Plan your Windows Server 2012/2012 R2 and SQL Server 2012 end-of-support

We will be offering Extended Security Updates for SQL Server 2012 and Windows Server 2012 and 2012 R2.  Free Extended Security Updates will be available for customers on Azure, which includes Azure Virtual Machines, SQL Server on Azure Virtual Machines, Azure Dedicated Host, Azure VMWare Solutions, Azure Nutanix Solution, and Azure Stack HCI.

Windows Server 2012 and 2012 R2 Extended Support will end on October 10, 2023.

SQL Server 2012 Extended Support will end on July 12, 2022.

Learn more about lifecycle support deadlines.

On Azure: Customers who migrate workloads to Azure will have access to Extended Security Updates for both SQL Server 2012 and Windows Server 2012 and 2012 R2 for three years after the End of Support dates for no additional charge above the cost of running the virtual machine.

On-premises: Eligible customers will be able to purchase Extended Security Updates for their on-premises environment. Licenses are sold in 2 core packs for SQL Server and 16 core packs for Windows Server 2012, and are priced as below:

Year 1: 75% of full license price annually

Year 2: 100% of full license price annually

Year 3: 125% of full license price annually

Can I onboard later and buy just Year 2 of 2012 Extended Security Updates?

Customers who require 2012 outside Azure (where Extended Security Updates are available at no additional charge) can onboard on Year 2 of 2012 Extended Security Updates. However, if an organization did not purchase the first year of Extended Security Updates coverage, they will need to purchase both Year 1 and Year 2 Extended Security Updates. Similarly, if an organization onboards only on Year 3, they will need to purchase all three years of Extended Security Updates.

Software Assurance or an equivalent Server Subscription is required for customers to purchase Extended Security Updates on-premises.
Customers will be able to purchase Extended Security Updates via Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), a Server & Cloud Enrollment (SCE), and Enrollment for Education Solutions (EES).
On Azure, customers do not need Software Assurance to get free Extended Security Updates, but Software Assurance or Server Subscription is required to take advantage of the Azure Hybrid Benefit.

Free Extended Security Updates will be available for customers on Azure, which includes workloads running on Azure Virtual Machines, Azure Dedicated Host, Azure VMWare Solutions, Azure Nutanix Solution and Azure Stack Hub/Edge/ HCI.

No, there are no changes to the type of updates in 2012 Extended Security Updates. Windows Server will distribute “Critical” and “Important” patches and SQL Server will distribute “Critical” updates.

For more information on what is considered “critical” or “important,” please visit the Security Update Severity Rating System webpage.

Extended Security Updates do not include new features, customer-requested non-security hotfixes, or design change requests. However, Microsoft may include non-security fixes as deemed necessary.

No, there are no changes to technical support options for Extended Security Updates customers in 2012. Customers can still use an active support contract such as Software Assurance or Premier/Unified Support on the relevant on-premises Windows Server 2012/2012 R2 and SQL Server 2012 product(s) to get technical support if they choose to stay on-premises. Alternatively, if hosting on Azure, customers can use an Azure Support plan to get technical support.

Windows Server 2008 and 2008 R2 Extended Security Updates began on January 14, 2020. 

SQL Server 2008 and 2008 R2 Extended Security Updates began on July 12, 2019.

On-premises licenses for Windows Server 2008 and 2008 R2 Extended Security Updates are coming to an end on January 10, 2023. On-premises licenses SQL Server 2008 and 2008 R2 Extended Security Updates are coming to an end on July 12, 2022.

Microsoft will not extend SQL Server and Windows Server 2008 Extended Security Updates for on-premises licenses.

For those customers who need more time to upgrade and modernize their Windows Server and SQL Server 2008 and 2008 R2 on Azure, we will now provide one additional year of free extended security updates only on Azure. With this, customers will have until January 14, 2024 for Windows Server 2008/ 2008 R2 and July 12, 2023 for SQL Server 2008/ 2008 R2 to upgrade to a supported release.

Free Extended Security Updates will be available for customers on Azure, which includes Azure Virtual Machines, SQL Server on Azure Virtual Machines, Azure Dedicated Host, Azure VMWare Solutions, Azure Nutanix Solution, and Azure Stack HCI.

For detailed instructions on how to purchase and activate Extended Security Updates (for both Windows Server 2008/ 2008 R2 and Windows 7), please see this blog post on Tech Community.

The End of Support date for SQL Server 2008 and 2008 R2 was July 9, 2019.

The End of Support date for Windows Server 2008 and 2008 R2 was January 14, 2020.

The End of Support date for SQL Server 2012 and 2012 R2 is July 12, 2022.
 

The End of Support date for Windows Server 2012 and 2012 R2 is October 10, 2023.

Microsoft Lifecycle Policy offers 10 years of support (5 years for Mainstream Support and 5 years for Extended Support) for Business and Developer products (such as SQL Server and Windows Server). As per the policy, after the end of the Extended Support period there will be no patches or security updates, which may cause security and compliance issues, and expose customers’ applications and business to serious security risks.

