Unsupported software does not receive security updates, putting your computer at risk. Computers running unsupported operating systems are vulnerable to attack and will become increasingly vulnerable over time.
Windows 10 Versions 1803 and 1809
Microsoft ended support for Windows 10 versions 1803 and 1809 on May 11, 2021. This applies to the following editions of Windows:
- Windows 10 Education, version 1803 and version 1809
- Windows 10 Enterprise, version 1803 and version 1809
- Windows 10 IoT Enterprise, version 1803 and version 1809
These editions no longer receive security updates. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported.
Windows 7 and Server 2008/2008 R2
Microsoft ended support for Windows 7 and Server 2008/2008 R2 on January 14, 2020.
November 2020 Update
MiWorkspace and MiServer Managed OS can no longer manage extended support for Windows 7 and Windows Server 2008 after January 2021, as the update management software they use cannot push out the updates after this date. The MiWorkspace and MiServer teams have been communicating with customers affected by this.
If you will purchase a third year of extended support (contact ITS Software Licensing through the ITS Service Center for purchasing details), please send a list of the machines to be covered to [email protected] so that ITS does not block internet access to them. Be aware that Microsoft is doubling the cost of extended support each year and will end extended support in January 2023.
Internet Access to Unmitigated Machines Blocked
- Unmitigated machines were placed in an Active Directory (AD) computer group in batches beginning February 14.
- On February 14, 2020, ITS applied a global Group Policy Object (GPO) to the machines in that AD computer group. Blocking was implemented incrementally through February 21 by adding machines to the AD group. (Microsoft AD GPOs are a means of applying a collection of settings and configurations to a group of machines.)
- Access to and from the internet for those machines is blocked. Access within protected U-M networks remains available for now.
- If a threat develops that puts the university at risk, more restrictive blocks may be applied.
Windows 7 Mitigation Options
- Upgrade the device to Windows 10.
- Purchase a third year of extended support (contact ITS Software Licensing through the ITS Service Center for purchasing details) and notify IA. Send a list of the machine names to [email protected].
- MiWorkspace and MiServer Managed OS can no longer manage extended support for Windows 7 after January 2021 as the update management software they use cannot push out the updates after this date.
- Microsoft will double the cost of extended support each year and end extended support in January 2023.
- For details, see Microsoft: FAQ about Extended Security Updates for Windows 7.
- Remove the device from U-M networks and update Active Directory (AD). If you decommission a UM-managed device, be sure to remove the associated object from AD so we know it was decommissioned.
- Move the devices to a protected network and notify IA ([email protected]). A protected network is one that is in internal IP space behind a firewall.
Windows Server 2008/2008 R2 Mitigation Options
- Upgrade the servers.
- Migrate to Microsoft Azure (where Microsoft is offering extended support at no charge).
- Purchase a third year of extended support (contact ITS Software Licensing through the ITS Service Center for purchasing details) and notify IA. If you purchase extended support for a U-M server, please let us know which machines are covered so we do not block them. Send a list of the machine names to [email protected].
- MiWorkspace and MiServer Managed OS can no longer manage extended support for Windows Server 2008 after January 2021 as the update management software they use cannot push out the updates after this date.
- Microsoft will double the cost of extended support each year and end extended support in January 2023.
- For details, see Microsoft: How to use Windows Server 2008 and 2008 R2 extended security updates (ESU).
- Remove them from U-M networks and update Active Directory (AD). If you decommission a device, be sure to remove the associated object from AD so we know it was decommissioned.
- Move the devices to a protected network and notify IA ([email protected]). A protected network is one that is in internal IP space behind a firewall.