The end of Windows 10 support has been an IT and security priority for a long time. But despite ample warning ant time to plan, the passing of the EOL support deadline earlier this month left millions of machines without protection. To understand how organizations managed the transition, Action1 analyzed one year of telemetry from all active endpoints across its platform. The study covered production environments in the United States, the European Union, and Australia, with data collected each month between October 2024 and October 2025. It’s an approach that has given us a detailed view of adoption trends and the pace of migration. The findings show real movement toward Windows 11 over the past year, but reveal a significant base of Windows 10 systems that remain in use and now present heightened security and business risk.
By October 2025, Windows 11 made up 74 percent of all Windows devices worldwide, meaning that 26 percent were still running on Windows 10, which no longer receives security updates. The pace of change over the past year has been notable. In October 2024, Windows 11 accounted for just 46 percent of endpoints. Adoption climbed month after month, increasing by 61 percent year over year while Windows 10 persistently lost ground.
The month-by-month view shows how the transition unfolded. In January 2025, Windows 10 and Windows 11 were almost equal in share. By February, Windows 11 pulled ahead and has steadily widened the gap ever since. The steepest decline for Windows 10 came over the summer, dropping from 36 percent of devices in July to 26 percent by October. That ten-point slide in three months highlights how momentum built as the support deadline approached.
The data also reveals that migration was steady rather than spiky. There were no dramatic surges in any one month, only consistent gains. The overall trend reflects deliberate planning rather than last-minute panic. For IT leaders, this suggests that many organizations built migration into broader refresh cycles and digital transformation programs. Even so, millions of systems remain on Windows 10 after end of support, showing how common it is for some workloads to lag behind.
The Risk (and Cost) of Delay
There are real risks in delaying migration. Once an operating system reaches the end of support, attackers often unleash exploits they had been holding back. October’s Patch Tuesday illustrated the scale of the threat, with Microsoft releasing fixes for 173 vulnerabilities, including nine critical and six zero-days. Several were already under active exploitation, such as a flaw in the Remote Access Connection Manager. Others, like the Agere modem driver vulnerability, were so fundamental that Microsoft removed the component entirely. A critical remote code execution flaw in Windows Server Update Services, rated at 9.8 on the CVSS scale, underscored how even core infrastructure can become the target.
Microsoft’s Extended Security Updates program provides a temporary option, but it is designed only as a bridge. Coverage is available for up to three years, with the cost doubling each year. That model encourages rapid migration rather than prolonged reliance. The program can provide breathing room for organizations that were unable to complete upgrades in time, but every additional year increases both financial and security exposure. Treating ESU as a destination rather than a short-term measure carries growing risks as time passes.
The consequences of keeping unsupported systems in production reach far beyond the IT team. Auditors will fail systems that cannot be patched. Insurers now factor the presence of outdated operating systems into their policies, often raising costs or limiting coverage. Regulators, especially in industries such as healthcare and finance, may view continued reliance on Windows 10 as negligence. When a breach does occur, customers and partners will want answers about why known risks were ignored. The financial toll of a ransomware attack tied to an unprotected operating system can easily outweigh the expense of new hardware and licenses.
Action1’s telemetry shows that many organizations are already moving in the right direction, but it also highlights how much work is left. The first step is a complete inventory of every machine still running Windows 10. Leaders then need to decide which can be upgraded to Windows 11, which must be replaced, and which could shift to virtualization or the cloud.
For machines that must remain on Windows 10 for the near term, isolation and layered defenses are essential. They should be removed from direct internet exposure wherever possible, restricted to only essential services, and monitored continuously with logs and audits. An incident response plan should assume that at least some of these systems may eventually be compromised.
Windows 10’s retirement is a measure of how well organizations manage technology lifecycles and how leaders set priorities. The choices made during this transition reflect an organization’s appetite for risk and its commitment to resilience. Delaying migrations can look like a savings in the short term, but the technical debt builds and becomes more expensive over time. Planned upgrades, on the other hand, create a stronger base for security, compliance, and cost control in the years ahead.
The Action1 research offers a clear snapshot of where the market stands today. With three-quarters of devices now on Windows 11, the trend line is set. The remaining quarter represents concentrated risk that will continue to attract attackers. Leaders who move decisively will not only reduce their immediate exposure but also strengthen the practices that support future technology shifts.
About Action1
Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.
In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.