We recommend upgrading to the latest versions of our software to continue to get regular security updates, either in Azure or on-premises. However, for customers that are not able to transition to a supported version before the End of Support date, we have options to help protect data and applications during the End of Support transition:

Extended Security Updates in Azure: Customers who migrate workloads to Azure Virtual Machines (IaaS) will have access to Extended Security Updates for SQL Server 2008/2008 R2 and 2012 and Windows Server for the 2008/2008 R2 and 2012/2012 R2 versions for three years after the End of Support dates for no additional charges above the cost of running the virtual machine. For many customers, this is an easy first step before upgrading or modernizing with newer versions or services in Azure. Those that decide to move to Azure SQL Managed Instance (PaaS) will also have access to continuous security updates, as this is a fully managed solution. Customers do not need Software Assurance to receive Extended Security Updates in Azure.

Eligible customers can use the Azure Hybrid Benefit (available to customers with active Software Assurance or Server Subscriptions) to obtain discounts where no license fees for running Windows Server or SQL Server on Azure Virtual Machines (IaaS) or Azure SQL Managed Instance (PaaS) are required, just the compute, storage, and bandwidth costs specific to running the virtual machine.  These customers will also have access to Extended Security Updates on Azure for no additional charges above the cost of running the virtual machine.

Extended Security Updates for on-premises or hosted environments: Extended Security Updates will also be available for workloads running on-premises or in a hosting environment such as with another cloud provider. Customers running SQL Server or Windows Server under licenses with active Software Assurance under an Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), a Server & Cloud Enrollment (SCE), an Enrollment for Education Solutions (EES), or Subscription can purchase Extended Security Updates annually for three years after End of Support date.

Extended Security Updates can only be purchased under EA, EAS or SCE. Extended Security Updates can’t be purchased under Open, Select or MPSA, however it can be applied to servers licensed with active SA or subscription under these programs. Product licenses and Software Assurance do not need to reside on the same enrollment. However, customers cannot purchase Extended Security Updates outside of the EA, EAS, SCE, EES, or Subscription licensing programs.

Customers can purchase Extended Security Updates only for the servers they need to cover. Extended Security Updates can be purchased directly from Microsoft or a Microsoft licensing partner.

The Enterprise and Standard editions of SQL Server for versions 2008/2008 R2 and 2012, and the Standard, Datacenter, and Embedded editions of Windows Server for versions 2008/2008 R2 and 2012/2012 R2 are eligible for Extended Security Updates. The 2008 R2 version of Windows Server and SQL Server was the final version supporting X86 (32 bit) processors, and all subsequent versions are x64 only.

In Azure: Customers can begin migrating workloads to Azure Virtual Machines immediately and apply regular security updates until the End of Support date.
Windows Server 2008/2008 R2 and 2012/2012 R2 and SQL Server 2008/2008 R2 and 2012 Virtual Machines in Azure are automatically enabled for Extended Security Updates. You don't need to configure anything, and there's no additional charge for using Extended Security Updates with Azure Virtual Machines.

In order for SQL Server customers to take advantage of automated patching of security updates customers will need to register their virtual machines with SQL Server IaaS Agent extension. Click to learn more about automated patching with SQL Server IaaS Agent Extension.

On-premises or hosted environments: 2008/2008 R2 Extended Security Updates are now available for purchase, and can be ordered from Microsoft or a Microsoft licensing partner. Please see the table below to find the dates that Extended Security Updates will be available for SQL Server 2012 and Windows Server 2012/2012 R2. Extended Security Updates are available to purchase typically 3 months prior to End of Support dates with delivery of Extended Security Updates beginning after End of Support.

2012/2012 R2 : SQL Server

End Of Support: 07/12/2022

Extended Security Update Available for Purchase: April 2022

End of Extended Security Updates Program: 07/12/2025

2012/2012 R2: Windows Server

End Of Support: 10/10/2023

Extended Security Update Available for Purchase: June 2022

End of Extended Security Updates Program: 10/10/2026

2008/2008 R2: SQL Server

End Of Support: July 9, 2019

Extended Security Update Available for Purchase: Now

End of Extended Security Updates Program: July 9, 2022

2008/2008 R2: Windows Server

End Of Support: January 14, 2020

Extended Security Update Available for Purchase: Now

End of Extended Security Updates Program: January 14, 2023

You can find more information about how to use Extended Security Updates here.

For SQL Server 2008/2008 R2 and 2012: Extended Security Updates include provision of Security Updates rated “critical” for a maximum of three years after end of support.

For Windows Server 2008/2008 R2 and 2012/2012 R2: Extended Security Updates include provision of Security Updates and “Security Update Severity Rating System” rated “critical” and “important,” for a maximum of three years after end of support.

Extended Security Updates will be distributed if and when available.  Extended Security Updates do not include technical support, but you may use other Microsoft support plans to get assistance on your Server 2008/2008 R2 and 2012/ 2012 R2 questions on workloads covered by Extended Security Updates.

Extended Security Updates do not include new features, customer-requested non-security hotfixes, or design change requests. However, Microsoft may include non-security fixes as deemed necessary.

For more information on what is considered “critical” or “important,” please visit the MSRC site.

For End of Support events in the past, SQL Server provided only Critical Security Updates, which meets the compliance criteria of our enterprise customers. SQL Server does not ship a general monthly security update. Microsoft only provides on-demand SQL Server security updates (GDRs) for MSRC “Security Update Guide” here SQL Server is identified as an affected product.

If there are situations where new SQL Server important updates will not be provided and it is deemed critical by the customer but not by MSRC, we will work with the customer on a case-to-case basis to suggest appropriate mitigation.

