We\u2019re coming up to the Windows 7 end of life date. January 2020 will be the last time Windows 7 will receive a security update, although customers with a premier support contract can purchase Extended Security Updates (ESU) for Windows 7 Professional and Enterprise through January 2023.Alternatively, when Windows Azure virtual desktop is released, you can purchase virtual desktop and ESU will be provided free of charge to allow you to transition to Windows 10. However, some might find neither option feasible or have a reason (as I do) to keep Windows 7 around to access older line-of-business applications. In my case, we need it to run older versions of specialized software to prepare historical calculations.Clearly, we do not want to expose our network and our systems to undue risk that Windows 7 presents. What can you do to isolate these potentially vulnerable and risky Windows 7 systems so that they don\u2019t introduce risk into your network? Plenty. Here are your options:Block the machines from being able to browse the internet. Use the proxy trick from the XP era to keep older systems from the web. Enable proxy settings and use the same proxy server for all addresses. Select \u201dDo not use proxy server for local (intranet) addresses\u201d. Then enter 127.0.0.1 into \u201cAddress of proxy\u201d and 80 into the \u201cPort\u201d setting. You can also use these settings via Group policy to block it for certain users.Isolate the machine on a private network that isn\u2019t able to access the internet.Virtualize Windows 7 and narrow the scope of the use of the system so that it\u2019s only used when absolutely necessary. You will need to license the machine using software assurance to transfer it to a virtual machine.Install Microsoft\u2019s Enhanced Mitigation Experience Toolkit on Windows 7. While it, too, is no longer supported, you can import the settings to protect popular software.Don\u2019t log into the system with administrator credentials and use only limited user rights. If you have issues running a line-of-business application without administrator rights, use LUA Buglight to determine what registry keys or file locations need elevated rights.Disable autorun functionality.Review your Data Execution Prevention Protection settings and ensure they are enabled.Ensure you update to the latest version of Office and don\u2019t use older versions of Office.Don\u2019t open email on Windows 7 (and especially don\u2019t follow HTML links).Ensure all final updates are installed as Windows 7 starts its final days. Ensure you manually scan for updates and review what optional updates you may not have installed in the past.All these steps won\u2019t protect you from all unpatched vulnerabilities, so it\u2019s crucial that you understand the risks you are taking by running unpatched software. If there is a need to keep an older operating system, do the best you can to isolate it from the rest of your production network. Then plan on retiring these systems as soon as you can.