Microsoft is warning businesses running Windows 10 devices connected to Windows 365 Cloud PCs and Frontline Cloud PCs they must update systems by November 11, 2025, or risk losing access to Patch Tuesday security updates.
Impacted are laptops, desktops, and thin clients that connect to Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs. Windows 365 Cloud PCs are virtual Windows machines that live in Microsoft’s cloud that users connect to via a laptop or similar thin client via a remote connection.
For IT teams, failure to take action translates to unpatched systems and losing vital external attack surface defenses for endpoint-to-cloud security devices.
Windows 365 Enterprise Cloud PCs are dedicated, fully managed virtual desktops designed for large organizations that need continuous access, advanced security, and integration with Microsoft Intune. Windows 365 Frontline Cloud PCs, introduced in 2025, are targeted at firms with large shift-based and part-time workers in sectors such as retail, healthcare, and call centers.
“Action is required in order for these devices to install the upcoming November 2025 Windows security update, which will be available on November 11, 2025,” Microsoft wrote.
The Microsoft bulletin warns impacted Windows 10 devices are those accessing Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs in “dedicated mode”. Dedicated mode means that a Windows 365 Cloud PC is assigned to a single user’s virtual desktop in the cloud. This differs from a pooled configuration where multiple employees share a single virtual machine – typical in call centers or shift work settings.
Microsoft did not disclose how many customers or endpoints might be impacted. Analysts project the broader “cloud desktop” segment to grow at a compound annual growth rate of around 8 percent through 2032, underscoring the increasing role these virtual desktops play in enterprise IT strategy, according projections published by Red Fox Report.
Enroll, or Else
Microsoft says customers must enroll devices in its Extended Security Update (ESU) program. Microsoft’s ESU program is a paid subscription that lets organizations and individuals keep receiving critical and important security patches for Windows 10 after its official end-of-support date (October 14, 2025). It’s designed as a short-term bridge for those who can’t immediately upgrade to Windows 11 or newer versions.
The policy marks a key transition as Microsoft phases out mainstream support for Windows 10 on October 14, 2025. Organizations that miss the ESU deadline could see their devices drop out of compliance, exposing them to unpatched vulnerabilities and disrupting access to business-critical cloud environments.
Microsoft does not publish how many Cloud PC seats it supports, but partner commentary suggests systems have reached roughly one-third of its enterprise customer base for Windows 365.
Microsoft’s update enforcement signals how cloud licensing is becoming the new control plane for patch management.
Free vs. Fee Extended Protection
While dedicated endpoints are entitled to free Extended Security Updates shared or pooled systems don’t qualify. Dedicated endpoints are those that rely on a one-to-one setup, where the same user logs in with the same Microsoft Entra ID.
To get Windows 10 security updates for free, your device has to be linked to Microsoft’s cloud and meet the following requirements:
- Be connected to a Windows 365 Cloud PC (Enterprise or Frontline),
- Be signed in with the same Microsoft Entra ID account used for that Cloud PC.
- Be joined to Microsoft Entra (Microsoft’s modern cloud identity system).
- Have a small policy enabled by your IT admin that proves the device is enrolled for Extended Security Updates (ESU).
Stay on point and visit the latest SecPo Marketplace headlines.