Software Assurance customers can purchase Extended Security Updates on-premises under an Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), a Server & Cloud Enrollment (SCE), or an Enrollment for Education Solutions (EES). Software Assurance does not need to be on the same enrollment.

No, customers can choose to cover as many 2008/2008 R2 and 2012/2012 R2 on-premises servers with Software Assurance as they need for Extended Security Updates.

In Azure: Customers running Windows Server or SQL Server 2008 and 2008 R2 in an Azure Virtual Machine will get Extended Security Updates for no additional charges above the cost of running the virtual machine. Customers moving to Azure SQL Managed Instance (PaaS) do not need Extended Security Updates, as this is a fully managed solution, and is always updated and patched by Microsoft.

On-premises: Customers with active Software Assurance or subscription licenses can purchase Extended Security Updates for approximately 75% of the on-premises license cost annually. Pricing is available on published price lists. Contact your Microsoft partner or account team for more details.

Hosted environments: Customers who license Windows Server or SQL Server 2008/ 2008 R2 through an authorized SPLA hoster will need to separately purchase Extended Security Updates under an Enterprise or Server and Cloud Enrollment either directly from Microsoft for approximately 75% of the full on-premises license cost annually or from their Microsoft reseller for use in the hosted environment. The price of Extended Security Updates acquired through Microsoft resellers is set by the reseller. Pricing for Windows Server Extended Security Updates is based on Windows Server Standard per core pricing, based on the number of virtual cores in the hosted virtual machine, and subject to a minimum of 16 licenses per instance. Pricing for SQL Server Extended Security Updates is based on SQL Server per core pricing, based on the number of virtual cores in the hosted virtual machine, and subject to a minimum of 4 licenses per instance. Software Assurance is not required. Contact your Microsoft reseller or account team for more details.

The price of Extended Security Updates will be calculated based on the number of cores licensed for the SQL production workload in a customer’s on-premises environment. If they licensed 8 cores for SQL Server on-premises and use Software Assurance benefits to have a secondary passive server (i.e., virtual machine) of 8 cores on Azure, that customer will purchase Extended Security Updates based on the 8 cores for SQL Server licensed on-premises. Customers can then apply updates to their production workload on-premises and the secondary passive server (i.e., virtual machine) on Azure.

On–premises: Yes, Software Assurance is required for on-premises workloads. 
In Azure: No, for workloads running in Azure, Extended Security Updates is free and does not require Software Assurance (unless using Azure Hybrid Benefit).
The best way for customers to maximize savings when running Windows Server and SQL Server in Azure is to leverage the Azure Hybrid Benefit (available to customers with active Software Assurance or Server Subscriptions).
Azure Hybrid Benefit—hybrid cloud | Microsoft Azure

No. Customers cannot buy Extended Security Updates for SQL Server 2008 R2 Express or Developer edition. However, they can move their workloads to Azure and get the Extended Security Updates for no additional charges above the cost of using the Azure service. Also, customers who have Extended Security Updates for SQL Server production workloads are permitted to apply updates to their servers running SQL Server Developer edition solely for development and test purposes.

Customers with active Software Assurance or subscription licenses for their servers are eligible to purchase Extended Security Updates on-premises through an EA, EAS, SCE, or EES.

Customers can choose which servers to be covered.

Customers with Software Assurance through other enrollments (e.g. Open, Select, MPSA) can use Extended Security Updates purchased through EA, EAS, SCE, or EES.

Prices for years 1, 2, and 3 for Windows Server and SQL 2008/2008 R2 versions are fixed.

Prices for Windows Server 2012/2012 R2 and SQL Server 2012 Extended Security Updates will increase in years 2 and 3 by an additional 25% of the base price of the license each year.

Year 1: Approximately 75% of full license price
 

Year 2: Approximately 100% of full license price 

Year 3: Approximately 125% of full license price

Pricing for Extended Security Updates will follow the current license model for the server. For example, Windows Server is licensed by core and is required for all physical cores on each server.

Coverage will be available in three consecutive 12-month increments following End of Support.

Customers cannot buy partial periods (e.g. only 6 months). The customer’s EA renewal does not need to align to the Extended Security Update annual period. EA and Extended Security Updates must overlap for at least one month at the beginning of each year of Extended Security Updates coverage.

Customers must have active Software Assurance coverage or subscription licenses for at least one month at the start of each coverage period in order to be eligible for Extended Security Updates in that period. For example, customers must have Software Assurance coverage for SQL Server during the month of October 2023 for Windows Server 2012/2012 R2 and during the month of July 2022 for SQL Server 2012 in order to be eligible for Extended Security Updates for SQL Server during the first year of Extended Security Updates coverage.

If customers purchase Extended Security Updates while Software Assurance is active, but Software Assurance lapses before the Extended Security Update coverage period begins, customers will not be able to receive updates.

Extended Security Updates are available annually, for a fixed 12-month period. If a customer purchases Extended Security Updates in month 10 of the 12-month period, that customer would still need to purchase the full 12 months.

Customers must have purchased coverage for year 1 of Extended Security Updates in order to buy year 2, and coverage in year 2 in order to buy year 3. Customers may buy coverage for previous years at the same time they buy coverage for a current period. It is not necessary to buy a certain period of coverage within that coverage period.

Premier Support is not a base requirement, but an additional support contract is recommended if technical support will be required.
 

