Microsoft Windows
Microsoft Office
Office for Mac
Windows Server
So here’s the deal with Server 2016. Microsoft stops all security updates on January 12, 2027. Not slowing down, not reducing—stopping completely. After that date your server still runs, sure, but every new security hole stays wide open.
We’re about 13 months out from that deadline. That sounds like plenty of time until you factor in testing, budgets, and the reality that IT projects always take longer than planned.
The Timeline
Server 2016 came out in October 2016. Microsoft committed to 10 years of support total—the first 5 years are called “mainstream,” where you get features and fixes, and the second 5 years are called “extended,” where you only get security patches.
Mainstream ended in January 2022. We’ve been in extended support since then. That ends January 12, 2027 for all editions—Standard, Datacenter, Essentials, all of them.
Why You Should Care
Look, the server doesn’t brick itself in January 2027. It boots fine. Applications run. But here’s what changes: Microsoft discovers maybe 50-60 vulnerabilities per year across Windows Server. Normally they patch those. After the end of support? Those holes just… exist. On your system. Forever.
Think about WannaCry back in 2017. That thing spread specifically because people hadn’t patched their systems. And patches existed! Now imagine zero patches available at all. That’s where Server 2016 heads in 2027.
The Compliance Problem
If you deal with GDPR, HIPAA, or PCI-DSS, there’s a real problem here. All of them require you to maintain “appropriate security measures.” Running an operating system that literally cannot receive security updates… auditors don’t love that. GDPR fines hit €20 million or 4% of revenue. HIPAA goes up to $1.5 million per violation type. PCI wants patches within 30 days—hard to comply when patches don’t exist.
Software Compatibility
Microsoft 365 Apps already dropped Server 2016 back in October 2025. SQL Server 2022 installs technically, but good luck getting support if something breaks. Other vendors follow Microsoft’s lead. Expect more “not supported on Server 2016” notices in coming months.
Insurance Angle
Cyber insurance policies increasingly have clauses about running supported software. A breach happens on your unsupported Server 2016? Claim denied. You eat the whole cost yourself.
Extended Security Updates—The Bridge Option
Microsoft sells something called ESU (Extended Security Updates). Basically you pay them to keep sending security patches for up to 3 more years after the official end of support.
Catches: you only get security fixes. No bug fixes, no features, and no technical support beyond patch-related issues. And pricing—year one runs about 75% of what you paid for the original license. Year two roughly doubles. Year three doubles again. Do the math and three years of ESU often costs more than just buying new Server 2025 licenses outright.
One exception worth knowing: Azure VMs get ESU free. If cloud migration was already on your radar, that’s a decent incentive to move sooner.
Upgrade Options
Realistically you’re choosing between Server 2022 and Server 2025.
Server 2022 has been out since September 2021. Support runs to October 2031. It’s mature; most enterprise apps are certified for it, and bugs are known quantities at this point. You get secured-core security features, TLS 1.3 default, and improved containers. Solid choice if stability matters more than having the newest stuff.
Server 2025 dropped in November 2024. Support goes all the way to October 2034—the longest runway available right now. Has a Windows 11-style interface, Bluetooth support, and better Azure integration. Makes sense for new infrastructure or if you want maximum years before dealing with another migration.
Neither choice is wrong. Server 2022 if your apps need it or you want proven stability. Server 2025 if you’re starting fresh or want the longest support window.
Migration Approaches
In-place upgrade is the fastest. Run the installer; settings and data stay put, done in a couple hours per server. Risk: you bring along whatever legacy config weirdness existed before. Test somewhere non-production first.
Side-by-side means building new servers in 2022/2025, moving everything over, and decommissioning old hardware. It takes longer and needs more resources, but you get a clean setup and old servers stick around for rollback if needed.
Cloud migration—move workloads to Azure or AWS instead of new on-prem hardware. Azure gives free ESU as a bonus. Trade upfront hardware cost for monthly bills. Works well if the cloud was already in your plans; less great if you have data sovereignty concerns or if long-term cloud costs exceed on-prem.
Rough Timeline
Now: figure out how many Server 2016 boxes you actually have. What runs on each? Who owns them?
6-12 months before the deadline: prioritize anything internet-facing or holding regulated data. Migrate those first.
3 months out: wrap up testing, confirm rollback procedures, and only buy ESU if you genuinely cannot finish migration in time.
January 12, 2027: everything is either migrated or covered by ESU. That’s the goal.
FAQ
When exactly does Windows Server 2016 support end?
January 12, 2027. Mainstream support ended January 2022—we’ve been in extended support since then, meaning security patches only. Those stop completely in January 2027.
Will my server stop working after the end of life?
Nope, keeps running fine. The problem is security—Microsoft stops patching vulnerabilities. Any security hole discovered after January 2027 stays open on your system indefinitely.
What’s ESU and is it worth buying?
Extended Security Updates. Paid program giving you security patches for 3 more years. Costs roughly 75% of the original license cost per year, doubling each year. It’s often cheaper to just buy new Server 2025 licenses than pay for 3 years of ESU. Only makes sense if you absolutely cannot migrate in time.
Server 2022 or 2025?
2025 has support until 2034 and the latest features. 2022 is more proven, with support until 2031. Go for 2025 for new infrastructure, 2022 if your applications specifically require it or you value battle-tested stability.
Can I upgrade straight from Server 2016 to 2025?
Yes, in-place upgrade works. Back everything up first, verify hardware meets 2025 requirements, and check if your apps support it. The process takes maybe 1-2 hours per server, varying by what’s installed.
Any free options after January 2027?
Azure VMs get ESU free—move the workload there before the end of support and patches continue automatically. For on-prem servers, it’s either paid ESU or an upgrade to a supported OS. No free lunch.
Need Server Licenses?
HypestKey sells genuine Microsoft license keys for Server 2016, Server 2019, Server 2022 and Server 2025. Digital delivery, instant activation.
Browse Windows Server licenses →
