Support for Windows 7 comes to an end on January 14, 2020, and to remain current and supported, customers need to make the shift to Windows 10. For help planning and deploying Windows 10, Microsoft offers guidance and other resources to accelerate the migration.
As a last resort option for volume licensing customers running Windows 7 (Professional or Enterprise) and Windows Server 2008 after the end of support date, Microsoft recently announced the Extended Security Updates (ESU) program. Security updates released under the ESU program will be published to Windows Server Update Services (WSUS).
This article describes software update management and OS deployment using Configuration Manager for clients covered under the ESU program. In general, products that are beyond their support lifecycle are not supported for use with any version of Configuration Manager as clients or in server roles. As such, following the end of support date for Windows 7 and Windows Server 2008/R2, these operating systems will no longer be tested nor supported with Configuration Manager.
For those clients covered under the ESU program, the latest released version of Configuration Manager current branch can be used to deploy and install Windows security updates released under the program and deploy supported OSes via operating system deployment (OSD).
Products that are beyond their support lifecycle aren't supported for use with Configuration Manager. This includes any products that are covered under the ESU program. Security updates released under the ESU program will be published to Windows Server Update Services (WSUS). These updates will appear in the Configuration Manager console. While products that are covered under the ESU program are no longer supported for use with Configuration Manager, the latest released version of Configuration Manager current branch can be used to deploy and install Windows security updates released under the program for Windows Server 2012 and 2012 R2 only. No further support is offered for computers running Windows 7 or Windows Server 2008/ 2008 R2, including customers with an additional further year of ESU support as noted in KB4522133
Frequently Asked Questions
Can older versions of Configuration Manager (2007, 2012) be used to deploy and install security updates released under the extended security updates program?
No. If you have a requirement to patch operating systems covered under the extended security updates program using Configuration Manager, migrate or upgrade to the latest released version of Configuration Manager (current branch).
Can all supported versions of Configuration Manager current branch be used to deploy and install security updates released under the extended security updates program?
No. Only the latest released version of Configuration Manager current branch should be used.
I plan to migrate my Windows 2008/R2 servers to Azure. Today, I patch them on-premises using Configuration Manager. Can I continue to patch them using Configuration Manager once I move them to Azure?
Yes, if you’re using the latest released version of Configuration Manager current branch.
Can I continue to use Configuration Manager for non-patch related client management?
Client management features not related to Windows patch management or operating system deployment will no longer be tested on the operating systems covered under the extended security updates program and we do not guarantee that they will continue to function. It is highly recommended to upgrade or migrate to a current version of the operating systems to receive client management support.
Can I continue to host distribution points on Windows Server 2008/R2?
No. Any active distribution points will need to be moved to a supported operating system before January 14, 2020, to continue to be supported by Configuration Manager. See Supported operating systems for Configuration Manager site system servers for more information.
Office 365 ProPlus will be supported on devices with active Windows 7 Extended Security Updates (ESU) through January 2023. Can I continue to manage Office 365 ProPlus on these devices with Configuration Manager current branch?
Where the customer has Office 365 ProPlus on devices with active Windows 7 ESU, ProPlus will continue to receive monthly security updates for the duration of the ESU. However, those customers will not continue to receive Office 365 ProPlus feature updates. The Office 365 management features in Configuration Manager will no longer be tested on operating systems covered under the ESU program and we do not guarantee that they will continue to function.
Additional Resources:
Extended Security Updates and Configuration Manager documentation
ESU FAQ for SQL Server and Windows Server 2008 and 2008 R2
Announcing new options for SQL Server 2008 and Windows Server 2008 End of Support
End of Support FAQ for Windows 7 and Office 2010
ESU Lifecycle FAQ
How to get Extended Security Updates for eligible Windows devices
Now is the time to make the shift to Microsoft 365
Microsoft Lifecycle Policy
Desktop Deployment Center