For detailed instructions on how to purchase and activate Extended Security Updates (for both Windows Server 2008/ 2008 R2 and Windows 7), please see this blog post on Tech Community.

Yes, customers must have active Software Assurance (or equivalent Subscription Licenses) for CALs and External Connector Licenses permitting access to Servers with active Extended Security Updates coverage. However, Extended Security Updates coverage is neither required nor available for CALs or External Connector Licenses.

Core licenses are sold in packs of two (a 2-pack of Core Licenses), and packs of 16 (a 16-pack of Core Licenses). Each processor needs to be licensed with a minimum of eight cores (four 2-pack Core Licenses). Each physical server, including single-processor servers, will need to be licensed with a minimum of 16 Core Licenses (eight 2-pack of Core Licenses or one 16-pack of Core Licenses). Additional cores can then be licensed in increments of two cores (one 2-pack of Core Licenses) for servers with core densities higher than 8.

Customers cannot license individual Windows Server virtual machines. They must license the full physical server. Licensing requirements for Extended Security Updates on-premises align to the licensing requirements for the underlying Software Assurance coverage or subscription. Customers will only need to know their Windows Server license position for a given server, to know how many Extended Security Update licenses they need.

Customers who have covered all the underlying cores of the physical server with Windows Server Datacenter licenses should buy Extended Security Updates for the number of physical cores, irrespective of the number of VMs running on that physical server.

Customers who have covered all the underlying cores of the physical server with Windows Server Standard licenses should buy Extended Security Updates for the number of physical cores, but will only be licensed to run and update two virtual machines on the server. Customers who wish to run and update more than two virtual machines on a server licensed with Windows Server Standard must re-license all of the physical cores on the server with both Windows Server Standard and Extended Security Updates for each additional pair of virtual machines.

Yes, customers need to run SQL Server 2008/2008 R2 and 2012 as well as Windows Server 2008/2008 R2 and 2012/2012 R2 with the latest Service Pack to apply Extended Security Updates. Microsoft will only produce updates which can be applied on the latest Service Pack. Click here to find the latest Service Pack for Windows Server 2008/2008 R2 and 2012/2012 R2 as well as SQL Server 2008/2008 R2 and 2012.

For customers who do not have Software Assurance, the alternative option to get access to Extended Security Updates is to migrate to Azure. For variable workloads, we recommend that customers migrate on Azure via Pay-As-You-Go, which allows for scaling up or down at any time. For predictable workloads, we recommend that customers migrate to Azure via Server Subscription and Reserved Instances.

Customers who need to stay on-premises can purchase Extended Security Updates when they have an active Server Subscription via EAS or EES, or Licenses through an EA or SCE in addition to Software Assurance through those programs. Alternatively, customers can use Software Assurance through Open, Select, or MPSA agreements in addition to product licenses through an EA, EAS, SCE, EES, or Subscription. Licenses and Software Assurance do not need to be on the same agreement.

There is no deadline for migration of the Windows Server or SQL Server 2008 workloads to Azure. However, we recommend customers complete migration before the End of Support date so that they do not miss any Extended Security Updates. If customers miss a year of Extended Security Updates coverage, they may buy coverage for previous years at the same time they buy coverage for a current period.

To find more information about end of support dates, refer to: Search Product and Services Lifecycle Information - Microsoft Lifecycle | Microsoft Docs.

Yes, customers can start a new 2008, 2008 R2, 2012, or 2012 R2 instance on Azure and have access to Extended Security Updates.

Customers who purchase Extended Security Updates for production servers may also apply those security updates to servers licensed under Visual Studio (MSDN) subscriptions at no additional cost. There is no limit to the number of MSDN servers a customer can cover. If they purchase Extended Security Updates for a production server, those updates can be applied to any number of MSDN servers.

Yes. Premium Assurance is no longer available, but we will honor the terms of Premium Assurance for customers who already purchased it.

Please visit the Windows 7 and Office 2010 EOS FAQ for more info about these products.

Windows 7 and Office 2010 EOS FAQ

Software Assurance is required as a pre-requisite to Extended Security Updates. If you have Software Assurance or an equivalent subscription (even if it is on a different enrollment/program type) then you can buy Extended Security Updates for Software Assurance covered servers on your Microsoft Enterprise Agreement (EA), Enterprise Agreement Subscription (EAS), or Server and Cloud Enrollment (SCE).

Extended Security Updates coverage is not required to be co-terminus with Software Assurance coverage, but customers must have at least one month of qualifying Software Assurance coverage remaining at the time a given year of Extended Security Updates coverage is purchased.

Extended Security Updates can be purchased by customers with active Software Assurance under the following programs - Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), Server & Cloud Enrollment (SCE), Enrollment for Education Solutions (EES), or Subscription.

Apps running on pre-installed Windows Servers are recommended to be migrated to supported OS versions or Windows Server 2008 and 2008 R2 on Azure.

No, but customers can use an active support contract such as Software Assurance or Premier/Unified Support on the relevant on-premises product(s) to get technical support if they choose to stay on-premises. Alternatively, if hosting on Azure, customers can use an Azure Support plan to get technical support.

No. If a customer has SQL Server 2008/2008 R2 or 2012 or Windows Server 2008/ 2008 R2 or 2012/2012 R2 and chooses to remain on-premises during a migration without Extended Security Updates, they cannot log a support ticket, even if they have a support plan. If they migrate to Azure, however, they can get support using their Azure Support Plan.

