What is ESU?
The Windows 10 Extended Security Updates (ESU) program gives customers the option to receive security updates for PCs enrolled in the program. ESU is a paid program that provides individuals and organizations of all sizes with the option to extend the use of Windows 10 devices past the end of support date in a more secure manner.
To be eligible to install updates from the ESU program, devices must be running Windows 10, version 22H2
Failing to report or failing to have the “technical safeguards” (like an updated OS) to prevent the breach can result in fines of up to $100,000 per violation for the institution and $10,000 for individual officers
In the financial world, trust is built on security and efficiency. As we move deeper into 2026, staying on Windows 10 isn’t just a matter of “old software”—it’s becoming a documented business risk.
How to Setup Extended Security Updates
Phase 1: Pre-requisites & Cleanup
- Verify OS Version: Ensure every machine is on Windows 10, version 22H2. (Run
winverto check). - Install Baseline Updates: Machines must have the August 2025 Cumulative Update (or later) and the latest Servicing Stack Update (SSU) installed.
- Hardware Audit: Identify machines that can support Windows 11 but haven’t been upgraded yet—prioritize these for a free upgrade instead of paying for ESU.
Phase 2: Licensing & Acquisition
- Purchase ESU Licenses: Log into the Microsoft 365 Admin Center (under Billing > Purchase Services) or contact a CSP (Cloud Solution Provider).
- Retrieve the MAK Key: Go to Billing > Your Products > Volume Licensing to find your 5×5 Multiple Activation Key.
- Document the Year 1 Activation ID: For 2026 (Year 1), the Activation ID is:
f520e45e-7413-4a34-a497-d2765967d094.
Phase 3: Deployment & Activation
- Manual Activation (Small Agencies): Run an elevated Command Prompt:
slmgr.vbs /ipk <Your_ESU_MAK_Key>(Installs the key)slmgr.vbs /ato f520e45e-7413-4a34-a497-d2765967d094(Activates the ESU)
- Mass Deployment (Intune/RMM): Push a PowerShell script to automate the
slmgrcommands across the fleet. - Registry Check: Ensure the
EnableESUSubscriptionCheckregistry key is set to1at:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\ESU.
Phase 4: Verification & Monitoring
- Confirm License Status: Run
slmgr.vbs /dlvon a sample of machines to ensure the status says “Licensed.” - Audit Updates: Check that “Security Intelligence Updates for Windows 10” are successfully downloading via Windows Update or your RMM tool.
- Set a 2027 Calendar Invite: Set a reminder for September 2026 to purchase “Year 2” licenses, as they are cumulative and required for continued protection.
check out our post here
- How to Setup Extended Security Updates (ESU) For Your Agency
- Windows 11 update requirement for insurance agencies
- South Eastern Michigan Insurance Agency’s March 2026 IT Checklist
- What does a Written Information Security Plan (WISP) do to protect your business?
- ADHD and Business Ownership
4. What can a competent MSP do better than your cousin or a corner break/fix computer store?
Trying to manage this in-house is increasingly impossible for mid-market firms. An MSP provides the “compliance-as-a-service” layer you need:
| Requirement | How We Solve It |
| Audit Readiness | We provide real-time dashboards and logs that are “auditor-ready” at a moment’s notice. |
| Vendor Risk Management | We vet your third-party software (SaaS) to ensure they meet the same high standards you do. |
| Incident Response | We provide the 24/7 monitoring and the formal “Incident Playbook” required by law. |
| Regulatory Mapping | We map your IT controls directly to frameworks like GLBA, NYDFS, or CMMC. |
The Bottom Line, Windows 11 update requirement for insurance agencies is necessary
Compliance is not a destination; it is a pulse. If your technology isn’t being monitored, patched, and audited in real-time, you are falling behind the regulatory curve.
Is your current IT setup ready for a surprise SEC or FINRA audit tomorrow?
We Can Help
Book your non intrusive evaluation today so we can help you find the gaps your company needs to patch