The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Software Asset Management: The alternative to the Windows 7 (further) extended support date

 By Sean Robinson of License Dashboard

Last month, Matt Barlow, Corporate Vice President at Windows confirmed it will begin prompting users still running Windows 7 to visit Microsoft sites to understand their options regarding the upcoming end-of-support date. Mainstream support ended in 2015 and the extended support date of 14 January 2020 – now less than a year away – is looming, putting pressure on IT teams to update their organization’s standard operating system.

When support ends, so does security

High profile data breaches, such as the NHS’s battle with the WannaCry malware in 2017, mean that the topic of cyber security has been thrust into the news. Never has the public been so aware of, and companies so scrutinised for, the damage ransomware can cause – it’s now regarded as one of the biggest threats to business. Many ransomware attackers can gain access to an organization’s network via weak, unsecured operating systems and take down their entire IT infrastructure.

During the mainstream support period, Windows 7 users were provided with security updates as well as new features and other complimentary support. While many of those benefits stop during the extended support period, security updates, bug fixes and patches are still included. When the support period comes to an end, so too do the security updates – leaving organisations at risk of hacks, breaches, and data leaks across their business.

Extending Extended Support

Microsoft offered customers the opportunity to upgrade to Windows 10 for free and, although Windows 10 market share has reportedly now surpassed that of Windows 7,  it seems many users did not take advantage of the offer, nor are they prepared for 14 January 2020.

To help mitigate this, Microsoft have offered an extension on the extended support, with the Windows 7 Extended Security Updates (ESU) plan available for purchase from 1 April 2019. Sold on a per-device basis, Microsoft offer two flavours:

Windows 7 ESU for M365 – for those licensed for Windows Enterprise

Windows 7 ESU – for those licensed for Windows Pro

Pro tip: Although the name “ESU for M365” might suggest they are applicable only to those with licenses for Microsoft 365, the Microsoft Product Terms document states:

Windows 7 ESU…for M365 licenses may only be assigned to devices with active Software Assurance or used exclusively by users with Windows Enterprise or M365 SLs

In an effort to dissuade organisations from relying on this support extension, the ESU licenses double in price each year:

WIndows 7 ESU (Extended Security Updates) costs per annum

Windows 7 ESU costs

Example

An organization licensed for Windows 10 E3, with 1,500 remaining Windows 7 devices, would pay: $37,500 in year 1, $75,000 in year 2, and $150,000 in year 3 – giving a total of $262,500 for 3 years of additional Windows 7 support. Probably not a wise financial decision for any IT team.

Attackers are targeting Windows 7

Tanmay Ganacharya, Principal Group Manager of Windows Defender Research explained that modern threats and older platforms don’t mix, and that Windows 7 simply doesn’t have the levels of defense that Windows 10 offers. This graphic, taken from the Microsoft blog post, shows the Ransomware encounter rate – that is, “the percentage of computers running the OS version with Microsoft real-time security that blocked or detected ransomware”. It’s clear to see that Windows 7 devices are being targeted over and above Windows 10.

  1. Taken from https://www.microsoft.com/security/blog/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/

The bottom line is this: If your organization is running software that isn’t supported by any Windows version above 7 – irrespective of how business critical that software is – the software must be replaced or modified in its delivery to ensure it doesn’t become unsupported and therefore a security risk to your organization.  As the cost of changing a business process or rolling out a new version of a piece of software can be high, other alternatives could be considered. For example, Microsoft is offering extended support for free as long as it’s redeployed within Azure. Deploying software utilising Citrix in Azure for application virtualisation, therefore, could be an upgrade alternative, and avoids the associated costs. Organizations should look to validate the costs of an upgrade against redeployment within Azure and procurement of Extended Support, evaluating not only software and online service costs but also consultancy and migration costs.

Software Asset Management and your upgrade plan

If an IT team doesn’t know what’s deployed, it can’t know what needs to be upgraded. Software Asset Management offers visibility of the entire IT estate, so identifying devices and their current state – including what’s deployed, how it’s used, and its operating system requirements – any further necessary upgrades will also become apparent.

A Windows upgrade could also be an opportune time for a license review – for example, would user-based Windows licenses be more cost-effective that device-based? Equally, using SAM to keep track of post-upgrade license consumption to prevent over-licensing will help protect precious IT budget, which could go some way to covering the potential costs associated with the new “Windows-as-a-Service” delivery method of Windows 10.

email

About Sean Robinson

Sean has over 12 years’ experience of delivering SAM consultancy to organizations worldwide and is a founding director of specialist tools vendor, License Dashboard.

2 Comments

  1. Paul DeGroot says:

    One thing that a lot of SAM tools may not capture is the OS that actually shipped with the PC. Given that Windows 10 came out in August 2015, nearly four years ago, it’s quite possible that that 80%–or even all, depending on their hardware refresh cycle–of an organization’s PCs are already licensed for Windows 10. Most organizations would have continued re-imaging their PCs with Windows 7 for a few years, but those PCs may actually be licensed for Windows 10. Checking invoices for new PCs purchased in August 2015 or later may reveal that. Customers in this situation don’t need to purchase a new OS–they can upgrade existing PCs to at least Windows 10 Professional or to Windows 10 E3 if they have maintained Software Assurance on it.

  2. Sean Robinson says:

    Totally agree with your comments and approach Paul, thanks for pointing this out.

Leave a Comment