Can't Upgrade from Windows 7? Mitigate in Other Ways

Microsoft ended support for Windows 7 on January 14, 2020 (see Windows 7 Retirement). If you still have a university device running Windows 7, upgrade now or mitigate risk with one of these options if upgrading is not possible:

  • Purchase extended support
  • Disconnect or isolate the machine
  • Move the machine to a protected network ((in internal IP space behind a firewall).

ITS will block access to the internet to and from devces running Windows 7 beginning February 14, 2020. If you purchase extended support or move your U-M device to a protected network, notify iia.vulnscans@umich.edu so we know not to block access to the device.

IMPORTANT! Do not use a machine running Windows 7 to store, access, or maintain sensitive data.

Purchase Extended Support

You can purchase Windows 7 Extended Security Updates (ESU) for university machines. Microsoft is making this option available to enterprise customers for a yearly fee. It allows you to receive critical security updates for an extended period while you make plans to upgrade. See ITS Software Store: Windows 7 Extended Security Updates (ESU) for details.

Disconnect or Isolate the Machine

If you decide against purchasing extended support, another mitigation option is to disconnect the machine from networks or otherwise isolate it.

  • Remove the computer or device from all networks. Unplug the network cable and disable all wi-fi capabilities. Label the computer to remind others not to connect the computer to the Internet or any other networks.
  • Use USB flash drives to transport data. Regularly scan these flash drives with anti-virus software to ensure that no viruses will be introduced to the Windows 7 machine.

If removing the computer from all networks is not possible, isolate it as much as possible. 

  • Isolate the computer or device to a protected network. Restrict access to and from the machine to allow only authorized users and systems. Put the device in internal U-M IP space behind a firewall.
  • Prohibit web and email browsing. Do not allow web browsers or email programs to be used to be used on the machine. Most threats to a computer are encountered on the web and in email. Label the computer to remind others that web browsing and email access is not permitted. 
  • Use encrypted USB flash drives to transport data. Regularly scan these flash drives with antivirus software to ensure that no viruses will be introduced to the Windows 7 machine.