Licensing, Microsoft,
Short Answer
Microsoft Extended Security Updates (ESU) are fee-based subscriptions that grant organizations access to important and critical security patches released after a Microsoft product goes End of Life (EOL).
In-Depth Answer
The current fixed lifecycle policy for the availability of support updates, specific to security patches, is:
Many IT professionals find Microsoft’s lifecycle generous compared to other publishers who charge for updates, often beginning at product release. However, the Extended Security Updates (ESU) offering can be costly, with annual fees equivalent to a new license costs and Software Assurance (SA) requirements at 25-29% of the license cost.
Initially, Microsoft offered ESU subscriptions for desktops using a ramping cost structure, and for servers at 75% of the license price, payable annually. In 2023, Microsoft tinkered with server pricing, at one point reaching 125% of the license cost before settling on the current “ESU=license” cost model. Monthly subscriptions, newly introduced in 2023, require systems to be connected to Azure through “Azure Arc” which may be prohibited in some organizations.
To avoid ESU, often called the “security patch tax,” organizations can isolate using security measures, or they can get ESU for free, if systems are run in Azure. This offer is often used by Microsoft sales teams to steer customers toward Azure, especially if systems are in other cloud environments like AWS, GCP, or OCI. Contrary to a common misconception, other cloud providers do not cover ESU costs or apply patches to EOL systems.
Organizations should review Microsoft EOL dates for on-premises and non-Azure hosted systems during annual budgeting. Expertise is recommended due to the complexity of ESU calculations and associated licensing requirements. Remend experts have a long history of working closely with customers to build budgets and optimize spend.
Remend is here to help.