When customers have purchased Extended Security Updates and have an existing support plan:

Scenario: Customer can open a support ticket
Response: Yes

Scenario: Support Team will work to troubleshoot customer issue
Response: Yes

Scenario: Support Team will do a root cause analysis
Response: No

Scenario: Support Team will file a bug or a Design Change Request (DCR)
Response: No*

*If the issue is related to a security update, the Support Team will file a bug on the customers behalf to solve the issue.

This program covers only the named product and the components that shipped with it. Unless explicitly stated the scope of this program does not extend to any other products or tools that the customer may be running on or with the covered product.

Microsoft is committed to helping customers upgrade or migrate to the cloud, and will provide best effort support to troubleshoot an issue for SQL Server 2008/2008 R2 and 2012 as well as Windows Server 2008/2008 R2 and 2012/2012 R2 covered under Extended Security Updates after the End of Support dates for those products.

No, customers must purchase Extended Security Updates separately. The cost of Extended Security Updates is not included in the price calculation of the Unified Support agreement. However, customers with Unified Support and Extended Security Updates can request technical support for the 2008, 2008 R2, 2012, or 2012 R2 servers covered by Extended Security Updates. Onsite or proactive support will only be available to a customer if it is part of their Unified Support agreement.

Yes, organizations which have purchased Extended Security Updates can submit support incidents using any Microsoft Support offering, including Unified and Premier Support. Microsoft Partners are also able to submit tickets on behalf of their customers as long as the customer has purchased Extended Security Updates, though Partners will need a support agreement in place to do so.

All customers must call Microsoft Support in order to place a request for a technical support incident. Services Hub no longer shows the SQL Server 2008 version in the drop down.

As we continue to work to fully automate the validation process, the tech routers will validate whether a customer purchased Extended Security Updates. Once the customer is validated, a case will be created and routed to the appropriate queue for technical support. Customers should provide their Enterprise Agreement number or full customer name for validation.

If an investigation determines that resolution requires product enhancement available in a recent release, then a request will be made to the customer to upgrade to a more recent release where the capability is already available. No new product enhancements will be made for SQL Server 2008/2008 R2 or 2012 or Windows Server 2008/2008 R2 or 2012/2012 R2.

No. The Extended Security Update (ESU) for Windows 7 and Windows Server 2008 will require online servicing (booted into the image taking the updates. See online servicing for more details).

Extended Security Updates are not supported in offline servicing mode. Applying Extended Security Updates in offline servicing mode will generate an error and updates will fail.

Extended Security updates will continue to be available through all normal channels – Windows Update , Windows Server Update Service, and Catalog. The Wsusscn2.cab will also include Extended Security updates and be available during the Extended Security Update period. The latest Wsusscn2.cab file is available for download at the following location: Download Wsusscn2.cab.

Extended Security Updates for SQL Server 2008/2008 R2 and 2012 as well as Windows Server 2008/2008 R2 and 2012/2012 R2 will be offered on Azure Virtual Machines at no additional charge above the cost of the virtual machine. For customers that migrate workloads to Azure Virtual Machines, we will offer Security Updates and “Security Update Guide” rated "Critical" and "Important" for Windows Server 2008/2008 R2 and 2012/2012 R2, and those rated “Critical” for SQL Server 2008/2008 R2 and 2012.

Yes, customers with active Software Assurance or equivalent Server Subscriptions can leverage Azure Hybrid Benefit:

SQL Server: Customers can leverage existing on-premises license investments for discounted prices on SQL Server running on Azure SQL Managed Instance, Azure Virtual Machines, and Azure Arc-enabled SQL Managed Instance in hybrid environments.

Windows Server: Customers can leverage existing on-premises license investments to save on Azure Virtual Machines.

Customers choosing to move to Azure IaaS can combine Azure Hybrid Benefit savings for SQL Server and Windows Server for increased cost savings.
 

Yes, Extended Security Updates will be available on Azure Virtual Machines on Azure Government regions.

Yes, customers can migrate SQL Server 2008/2008 R2 or 2012 or Windows Server 2008/2008 R2 or 2012/2012 R2 to Azure Stack and receive Extended Security Updates for no additional cost after the End of Support dates.

Windows Server: Customers that license Windows Server through an authorized SPLA hoster may separately purchase Extended Security Updates under an Enterprise or Server and Cloud Enrollment directly from Microsoft or a Microsoft reseller for use on their hosted instances. Pricing is based on per core pricing, based on the number of virtual cores in the hosted virtual machine, and subject to a minimum of 16 licenses per instance for Windows Server and four for SQL Server. Software Assurance is not required.

SQL Server: Customers with License Mobility through Software Assurance may also purchase Extended Security Updates from Microsoft to use in virtual machines properly licensed to run in an authorized License Mobility partner’s datacenter. See the Microsoft Licensing site for availability and use rights for the End of Support Offering. Please note, for SQL Server, customers can only use Extended Security Updates on the databases for which they have licensed Extended Security Updates. Customers cannot apply them to non-covered databases or share them with hosters.

The following describes pricing for Extended Security Updates in various hosted scenarios. Please note that pricing information here is only for Windows Server and SQL Server 2008/2008 R2.

