The Extended Security Update (ESU) program is the last resort for customers who need to run certain legacy Microsoft products that are past their end-of-support period. It includes critical and important security updates (as defined by the Microsoft Security Response Center or MSRC) for a maximum of three years after the product’s end-of-extended-support date.
Extended Security Updates will be distributed if and when available. ESUs do not include new features, customer-requested non-security updates, or design change requests.
All Windows 7 and Windows Server 2008/R2 customers will still be able to get updates until January 14, 2020. However, only ESU customers will be able to get updates for these operating systems after January 14, 2020.
For more information, including the list of products that have ESU programs, check the Lifecycle FAQ-Extended Security Updates page from Windows.
Microsoft has reported that the updates will be delivered through all the usual update delivery processes, including SCCM Current Branch, WU, WUfB, and WSUS. The update will be programmed to look for the MAK activation at the endpoint, and will only install those systems together with the MAK key.
You can find the steps to activate this MAK key in the Obtaining Extended Security Updates (ESUs) for eligible Windows devices page from Microsoft.
As LanGuard uses WSUS to gather information and report on the needed updates for each system, the functionality of LanGuard performing updates for these systems does not change. If your system does not have the MAK key, your system will not be eligible to receive and install the updates on your system.