The End-of-Life Deadline for Windows 10 – Why It Matters
The End-of-Life Deadline for Windows 10 – Why It Matters The countdown has begun: Windows 10 support officially ends on 14 October 2025 After this date, Microsoft will no longer provide security updates, bug fixes, or technical support, leaving businesses and individual users exposed to cyber threats, software incompatibility, and operational disruptions. While October 2025 may seem far off (to some people): Waiting too long to upgrade could put your security, compliance, and productivity at risk IT managers, business owners, and everyday users must act now to ensure a smooth transition before it’s too late. In this post, we’ll break down what Windows 10’s End-of-Life (EOL) means, why upgrading to Windows 11 – or exploring alternative solutions – is essential, and what hardware and software considerations you need to address. Now is the time to prepare. Let’s dive in What Does End-of-Life (EOL) Mean for Windows 10? When Microsoft ends support for an operating system, it doesn’t just stop providing updates it leaves millions of devices vulnerable to security threats, software failures, and compliance risks. After 14 October 2025, businesses and individual users still relying on Windows 10 will face serious challenges that go far beyond outdated software. For Windows 10 users, this means: No More Security Patches – Newly discovered vulnerabilities will remain unpatched, leaving devices, networks, and sensitive data open to cyberattacks. No Technical Support – Microsoft will no longer provide assistance for Windows 10 issues. Reduced Software Compatibility – Over time, new applications, drivers, and security tools built for Windows 11, lead to performance issues, missing features, and software incompatibilities on Windows 10. Significant Compliance Risks – Businesses in regulated industries could fail security audits or face legal consequences for running an unsupported OS. With these risks in mind, businesses and users must start preparing now to ensure a secure and seamless transition. Compliance Risks For businesses holding Cyber Essentials, Cyber Essentials Plus, or ISO 27001:2022 certification, continuing to use Windows 10 after its End-of-Life (EOL) isn’t just a security risk, it could lead to non-compliance, financial penalties, and loss of certification. These accreditation frameworks require up-to-date, secure systems, meaning that running an unsupported OS can have serious consequences for security standards, risk management, and overall business operations. Cyber Essentials / Cyber Essentials Plus Mandates supported and up-to-date software – Running Windows 10 beyond its EOL date directly violates Cyber Essentials’ security requirements, putting certification at risk. Increased risk of cyber threats – Without security patches, ransomware and malware attacks become a major risk, potentially leading to cyber insurance complications and breach of contract obligations. For businesses handling sensitive data or operating in regulated industries, running Windows 10 past its EOL could lead to certification loss, compliance failures, and even contract terminations. Beyond Windows 10: The Bigger Picture The Windows 10 End-of-Life (EOL) isn’t just about retiring an operating system – it’s part of a larger shift that businesses must navigate to stay secure and efficient. Alongside Windows 10, Microsoft Office 2016 and Office 2019 are also reaching their own EOL deadlines, increasing the urgency for organisations to modernise their IT environments before support ends. Office 2016: Support ends on 14 October 2025, the same day as Windows 10’s EOL. Office 2019: While mainstream support has already ended, extended support ends on 14 October 2025. Businesses still relying on these versions will face challenges on two fronts: outdated operating systems and unsupported productivity software, increasing risks across their IT infrastructure. The Risks of Ignoring These Deadlines With multiple Microsoft products reaching their EOL, businesses must act now to avoid serious disruptions. Failing to upgrade both Windows 10 and legacy Office applications can result in: Security Threats: Unsupported software is a prime target for cybercriminals. Compliance Issues: Organisations accredited with Cyber Essentials or Cyber Essentials Plus must use supported software to maintain compliance or they could face certification loss, fines, or reputational damage. Compatibility Headaches: Modern applications and services, including Microsoft 365, will increasingly rely on newer operating systems and software. To stay secure, compliant, and efficient, businesses must begin planning their transition now before these critical deadlines arrive. Why Businesses and IT Managers Need to Act Now The Windows 10 End-of-Life (EOL) deadline isn’t just a routine software update; it’s a turning point that will impact business security, compliance, and operational stability. After 14 October 2025, Windows 10 will officially become obsolete, forcing