Windows 10 End of Life
Posted by on | Featured | No Comments

Why Windows 10’s End of Life Matters for Cyber Essentials Plus

Microsoft officially ended support for Windows 10 on 14 October 2025, marking a major shift for organisations working toward Cyber Essentials Plus (CE+) certification. Without free security updates or patches, Windows 10 devices now pose a compliance risk – unless covered by Microsoft’s Extended Security Updates (ESU) programme.

For CE+ applicants, this change is more than a technical footnote. It directly affects your certification status. Devices running Windows 10 are no longer considered secure by default. To remain compliant, organisations must upgrade to Windows 11 version 23H2 or newer (ideally 24H2 or 25H2).

If your CE+ audit is scheduled within the 90-day window following your Cyber Essentials certification, any Windows 10 devices must be upgraded or removed from scope before submitting your asset list to the auditor.

“CyberLab’s team thoroughly and efficiently supported us in bringing best practice to our security processes. With a consultative approach, they guided us to modify and improve our existing processes to make Delvify a more robust and more secure organisation.”

– Charles Allard, Founder at Delvify

Why It Matters

Auditors will now perform technical verification during CE+ assessments.
 
If Windows 10 devices are detected:
  • They must be excluded from scope.
  • Failure to do so could result in audit failure or the need to restart both Cyber Essentials and CE+ assessments.

What You Need to Do Now

To stay secure and compliant, here are your next steps:
  • Audit your device inventory: Identify any machines still running Windows 10.
  • Upgrade to Windows 11: Preferably version 24H2 or 25H2. Note that 23H2 reaches end of life on 11 November 2025, so plan accordingly.
  • Consider ESU: If upgrading isn’t feasible, explore Microsoft’s Extended Security Updates programme.
  • Communicate with your auditor: Be transparent about your upgrade plans and ensure your asset list reflects only compliant devices.
This transition is a critical moment for organisations aiming to maintain Cyber Essentials Plus certification. By acting now, you’ll avoid last-minute surprises and ensure your systems meet the latest security standards.
 
Need help navigating the upgrade or preparing for your CE+ audit? CyberLab’s team is here to support you.

Detect. Protect. Support.

Get Cyber Essentials Certified with CyberLab

✅ 1,400+ Successful Certifications

✅ Free Gap-Analysis & re-test

✅ 100% UK-based Assessors

Get Certified

Delvify Achieves Cyber Essentials with CyberLab

Delvify partnered with CyberLab to strengthen its cyber security, ensuring resilient operations for its global fashion tech platform and achieving Cyber Essentials certification.

Read Success Story

Leave a Reply

You must be logged in to post a comment.