On-premises
Pricing: 75% of full license price annually, no minimum core requirement
SA or subscription required?: Required for covered licenses

Azure
Pricing: Cost included in standard virtual machine rate
SA or subscription required?: Not required, although Software Assurance provides Azure Hybrid Benefit

Hosted environment —Windows Server
Pricing: 75% of full license price annually, minimum 16 cores/instance
SA or subscription required?: 75% of full license price annually, minimum 16 cores/instance

Hosted environment —SQL
Pricing: 75% of full license price annually, 4 core minimum purchase requirement
SA or subscription required?: Not required when licenses purchased from hoster, required for License Mobility

The Extended Security Updates offer does not include technical support. Customers can use existing support agreements for questions. For customers who purchased Windows Server 2008/2008 R2 or 2012/2012 R2 or SQL Server 2008/2008 R2 or 2012/2012 R2 via SPLA, they should contact the SPLA provider, and that provider can use a Partner Support Agreement. Customers cannot contact Microsoft directly if they purchase through SPLA.

Customers cannot leverage Extended Security Updates if they move their SQL Server environment to a PaaS implementation on other cloud offerings.

If customers are looking to move to virtual machines (IaaS), they can leverage License Mobility for SQL Server via Software Assurance to make the move, and purchase Extended Security Updates from Microsoft to manually apply patches to the SQL Server instances running in a Virtual machine (IaaS) on an authorized Service provider licensing agreement hoster’s server. However, free updates in Azure is the more attractive offer.

Yes, customers can get free Extended Security Updates on Azure Dedicated Host and Azure VMWare Solution for SQL Server 2008/2008 R2 and 2012 as well as Windows Server 2008/2008 R2 and 2012/2012 R2.

Windows Server 2008/ 2008 R2 instance running on-premises: Delivery of Extended Security Updates (ESU) for Windows Server is no different than what customers have been doing for the last decade for security patches. They are Security Updates only. Customers can install Extended Security Updates using the tools and processes they are using today. The only difference is that the system must be unlocked for the updates to install.

On-premises customers that purchase Extended Security Updates will receive an add-on key to activate Extended Security Updates through the volume licensing portal (VLSC) or alternatively, go to Azure Portal to do download keys (link to service). Once customers purchase Extended Security Updates and download the Extended Security Update Keys, they must first install the pre-requisite packages outlined in our IT Pro Blog (or any later SSUs/rollups) before deploying and activating the keys on your applicable machines. Specific KB information can be found in that blog post.

Customers can deploy the new Extended Security Updates Key and any pre-requisite servicing stack updates to the applicable machines, then continue with their current update/servicing strategy to deploy Extended Security Updates through Windows Update, Windows Server Update Services (WSUS), or whatever patch management solution the customer prefers. This is also the process that customers will need to follow for Azure Stack.

Once Extended Security Updates keys are activated, and they add the ability to receive Extended Security Updates. They do not replace the current product activation key (e.g. OEM, KMS), nor do they re-activate the system. Customers will need to install a new Extended Security Updates key each year they have Extended Security Updates deployed.

For detailed instructions on how to purchase and activate Extended Security Updates (for both Windows Server 2008/2008 R2 and Windows 7), please see this blog post on Tech Community.

Note: It may take 3-5 business days for Extended Security Updates (ESUs) MAK keys to become available after purchase. There is also time required for your organization to plan and deploy those MAK keys prior to deploying the security updates. Be sure to take this timeframe in mind as you consider purchasing ESU licenses.

Windows Server 2008 and 2008 R2 instance running on Azure Virtual Machines: Azure will automatically detect the 2008/2008 R2 VM that is running on Azure and enable Extended Security Updates to be downloaded and installed using Windows Update or whatever patch management solution the customer is using. Pre-patched Windows Server 2008 R2 images will also be available from the Azure gallery.

SQL Server 2008 and 2008 R2 running on Windows Server 2008 and 2008 R2 on Azure Virtual Machines: Customers will receive updates automatically through existing SQL Server update channels, whenever vulnerabilities are found, and rated “Critical” by MSRC. If an Azure Virtual Machine is not configured to receive automatic updates, then the on-premises download option applies. Please visit the SQL Server 2008 Extended Security Updates on Github page for additional details. For more information about automatic updates, see Manage Windows updates by using Azure Automation.

a) SQL Server 2008 and 2008 R2 running on Windows Server 2008 and 2008 R2 on-premises: Customers that buy Extended Security Updates will be able to register the eligible instances and download updates from the Azure Portal to deploy to their on-premises environment, whenever vulnerabilities are found, and rated "Critical" by MSRC. This is also the process that customers will need to follow for Azure Stack. Please visit the SQL Server 2008 Extended Security Updates on Github page for additional details.

Microsoft recommends applying Extended Security Update patches as soon as they are available to keep their environment protected. For specific questions about update channels, and the instance registration and download process, please contact your Microsoft Technical Account Manager or Support resource.