organisations to upgrade or face significant risks. Businesses must begin planning their transitions now, considering upgrades to Microsoft 365, Office 2021, or newer cloud-based solutions. With the simultaneous EOL dates for both Windows 10 and Office 2016/2019, organisations should take a holistic approach to ensure seamless updates across their IT environments. It isn’t just about compliance it’s an opportunity to enhance security, improve productivity, and unlock modern collaboration tools. A last-minute Windows 11 upgrade is not a viable strategy. Businesses must assess hardware compatibility, application readiness, licensing implications, and deployment plans well in advance to avoid major disruptions. Key Challenges Businesses Must Address Successfully upgrading to Windows 11 requires careful planning across multiple areas, including hardware, applications, and user adoption. Key challenges include: Assessing device compatibility: Many older laptops and desktops do not meet Windows 11’s strict hardware requirements and may need replacing. Evaluating application compatibility: Will legacy software function correctly on Windows 11, or will it require upgrades or replacements? Deployment planning: Businesses must plan device rollouts, licensing transitions, and data migration to ensure a smooth transition with minimal downtime. Without a proactive upgrade plan, organisations risk downtime, cybersecurity vulnerabilities, and rising IT costs all of which could have been avoided with early preparation. What to Expect Navigating Windows 10’s End-of-Life transition can be complex, but this guide will break it down into four key sections to help your business prepare smoothly and effectively: Windows 11 Benefits vs Windows 10: Why Windows 11 is not just an upgrade but a fundamental improvement in security, performance, and features. Upgrade
Segmenting Your Microsoft 365 Global Address List for Multi-Domain Organisations
Segmenting Your Microsoft 365 Global Address List for Multi-Domain Organisations In an era where mergers, acquisitions and multi-academy consolidations are commonplace, centralising multiple domains into a single Microsoft 365 tenant delivers undeniable efficiencies in security, licensing and administration. Yet with consolidation comes the hidden risk of an unwieldy Global Address List (GAL) – a single directory that exposes every mailbox, group and resource across your entire tenant. For an education trust of a dozen schools, this can mean a teacher accidentally emailing safeguarding records to the wrong academy. For a merged enterprise, it may result in sensitive financial forecasts landing in a newly acquired subsidiary’s inbox. This article presents a fully-up-to-date approach – using native Exchange Online Address Book Policies (ABPs) – to carve a monolithic GAL into secure, domain or division specific views You’ll gain: An understanding of why a single GAL poses security, compliance and productivity challenges A clear description of ABP components and their interplay Detail and plain-English explanations of PowerShell implementation patterns Expanded sections on Security & Compliance, Extending Segmentation into Teams and Beyond, and Governance Wherever possible, I’ve drawn directly from Microsoft’s latest documentation to ensure accuracy. Why a Single GAL Becomes a Liability Many organisations believe a centralised directory is inherently beneficial: one search bar to rule them all. In practice, users endure information overload when they must sift through hundreds or thousands of irrelevant entries to find a colleague or resource. Worse, autocomplete treats internal and external addresses the same, so a slip of the finger can expose confidential data to unintended recipients. For multi-academy education trusts, safeguarding student information is non-negotiable. A misplaced click can send pupil assessment data or pastoral notes to the wrong school, risking GDPR breaches and parental complaints. In corporate scenarios – say, a company acquiring a competitor – financial controllers might inadvertently share year-end bonus details with executives of the acquired entity. These are not hypothetical concerns; every mis-addressed email carries reputational damage, regulatory fines and erosion of stakeholder trust. IT helpdesks bear the brunt of this chaos, fielding reported incident tickets such as “Why can’t I find Mrs Jones in my academy?” or “Why am I seeing rooms from the finance department?” These repetitive queries divert valuable IT capacity from strategic projects – be it rolling out a new learning-management system or deploying advanced security analytics. As tenant scale grows, so too do the hidden costs of a monolithic GAL. Address Book Policies: Virtual Segmentation Rather than fragment your environment into separate tenants – an approach that multiplies licences, security boundaries and operational overhead – Exchange Online’s Address Book Policies (ABPs) offer a “virtual partition” within your existing tenant. An ABP bundles together four