Windows 10 hits end‑of‑life (EoL) in October 2025. After that, no more free security patches—leaving unsupported devices as soft targets for ransomware and likely breaching cyber‑insurance conditions. For a 50‑seat Sydney business, a rushed, last‑minute upgrade can cost more than a planned rollout. This guide gives you a step‑by‑step checklist, a 90‑day sample timeline, and a free Google Sheet template to keep everything on track.
Need a hand planning or resourcing the upgrade?
Book a Windows 10 Upgrade Consult → /it-consulting-sydney/
(Sticky CTA recommended on scroll.)
Why the Deadline Matters (Licence, Security, Compliance)
- Security: Once EoL hits, Microsoft stops releasing monthly patches. Unpatched endpoints break Essential Eight “Patch Operating Systems” guidance and spike breach risk.
- Compliance & insurance: Many insurers now ask if any production systems run unsupported OSs. A “yes” answer can void claims or inflate premiums (see ACSC guidance at cyber.gov.au).
- Licensing & cost: Extended Security Updates (ESU) will exist—but they’re a short-term bandage with escalating per-device fees.
- Operational impact: Legacy drivers and VPN clients often fail on Windows 11 unless you test early, causing unexpected downtime later.
Prerequisites: Hardware, Licensing, App Compatibility
Before touching a single machine, confirm these fundamentals.
Area | What to Confirm | Tool / Source | Tick |
Hardware spec | TPM 2.0, Secure Boot, supported CPU | tpm.msc, OEM docs, PC Health Check | ☐ |
Warranty status | Within 3 years or extended? | RMM / asset register | ☐ |
Licensing | Windows 11 / ESU budgeted | M365 Admin Centre / vendor quotes | ☐ |
App compatibility | Line-of-business, VPN, drivers | Vendor statements, pilot tests | ☐ |
Identity & security | Entra ID MFA, Conditional Access in place | Entra Admin Portal | ☐ |
Backups | Full image / file backups verified | Backup console logs | ☐ |
Tip: Map each device to a path—Upgrade, Replace, Retire/Virtualise—in your sheet. It makes budgeting and scheduling realistic.
8‑Step Migration Checklist (HowTo)
Step 1 – Audit Devices & Warranties
Export your fleet list from Intune, SCCM or your RMM. Capture make/model, CPU, RAM, storage, warranty end, and user owner. Tag devices older than five years for likely replacement. This inventory becomes the backbone of your budget and timeline.
Step 2 – Budget & Licensing Plan
Estimate CapEx for hardware refreshes and Opex for licences. Include contingencies for ESU if leadership delays rollout. Consider Microsoft 365 Business Premium or E3/E5 plans that bundle Windows licensing to simplify costs.
Step 3 – App Compatibility & Testing
List all critical apps (ERP, CAD, legacy VPN). Check vendor Windows 11 support statements, then run a small lab test. Where vendors are silent, plan for shim solutions or upgrades. Don’t forget printer drivers and label software—common last-minute blockers.
Step 4 – Data Backup & Imaging
Confirm recent image-level backups for each device group. Create a golden Windows 11 image (or Autopilot profile) with baseline policies and software. Test full restore on a sacrificial device to ensure data integrity.
Step 5 – Pilot Group Deployment
Select 5–10 pilot users from different departments—finance, ops, sales. They’ll stress different apps and workflows. Collect feedback via a short form: issues, training gaps, performance notes. Freeze changes to the image once stable.
Step 6 – Company-wide Rollout Timeline
Roll out in waves—by department, site or hardware cohort. Schedule after-hours cut-overs or weekend batches to minimise disruption. Use staged rings in Windows Update for Business or Intune to throttle bandwidth and updates.
Step 7 – Staff Training & Comms Pack
Distribute a “Windows 11 quick-start” PDF or short Loom video. Run a 15‑minute lunch-and-learn to demo UI changes (centre Start menu, settings) and Copilot/Teams enhancements if relevant. Good comms cut help-desk tickets dramatically.
Step 8 – Post-Migration Hardening & Patch Cadence
Once all devices are live, enforce your new security baseline: BitLocker, Credential Guard, admin restrictions, patch within 14 days. Re-run your Essential Eight self-assessment (link internally to your checklist post) and document control evidence for auditors and insurers.
Common Roadblocks & Fixes
Issue | Symptom | Quick Fix |
Legacy VPN clients | Users can’t connect post-upgrade | Use vendor’s Win11 client or switch to SSL VPN with modern auth |
Old peripherals (printers, scanners) | Missing drivers | Install universal drivers, pre-load during imaging |
Licences won’t activate | Activation error codes | Check KMS/MAK keys, force Entra ID sync (Start-AADSyncSyncCycle) |
Bandwidth bottlenecks | Slow downloads during rollout | Use local Distribution Points / Delivery Optimisation |
FAQ
Can I simply pay to keep Windows 10 secure?
Yes—Microsoft’s ESU program sells yearly patches, but costs rise and it’s still a stop-gap. Plan to migrate.
What are the minimum specs for Windows 11?
TPM 2.0, Secure Boot and a supported CPU list from Microsoft (see learn.microsoft.com). The PC Health Check app flags unsupported hardware.
How long will a 50-seat upgrade really take?
Allow 6–10 weeks: inventory (2), pilot (2), phased rollout (4), plus contingency. Larger fleets add time for logistics.
Do I need new Office licences?
If you’re on Microsoft 365 Apps (Business or Enterprise), you’re covered. Perpetual Office 2016/2019 are nearing support end; evaluate an M365 move.
Free Migration Timeline Template
Plan your upgrade with our Google Sheet—includes device inventory, budget calculator and 90‑day Gantt.
Download the Windows 10 Migration Planner (Google Sheet) – email-gated
Or talk to us for a fully managed rollout: /it-consulting-sydney/
Written by Sophie Lin, Microsoft 365 Solutions Consultant – CodeHyper
Internal links to add:
- Essential Eight checklist: /essential-eight-checklist-2025/
- Cybersecurity services (for patching tie-in): /cybersecurity-services/