Win7/Server 2008 R2: Once the Extended Security Updates pre-requisite updates are installed (See the blog) phone activation can be done using the following steps.
Windows Server 2008 SP2: The support will be in an upcoming release, but the same steps will apply.

a) Slmgr.vbs /ipk < Extended Security Updates MAK Key> to install the product key

b) Get the Installation ID for the Extended Security Updates Key using the corresponding Extended Security Updates  Activation ID (Refer to the blog for Extended Security Updates  Activation IDs for each program). For example:
C:\Windows\system32>slmgr /dti 77db037b-95c3-48d7-a3ab-a9c6d41093e0
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Installation ID: 003842447833058154105433619200708862559816407110910340

c) Once you have the Installation ID, call the Microsoft Licensing Activation Center for your region; they will walk you through the steps to get the Confirmation ID, note it down.

d) Use the Slmgr /atp <Confirmation ID> <ESU Activation ID> to activate the Extended Security Updates  SKU using the Confirmation Id obtained in the above step.
C:\Windows\system32>slmgr /atp
77db037b-95c3-48d7-a3ab-a9c6d41093e0
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Confirmation ID for product 77db037b-95c3-48d7-a3ab-a9c6d41093e0 deposited successfully.
After this step, Extended Security Updates License is activated successfully (slmgr /dlv <Esu Activation Id> should show Licensed).

To get the Extended Security Updates on the Nested VMs even if you are running on Azure you need to install and activate the Extended Security Updates key on the top-level guest VM (aka Nested VM). For detailed instructions on how to purchase and activate Extended Security Updates (for both Windows Server 2008/ 2008 R2 and Windows 7), please see this blog post on Tech Community.

Customers may use their preferred tools for software and hardware inventory. Find links to inventory tools from Microsoft and our partners on the Azure migration center site.

Customers can migrate workloads from a VMware-based virtual machine on-premises to Azure Virtual Machines using Azure Site Recovery or use many partner tools. Another option is the new VMware on Azure solution, for a dedicated hosting experience.

Yes, customers need to have Software Assurance to take advantage of the BYOL program for SQL Server on Azure Virtual Machines as part of the License Mobility program. For customers without Software Assurance, we recommend customers move to Azure SQL Managed Instance for their 2008 environments. Customers can also migrate to pay-as-you-go Azure Virtual Machines. Software Assurance customers who license SQL by core also have the option of migrating to Azure using the Azure Hybrid Benefit.

Azure SQL Managed Instance is a service in Azure providing nearly 100% compatibility with SQL Server on-premises. Managed Instance provides built-in high availability/disaster recovery capabilities plus intelligent performance features and the ability to scale on the fly. Managed Instance also provides a version-less experience that takes away the need for manual security patching and upgrades. See the Azure pricing guidance page for more information on the BYOL program.

Customers can move legacy SQL Server environments to Azure SQL Managed Instance, a fully-managed data platform service (PaaS) that offers a "version-free" option to eliminate concerns with upgrade and End of Support dates, or to Azure Virtual Machines to have access to Security Updates. Extended Security Updates will be available for SQL Server 2008 and 2008 R2 in Azure Virtual Machines after the End of Support date of July 9th, 2019, for the next three years. For customers looking to upgrade from SQL Server 2008 and 2008 R2, all subsequent versions of SQL Server will be supported. For SQL Server 2012 through 2016, customers are required to be on the latest supported Service Pack. Starting with SQL Server 2017, customers are advised to be on the latest Cumulative Update. Note that Service Packs will not be available starting with SQL Server 2017, only Cumulative Updates and General Distribution Releases (GDRs).

Azure SQL Managed Instance is an instance-scoped deployment option in SQL Database that provides the broadest SQL Server engine compatibility and native virtual network (VNET) support, so you can migrate SQL Server databases to Managed Instance without changing apps. It combines the rich SQL Server surface area with the operational and financial benefits of an intelligent, fully managed service. Leverage Azure Database Migration Service to move SQL Server 2008 and 2008 R2 to Azure SQL Managed Instance with few or no application code changes. Azure SQL Managed Instance is also enabled by Azure Arc to run in customers on-premises datacenters. Customers can choose to modernize in-place with the same PaaS benefits when their workloads cannot move to Azure.

Windows Server instances running on Azure, including VMware and Nutanix solutions, as well as Azure connected devices Azure Stack Hub and Azure Stack HCI are eligible for free Extended Security Updates.

Apps running with or on SQL Server and Windows Server 2008 or 2008 R2 can generally be rehosted to Azure with no application code change. Customers that are ready to upgrade, either in Azure or on-premises, can review the Azure Marketplace Catalog, as well as consult with their software vendor to find the matrix of supported apps on all the Windows Server and SQL Server versions.

Note: Both Normal and Classic VMs with Windows Server are supported

Customers should assess their application infrastructure before migrating any server applications. They can learn more about the recommended process in the Azure Migration Center where you will learn how to leverage services like Azure Migrate to complete a readiness assessment including a cost estimate to run the application infrastructure in Azure. For further questions, work with your Microsoft partner, Microsoft Services, or your Account team to evaluate application readiness.

Customers can find links to upgrade guidance at our End of Support Resource Center or in our Windows Server upgrade documentation.

Customers can find links to upgrade guidance at our End of Support Resource Center and in the Database Migration Guide.

SQL Server 2016 and SQL Server 2017 are supported on Windows Server 2019. Earlier versions (SQL Server 2012 and SQL Server 2014) are not. Find additional details on the Windows Server 2019 App Compatibility Docs page.

Azure Site Recovery can migrate these VMs to Azure but will convert them to an Azure IaaS Gen-1 virtual machine. Gen-2 is not supported at this time.

For advice on how to optimize SQL Server performance on Azure Virtual Machines, refer to this guide on SQL Server performance.

