Windows Embedded — rebranded Windows IoT Enterprise since the Windows 10 era — is the Microsoft Windows variant designed for fixed-function devices: ATMs, point-of-sale terminals, medical imaging, industrial control panels, kiosks, digital signage. The Embedded SKU is licensed per device, distributed only through authorised Microsoft Distributors (DMI, Arrow, Avnet and a handful of regional partners) to OEMs and system integrators — it is not a consumer or general business product. Its defining feature is a 10-year support lifecycle (Long-Term Servicing Channel) rather than the 18- to 24-month consumer cadence.
Windows XP Embedded → Windows Embedded Standard 7 → Windows Embedded 8 / 8.1 Industry → Windows 10 IoT Enterprise LTSC (2015, 2016, 2019, 2021) → Windows 11 IoT Enterprise LTSC (2024). Each LTSC release has a 10-year support window from its release date. Industry editions also included Pro and Enterprise variants — Pro is for OEM partner channel devices, Enterprise for kiosk lockdown scenarios with Assigned Access, Shell Launcher and Unified Write Filter.
Per-device, sold only through Microsoft Embedded Distributors to OEMs and system integrators with an Embedded agreement. Activation uses the System Locked Pre-installation (SLP) mechanism that ties the licence to the device firmware. Devices cannot be re-licensed to a different chassis. Pricing depends on the device class (general purpose vs thin client vs entry-level) and is set by Microsoft per generation.
IoT Enterprise LTSC 2021 (Windows 10) is supported through January 2032 — well past the consumer Windows 10 end of support in October 2025. Customers with large field-deployed estates (medical, retail, manufacturing) explicitly buy IoT Enterprise to avoid the consumer feature-update treadmill while keeping security patches flowing for a full decade.
Relative fit of each licensing channel for typical buyers of this product. Calibrate against your own scale and renewal strategy.
Windows desktop licensing has three legitimate routes — Retail FPP, OEM pre-installation on new hardware, and Volume Licensing for organisations. Pick the wrong one and you either overpay (Retail for fleet) or break the rules (OEM after the fact).
The small set of decisions that determine whether you overpay, fail an audit, or land in the right place.
Three reference deployments — find the closest match and adapt rather than starting from zero.
None of these are tricks — they are the same levers Microsoft's own licensing specialists pull on every renewal.
These four signals show up in every counterfeit-licence case we have seen. If any of them is present, walk away — no discount makes it worthwhile.
OEM keys are distributed only pre-installed on hardware and stay bound to that device for life. A separately sold OEM key is almost certainly leaked, harvested from scrapped hardware, or fully counterfeit.
Microsoft entitlement always leaves a paper trail — a Volume Licensing Service Center record, a CSP invoice, a sealed Retail box with a COA, or a Microsoft Store order. No proof = no defence in an audit.
Classic symptom of a MAK key that has exceeded its activation pool, or a KMS key being abused outside its volume programme. Microsoft revokes these centrally; the activation grace period is short.
Legitimate CSPs and LARs transfer the licence into your Microsoft 365 / Azure / VLSC tenant under your domain. If the seller insists on activating 'for you' on their account, you do not own anything.
Quick definitions — the full glossary lives at /en/glossary if you need to dig deeper.