Understanding Extended Security Update Options for Windows Server 2012

Windows Server 2012/R2, a cornerstone of server operating systems, reached its end-of-life on October 10, 2023. This cessation of regular security updates leaves systems vulnerable, as they are now exposed to security risks. If upgrading to a newer Windows Server version is not currently an option because your organization has legacy systems with custom-built or third-party applications that are not yet compatible with a newer OS, then understanding your options for Extended Security Updates (ESU) is crucial.

Servers that have reached the end of their life cycle without Extended Security Updates (ESU) become vulnerable targets for hackers and ransomware, posing a threat to both your company's and customers' data security.

Extended Security Update (ESU) Program

ESU for Windows Server provides critical and important security updates for up to 3 years post Extended support end date. These updates are not regularly scheduled but are released as needed when a critical security vulnerability is identified. Note that Unified Support does not cover ESU. Customers needing ESU must purchase it separately to receive technical support for products under the program. For detailed information on Windows Server 2012/R2 support end dates, visit the 'Windows Server 2012 R2 - Microsoft Lifecycle' page.

Obtaining and Implementing ESU

Free Extended Security Updates via Azure

Azure automatically enables applicable VMs for ESU, free of charge, for three years following the support end date. No configuration is needed, and ESUs are delivered automatically to Azure VMs set to receive updates. For information on migrating workloads to Azure, refer to Windows Server and SQL Server End of Support. To offset the cost of Azure VMs, organizations can utilize Azure Hybrid Benefit (AHB) for up to 40% savings.

Extended Security Updates through Volume Licensing

Organizations can acquire ESU licenses from their Enterprise Agreement (EA) reseller or a Cloud Solution Provider (CSP) partner. Qualification criteria include having active Software Assurance (SA) or active Subscription Licenses which are available through CSP and various other programs. ESU coverage is available in three consecutive 12-month increments post end of Extended Support. A downside of this option is the requirement for continuous coverage, meaning organizations cannot purchase Year 2 ESU licenses without first buying Year 1 ESU licenses. Once you purchase ESU via volume licensing you can access ESU Multiple Activation Keys (MAK) by following the detailed steps outlined at How to get Extended Security Updates (ESU) for Windows Server 2008, 2008 R2, 2012, and 2012 R2 | Microsoft Learn

Extended Security Updates enabled by Azure Arc

ESU via Azure Arc became available in September 2023, offering more flexibility than buying via volume licensing, as it is billed monthly through an Azure subscription. There is an upfront charge for late enrollment post-support end date. For example, if you want to transact Windows Server ESU in December 2023, you would be billed upfront from October 10, 2023, through December 2023. Azure Arc-enabled servers receive automatic updates without needing activation keys. Licensing options include per VM or physical server and you are not required to license the same way as the underlying OS, which may provide substantial savings compared to transacting ESU via volume licensing.

You can learn how to connect Windows Server 2012 to Azure Arc using Connect hybrid machines with Azure Arc-enabled servers and manage these ESU licenses as detailed in Deliver Extended Security Updates for Windows Server 2012 - Azure Arc. 

Final Thoughts

As Windows Server 2012 enters its post-support phase, understanding your options is critical for maintaining system security and functionality. Whether it's upgrading your Windows Server environment, migrating the workloads to cloud solutions like Azure, or exploring Windows Server ESU, having a knowledgeable partner like CloudServus by your side can help you make the right decision. We can evaluate your infrastructure and, based on our findings and your needs, provide you with recommendations. Contact us today to start a conversation!