For Windows Server 2008 and 2008 R2, the following System Center versions are supported:

Product: SCOM (System Center Operations Manager) Server
System Center 2012 and 2012 R2: Yes*
System Center 2016: No
System Center 2019: No

Product: SCOM (System Center Operations Manager) (Agent Monitoring only)
System Center 2012 and 2012 R2: Yes
System Center 2016: Yes
System Center 2019: No

Product: VMM (Virtual Machine Manager) Server
System Center 2012 and 2012 R2: No
System Center 2016: No
System Center 2019: No

Product: VMM (Virtual Machine Manager) Agent
System Center 2012 and 2012 R2: Yes*
System Center 2016: No
System Center 2019: No

Product: Orchestrator
System Center 2012 and 2012 R2: Yes
System Center 2016: No
System Center 2019: No

Product: Service Manager
System Center 2012 and 2012 R2: Yes
System Center 2016: No
System Center 2019: No

Product: DPM (Data Protection Manager) Server
System Center 2012 and 2012 R2: Yes
System Center 2016: No
System Center 2019: No

Product: DPM (Data Protection Manager) Agent
System Center 2012 and 2012 R2: Yes
System Center 2016: Yes
System Center 2019: No

Product: ConfigMgr (System Center Configuration Manager)
System Center 2012 and 2012 R2: No
System Center 2016/2019 LTSB: No
System Center Current Branch: Yes**

*Windows Server 2008 R2 only

**For clients covered by Extended Security Updates, the latest released version of ConfigMgr (current branch) can deploy and install any security updates released. Client management features not related to patch management or operating system deployment will no longer be tested on the operating systems covered under by Extended Security Updates. While they may continue to function in some capacity for a period, there are no guarantees. Microsoft recommends upgrading or migrating to current operating systems to receive client management support.

The SQL Management Pack for SCOM (System Center Operations Manager) can be used to monitor SQL Server 2008 and 2008 R2 instances. Customers can also use DPM (Data Protection Manager) to back up SQL Server 2008 and 2008 R2 instances. The following System Center versions are supported for these purposes:

Component: SCOM (System Center Operations Manager)
System Center 2012 and 2012 R2: Yes
System Center 2016: Yes
System Center 2019: No

Component: DPM (Data Protection Manager)
System Center 2012 and 2012 R2: Yes
System Center 2016: Yes
System Center 2019: No

Extended Security updates will continue to be available through all normal channels – Windows Update , Windows Server Update Service, and Catalog. Importing from the online catalog into Windows Server Update Services (WSUS) is not required.

The updates will show as not applicable in Windows Server Update Service (WSUS). IF you try to install the Extended Security Updates  update manually from catalog it will fail to install.

Also, please note, Extended Security Updates  activated devices and non- Extended Security Updates activated devices can exist in the same computer group for patch deployment.

3rd party application control solutions are not a replacement for product security fixes.

After January 14, 2020, the first Extended Security Updates update date will align with the patch Tuesday date in February 2020.

SQL Server 2008 SP3 and 2008 R2 SP2, and Windows Server 2008 SP2 and 2008 R2 SP1 will be supported on Azure Stack.

Azure does not currently support shared storage clustering. For advice on how to configure a highly available SQL Server instance on Azure, refer to this guide on SQL Server High Availability.

The Azure Hybrid Benefit for SQL Server lets customers use their existing licenses to save on Azure Virtual Machine rates. Customers with Software Assurance can use the Azure Hybrid Benefit to pay a reduced base rate on Azure SQL Managed Instance vCore-based options, SQL Server in Azure Virtual Machines and SQL Server Integration Services (SSIS). You may apply this benefit even if the SKU is active but note the base rate will be applied from the time you select it in the portal. No credit will be issued retroactively.

Visit the Azure Hybrid Benefit landing page to learn more. For more detailed information, visit the Azure Hybrid Benefit FAQ.

The Azure Hybrid Benefit lets customers use existing Windows Server licenses to save on Azure Virtual Machine rates. You can use the benefit with Windows Server Datacenter and Standard edition licenses covered with Software Assurance or Windows Server Subscriptions.

Visit the Azure Hybrid Benefit landing page to learn more. For more detailed information, visit the Azure Hybrid Benefit FAQ.

Today, we offer SQL Server customers with Software Assurance license mobility benefits which allows re-assignment of their licenses to third party shared servers. This benefit can be used on unmanaged offerings in the cloud (i.e., VM/hosted), and the customer must bring their own media, and fill out all the compliance forms with the third-party cloud providers. Customers only get one core in the cloud for every core they own on-premises, and can only run in their specified edition, i.e. Standard can only run in Standard Edition in the cloud.

Azure Hybrid Benefit allows for:

Moving your licenses to a fully managed PaaS product. We are the only cloud that has this. AWS RDS license mobility is now prohibited.

180 days of dual use rights on-premises and in the cloud.

No requirement for submission of licensing compliance papers, just a check box in the portal.

For customers that want a hosted solution, they should combine Azure Hybrid Benefit for SQL Server + Azure Hybrid Benefit for WS for the best savings - you can only do this on Azure.

Yes, Software Assurance is required for License Mobility.

Azure Hybrid Benefit datasheet

Server 2008 and 2008 R2 end of support datasheet

Azure Hybrid Benefit FAQ

Windows 7 end of support