Many endpoint protection platforms - including Tanium and CrowdStrike - align their coverage with Microsoft’s support lifecycle, reducing protection and visibility as OS versions age out. When the operating system reaches end of life, so does full endpoint protection.
Even Windows 7, first released in 2009, still accounts for over 9% of Windows desktops worldwide** - proof that legacy systems linger long after official support ends.
They run mission-critical applications. They connect to delicate industrial networks. They’re often locked into regulatory certifications or hardware dependencies that make upgrades slow, expensive, or even impossible. E.g. from vendors that don’t exist any longer or don’t care to help.
As one of our manufacturing customers discovered, these systems can’t simply be “ripped and replaced” - yet leaving them unprotected wasn’t an option either.
For many organizations, that trade-off simply isn’t acceptable.
Once an OS and its endpoint agent(s) fall out of support, a quiet transformation happens: visibility fades.
No more patching.
No more telemetry.
No more containment.
Those endpoints effectively become invisible to your security stack - unmonitored, unpatched, and often still reachable inside your trusted network.
Attackers know this. Legacy systems become prime targets for lateral movement and ransomware propagation. The devices themselves may not hold sensitive data, but they can serve as bridges into the parts of your network that do. And because they are not simple to replace, this says that your business relies on this more than most other systems.
There’s a practical third option - one that doesn’t require replacing systems or accepting higher risk.
Zentera’s Zero Trust overlay provides protection above the operating system, allowing you to secure legacy and unsupported devices without touching the OS or re-architecting your network.
With Zentera’s CoIP® Platform, organizations can:
Even when your OS or endpoint tools stop protecting a device, Zentera keeps it secure, compliant, and operational.
The end of Windows 10 support - and the countdown to the end of ESU in 2026 - is a reminder of how fragile traditional, agent-based security really is.
Operating systems age. Vendor support expires. But Zero Trust overlays decouple security from product lifecycles, giving you a protection model that endures.
Whether you’re maintaining older IT infrastructure, industrial control systems, or specialized medical and manufacturing devices, you don’t have to choose between risk and disruption.
With Zentera, you can secure what you can’t replace - and future-proof your environment in the process.
** https://gs.statcounter.com/windows-version-market-share/desktop/worldwide/