I was truly blown away by the content and collaboration for this event. This community is truly AMAZING, we had MVPs, Intel, Product Managers and Engineers all share their knowledge and experience.
Here I'm sharing some of the big take-aways from the event and topics you can drill down into with additional sessions. These updates are from the Windows Server Summit Session: What's New in Windows Server 2025
Windows Server 2025
Hotpatching
- Now you can install security patches without a reboot. This is accomplished by modifying in memory code without restarting the process. Makes patching aster to install as well.
- First debuted with Windows Azure Edition 2022 and now available for every edition of Windows Server by Arc enabling them. Windows Server 2025 standard or datacenter, physical or virtual, or residing on other clouds.
- Good to know - No additional cost for Azure editions/monthly sub via the Azure portal.
- Quarterly updates will require reboots. Hotpatch is security updates only where security and non-security updates will be part of quarterly baseline updates.
For more on hotpatching check out this part of the event:
Hotpatching: Improving server security and productivity | Windows Server Summit 2024 (microsoft.com)
Active Directory/AD
Security updates:
- LADP support for TLS1.3
- LDAP prefers encryption by default.
- Kerberos support for AES SHA 256/384 – stronger encrypting and signing mechanisms.
Changes to default behavior of legacy SAM RPC password change methods
Kerberos and PKINT support cryptographic agility – added SHA-2 support for PIKINT and SHA 256/384 support. - 32 K DB Page sizes. Used to be 8k pages. Forest wide basis requires all DCs to use 32k page database.
Now NUMA Aware
- Utilizes CPUS in all processor groups.
Priority boost
- Boosted replication links get replication queue priority.
New Functional levels for forest and domain
- AD forests have to be functional level of Server 2016 or greater.
- Promotion of an AD or AD LDS replica requires existing domain or config set is already running with a functional level of Win 2016 or higher.
Secure Kerberos authentication
- Local KDC (Key distribution service) now being built into windows not just DCs.
- Kerberos auth for local user accts
- IAKerb – more Kerberos negotiation for more scenarios. Classic AD, IP Addresses, no SPNS, local KDCs
- DEATH OF NTLM? https://aka.ms/ntlm
For more on Active Directory, Windows Authentication and Security, check out these sessions from the event:
What's new in Active Directory for Windows Server 2025 | Windows Server Summit 2024 (microsoft.com)
Protecting Active Directory from management plane attacks | Windows Server Summit 2024 (microsoft.co...
The evolution of Windows authentication | Windows Server Summit 2024 (microsoft.com)
An ounce of prevention is worth a pound of detection | Windows Server Summit 2024 (microsoft.com)
Storage
- Optimized NVME -improves performance and lower CPU utilization.
- Demo of Win 2022 vs Win 2025 on the same hardware a 70 percent performance improvement is seen.
Storage replica
- Performance enhancements with enhanced log
- Compression now available in all editions of Windows Server
- ReFS – Optimized deduplication and compression, great for active workloads (VMs).
- File servers save 60% of storage, VHD/ISO backups save – 90% of storage.
- Storage Spaces – Thinly provisioned storage spaces, stretch cluster support
For more on Windows Storage, check out these sessions from the event
New storage features in Windows Server 2025 | Windows Server Summit 2024 (microsoft.com)
Demo bytes: SSH for Azure Arc, Storage Replica | Windows Server Summit 2024 (microsoft.com)
Windows Server 2025 ReFS booted images for confidential VMs | Windows Server Summit 2024 (microsoft....
Failover Clustering
Cluster aware updating for OS upgrades
- Upgrade from Windows Server 2022 to 2025 with no downtime. (Roll updates through the nodes)
- Workgroup clusters -certificate based (not joined to domain) can perform VM Live migration. Enabling Hyper-V with no access to domain controller to live migrate.
- GPU-P VM live migration on a failover cluster
Storage spaces direct (s2d) Stretch Clusters between two sites – improved Storage Replica performance
For more on Failover Clustering, check out this session:
Hyper-V
It is not dead! Foundation for Azure, Azure Stack, Windows Server, Containers with Hyper-V isolation, platform security and XBOX.
- GPU-P share a GPU across multiple VMs.
- GPU Pools – assign a GPU to an individual VM.
- Dynamic processor compatibility – live migrating between servers with different process capabilities is enabled.
- Improved performance, increased granularity on processor compatibility, enhanced dynamic capabilities on SLAT Capable processors.
- Increased scalability – Larger VMs possible, support for 240 TB RAM and 2048 virtual processors.
Networking
- Network ATC -one click deployment and drift remediation of host network configuration across the cluster.
- Network HUD – always on alerting and remediation of operational network issues and inefficiencies.
- SDN multisite – Stretched Site Native L2 & L3 connectivity for workloads in multiple locations.
- Parity with stretch clusters.
- Unified network policy management for these workloads.
- Eliminates need to update policies when workloads move across locations.
- SDN Gateway Performance Improvements- 20-50% performance improvements with lower CPU utilization.
- Empowering Modern AKS applications – Secure, scalable and adaptive SDN Infrastructure for Hybrid AKS.
- Hybrid AKS workloads can now be put on SDN networks for Windows Server.
- Enforce customer network policies and routing rules for microservices and applications.
For more on Networking check out these sessions from the event:
Host networking at the edge | Windows Server Summit 2024 (microsoft.com)
Containers
Flexibility
- Container base image portability ABI
- Run WS2022 container on WS2025 without upgrading base image. Upgrade host without having to upgrade the container.
- Increased agility and release cadence with Windows Server annual channel for containers.
- Reduced image size with smaller deltas.
- Improved app compat for Nano Server.
- Networking control path performance improvements
For more on containers, check out this session:
Windows Server app modernization with containers | Windows Server Summit 2024 (microsoft.com)
File Services
SMB over QUIC
- Secure and reliable transport built on UDP
- Use cases - SMB for telecommuters, mobile devices, cloud.
- Does not require VPN, Runs over port 443. Encryption always enabled. Handshake authenticated with TLS 1.3.
- Available in all editions, Standard, Datacenter, Azure Edition
(In WAC you can configure QUIC)
SMB Security Improvements
- Secure by default
- SMB Signing – signing required by default. Stop relay, attacker in the middle, phising attacks
- Auth Rate Limiter – Throttles bad NTLM Passwords by default. Brute force attack prevention (Slows them down)
- SMB Firewall rule hardening – no longer opens NETBIOS port
SMB NTLM Disable option – granular control of remote NTLM
SMB Dialect Control – allow/refuse a range of SMB2 - 3
For more on SMB watch this session
Next-generation SMB file services | Windows Server Summit 2024 (microsoft.com)
Winget - The store for Windows Server
Winget
- Enables users to discover, install and upgrade applications.
- Remove unwanted applications.
- Configure installed applications.
- Acts as the client interface to the windows package manager service.
- Key features – package management. Winget simplifies software management by providing a consistent way to handle applications.
- Command line interface: users interact with winget via commands in the command prompt or PowerShell.
- Open Source: Winget is free and open source, allowing community contributions and improvements
- Easily Install PowerShell 7
- OS Upgrade through Windows Update just like Windows 11experience. Upgrade Win Server 2022-->Win Serv 2025
For more on using winget, watch this session
Windows Server 2025: The upgrade and update experience | Windows Server Summit 2024 (microsoft.com)
Other things of note
Windows 2025 now has an Arc integration wizard.
Wi-Fi Support for edge scenarios.
- