Skip to content

End of Support Guidance for Windows Server 2012 (Dos & Don’ts)

Time to read: 10 mins

Page contents

    From October 10th, 2023, Microsoft ended its support for Windows Server 2012 and Windows Server 2012 R2.

    What, exactly, does this mean if your business is running workloads on Windows Server 2012?

    Following Microsoft’s End of Support (EoS) announcement, these products will no longer be eligible for security updates, non-security updates, bug fixes, technical support, and more. Impacted businesses will need to rapidly consider next steps and the future protection of their Windows Server 2012/R2 workloads.

    For timely EoS guidance on managing Windows Server 2012, we asked our Azure experts to explore the dos and don’ts on planning out your next steps as a business.


    What Does End of Support (EoS) Mean?

    According to Microsoft’s Lifecycle Policy, Business and Developer products, such as SQL Server and Windows Server, are offered 10 years of support. Broken down, this includes 5 years for ‘Mainstream Support’ and a further 5 years for ‘Extended Support’.

    Microsoft’s policy states that, after the end of an Extended Support period, businesses will no longer have access to patches or security updates. Consequentially, this can cause serious security challenges where customer applications and business data will be exposed to the modern threatscape.

    Broadly, efficient management of an infrastructure’s EoS is an urgent priority, especially where legacy systems pose a more substantial security risk. Regulatory compliance, as much as workload performance, also underscore why it is good practice to manage and optimise product lifecycles.

    Where customers are locked out and cannot upgrade, Microsoft is offering Extended Security Updates (otherwise known as ESUs). These will last for up to 3 years and the goal of an ESU is to ensure that Microsoft customers remain secure whilst using unsupported software versions.

    Ultimately, Extended Security Updates, or ESUs, are critical in keeping users secure and up-to-date on Microsoft technologies that fall outside of support.

    What’s Included in Extended Security Updates (ESUs)?

    For customers entering unsupported software, ESUs are a temporary resolution that come with benefits and limitations. It is, therefore, imperative that businesses first plan to understand what ESUs include (and what they exclude).

    Windows Server 2012 EOS Guidance

    The “Dos” of Extended Security Updates:

    • Microsoft acknowledges that ESUs include a “provision of Security updates and Security Updates Severity Rating System”. As an alternative to an update, ESUs offer critical security coverage when customers run legacy software beyond their supported windows.
    • ESUs will only be distributed on strict availability.
    • Whilst technical support is not included within the scope of an ESU, other Microsoft support plans and assistance may be applicable.
    • In some instances, security patching may be requested from Microsoft.

    The “Don’ts” of Extended Security Updates:

    • Customers on ESUs should expect to be excluded from new features.
    • Even design change requests will not be included within an ESU.
    • Limited technical support means customers should expect that Microsoft assistance may be narrow when they run legacy software.

    A Brief Background on Microsoft Technologies

    All Microsoft products that have been onboarded through various licensing and retail schemes, like their competitive counterparts, have a lifecycle.

    A ‘lifecycle’ captures the timescale from the moment a product launches until its planned obsolescence. Microsoft products like Windows Server 2012 have followed the same arc, with a forecasted End of Life (or EoL) period and corresponding extended support dates, including qualifying extended security updates.

    Common reasons for using unsupported or legacy Microsoft products include:

    • Budgetary limitations for new software.
    • Skills shortages that mean businesses cannot confidently assess and review new product versions.
    • A mentality that buying net new products is unnecessary where legacy versions are still working.

    Historically, there has been only one option for customers trying to qualify for Extended Support (including Extended Security Updates), which involved Software Assurance via licence enrolments. This would include either:

    • a Cloud Solutions Provider (CSP);
    • an Enterprise Agreement (EA);
    • a Server and Cloud Enrolment (SCE);
    • or an Enterprise Subscription Agreement (ESA)

    If your business is planning product updates in the near future and needs ESU for Windows Servers, there are ways to remain secure.

    What’s Next for Legacy Windows Server 2012 Users?

    Unsupported and legacy product users have multiple options when considering their next steps. CSI’s Azure experts have identified four upgrade options that will ensure servers can continue to receive security updates from Microsoft for Windows Server.

    1. Rebuild your server with the latest operating system (OS)
    2.  Purchase an Extended Support option with Microsoft via a supported Microsoft Licensing program
    3. Move your server to Azure and use the extended support option built into Azure
    4. Use Azure Arc to manage on-premises servers and then purchase ESU SKUs via Microsoft Licensing programs


    What are the Risks of Using Legacy Windows Servers?

    EoS planning is critical to businesses across every vertical, where failure to plan ahead for updates and upgrades can result in expensive and risky outcomes.

    The Risk of Unsupported software

    When software falls outside of its supported window, vendors like Microsoft typically discontinue technical guidance, assistance and customer service. With the removal of technical support, businesses will find it challenging to resolve and troubleshoot system errors and will become frustrated by undesirable performance issues, security vulnerabilities, compliance headaches and general inefficiencies.

    The role of regular patching and updates goes beyond beneficial security enhancements and includes improved functionality over time, as well as optimised system stability.

    The Risk of Disruption (& Business Continuity)

    It can all depend on where you run mission critical workloads, but unmanaged EoS software can result in business disruption, where everything from employee productivity stats to customer satisfaction can be negatively influenced.

    Unplanned EoS increases the likelihood of unexpected system downtime and failures, including software compatibility issues. Foreboding downtime risks can mean that a business’s critical systems unexpectedly stall, causing lost revenue. Whereas proactivity in EoS planning means circumventing costly disruption, so that operations can focus on delivering high quality products and services into their markets.

    The Security Problem with EoS

    Ongoing, regular patching and updates are the cornerstone of effective, secure software systems. When a product becomes unsupported and is no longer eligible for crucial security patches, the risk of an emerging threat grows. Malicious threat actors prey on system vulnerabilities that are present in legacy products.

    Managing EoS can be seen as a kind of security control or measure, mitigating the chances of a data breach or compromise, or even unauthorised access.

    Key Dates to Remember

    Windows Server 2012 EOS Dates

    CSI’s Guidance for Windows Server 2012 Users

    EoS planning for Windows Server 2012 can be hugely daunting with the associated security and performance risks as this legacy product becomes discontinued in the market. For Microsoft users unsure about their next step, get in touch today for no-obligation chat with one of our Azure experts.

    CSI has mapped out options to ensure your systems remain secure and performant into the future.

    About the author

    Mike Bellido

    Lead Public Cloud Architect

    Mike is CSI’s Lead Public Cloud Architect

    Ready to talk?

    Get in touch today to discuss your IT challenges and goals. No matter what’s happening in your IT environment right now, discover how our experts can help your business discover its competitive edge.