filtered directory view components so that users see only the objects assigned to their business unit or academy all while retaining centralised governance and compliance controls. At its core, an ABP comprises: A Global Address List (GAL) scoped by a recipient filter, defining which mail-enabled objects appear in name-resolution requests. An Offline Address Book (OAB) downloaded by Outlook clients in cached mode, ensuring offline users browse the same filtered directory. A Room List, for filtering resource mailboxes (meeting rooms, shared equipment) to prevent cross-unit booking conflicts. Custom Address Lists, enabling category-based browsing (e.g. by department or faculty) within the defined scope. By tagging mailboxes using a custom attribute or SMTP domain suffix you drive these filters automatically, so new users immediately inherit the correct ABP without manual reassignment. The Address Book Policy Routing agent further enforces isolation by marking out-of-scope lookups as “external” ﹘ preventing misleading “internal” display names in autocomplete once you enable it with: Set-TransportConfig -AddressBookPolicyRoutingEnabled $true Dissecting the Four ABP Pillars Global Address List (GAL) When a user types a name into the To: field in Outlook or OWA, the directory lookup consults the GAL. A domain-specific GAL (e.g. GAL_Contoso) ensures that Division A staff resolve only their own colleagues, distribution lists and contacts. This scoping is driven by a recipient filter, most commonly mapping CustomAttribute1 to a division code, such as “Contoso”. Offline Address Book (OAB) Outlook’s cached-mode clients download the OAB every eight hours by default. When you create an OAB that points to the same filtered GAL and address lists (e.g. OAB_Contoso), offline users maintain the same segmented experience even when disconnected from the network. This is critical for remote or bandwidth-constrained environments where cached-mode Outlook is the norm. Room List Resource mailboxes (meeting rooms, hot desks, equipment) often clutter the global directory. By creating a Room List object filtered on both the RecipientDisplayType (e.g. ConferenceRoomMailbox) and your division tag, you surface only the relevant rooms in meeting-room pickers preventing double bookings and administrative friction across units. Custom Address Lists Under each GAL, you can present one or more Custom Address Lists for instance, “Finance Teams” or “Faculty Staff” using the same division filter. These lists appear as categories in Outlook’s address-book pane, enabling structured browsing rather than free-form search. Together, all four components weave a seamless, tailored directory experience for each business unit. Security & Compliance: Fortifying Your Boundaries Segmentation does more than improve usability – it underpins your security and compliance strategy with multiple, reinforcing controls. Data Loss Prevention (DLP) becomes markedly more precise With a monolithic GAL, DLP policies must blanket the entire tenant, triggering false positives when users legitimately email across divisions. By contrast, ABP segmentation lets you craft targeted DLP rules that apply within each directory silo. For example, exam results can circulate freely within an academy but are blocked when addressed outside its ABP, sharply reducing administrative overhead in policy tuning and alert triage. eDiscovery and legal-hold scenarios Segmented GALs shrink your search scope. Compliance officers can restrict Content Searches to a single ABP, slashing processing time and data volumes. In education trusts, this ensures that subject-access requests remain tightly confined to the relevant academy, a critical requirement under GDPR and UK data-protection regulations. Auditability improvement Exchange’s Admin Audit Logs record
Artificial Intelligence – AI: Friend or Foe
Artificial Intelligence – AI: Friend or Foe? In the last but one part of my #30YearsInIT series, I find myself turning to a topic that has stirred up plenty of curiosity, debate, and even a little anxiety across industries: Artificial Intelligence. Specifically, I want to explore Microsoft’s introduction of AI into their ecosystem, branded as Copilot. These are my personal thoughts and opinions, built on my experience as technology has moved at an unprecedented speed, and the research I’ve gathered to understand where we’re heading with AI. Let’s dive in – what does AI in the Microsoft ecosystem mean for you, your team, and your business? What Is Microsoft Copilot? Microsoft Copilot represents the next chapter in productivity tools, integrating AI to assist in everyday tasks within the Microsoft 365 environment. It’s built using OpenAI’s GPT-4 model, the latest and most advanced generative AI, designed to help people work smarter by embedding itself into familiar tools like Word, Excel, Outlook, and Teams. But what can it bring to an organisation, a project team, or end users? What does “Copilot” actually mean? A “copilot” is typically the second pilot in an aircraft, assisting the main pilot with navigation, communication, and other flight duties. In a broader sense, it refers to someone who helps or supports another person in their tasks. In the context of technology, like Microsoft Copilot, it means an “AI assistant“ designed to help users with various tasks, making their work more efficient and productive. Imagine an assistant who understands your workflows, helps write and summarise documents, automates repetitive tasks, and even provides data insights directly in your work environment – all within your Microsoft 365 apps. The promise here is one of less time spent on mundane tasks and more on creative, strategic work. Copilot can help generate content drafts, propose recommendations based on your data, and enhance meeting productivity by summarising key points in Microsoft Teams. But is it all smooth sailing? Can this AI truly be trusted to handle critical data securely and accurately? What AI Can Bring to an Organisation The potential impact of Copilot on productivity is significant. For project teams, Copilot can speed up the drafting of project plans, assist in scheduling, and generate instant data visualisations in Excel or PowerBI, helping turn raw data into actionable insights faster than ever before. The potential gains in efficiency are unmeasurable (differs based on organisation size and the experience and knowledge of existing employees) when daily or routine but time-consuming tasks are delegated to an AI assistant, allowing team members to focus on more creative, high-value work. For end users, whether they are content writers, project managers, or data analysts, Copilot can serve as a partner in drafting professional, polished emails, creating complex formulas in Excel, or even suggesting improvements to the language and structure of reports in Word. This represents a major shift in how we work no longer struggling with tasks that are outside our expertise but instead having AI to bridge those gaps seamlessly. For organisations as a whole, Copilot offers not only efficiency gains but also improved consistency in communication, quality in deliverables, and the ability to standardise best practices across the workforce. It can help businesses of all sizes make sense of their data, improve communication channels through automated meeting notes and summaries, and reduce the manual burden on support teams through AI-driven helpdesk solutions. The Risks and Concerns: Is AI Safe? With the promise of AI also comes valid questions and concerns: Is AI safe? Can we trust it with sensitive business data? What happens if it gets things wrong? Who is at fault for AI failures? Who is blamed? These are the questions I believe every IT leader, manager, and even end user is asking, and rightly so. Data Security and Compliance: One of the key assurances Microsoft offers is that Copilot is built on top of Microsoft’s security, compliance, and privacy controls. The data used by Copilot is not trained on external datasets or used to train the broader AI model it remains within the boundaries of the customer’s Microsoft 365 tenant. This distinction is crucial for maintaining data privacy and ensuring compliance with regulations such as GDPR. For organisations that have spent years building secure on-premises environments, these guarantees are paramount to feeling comfortable transitioning to AI. Accuracy and Reliability: Copilot, like all AI, is not 100% accurate. There is always the risk of inaccuracies, especially when asked to generate content, write development code, or summarise complex discussions. Microsoft has acknowledged this by positioning Copilot as a collaborative partner (an assistant, an agent) rather than a standalone solution. It’s meant to enhance human creativity and productivity, but the responsibility for checking and verifying the output ultimately remains with the user. This approach makes sense; AI can be incredibly powerful, but without human oversight, mistakes are inevitable and if not tested, documented, or managed can lead to unknown and unimaginable challenges and failures: Preventing Abuse and Misinformation: Microsoft is aware of the potential for abuse using AI to spread misinformation or for malicious purposes such as click-bait, phishing, or fraudulent activity. To combat this, the company has implemented Guardrails, a series of measures designed to prevent misuse. This includes content moderation filters, abuse detection systems, and monitoring capabilities that can detect and stop the abusive use of AI. By ensuring that Copilot is embedded within Microsoft’s trusted environment, the goal is to mitigate these risks and provide users with tools that are as safe as possible. An Argument: The Future of AI – Is It the Best Path Forward? AI is undeniably a powerful tool, but it also introduces complexities that can make decision-makers hesitant. For many organisations, the thought of AI generating content autonomously feels uncomfortable, particularly for those accustomed to tight control over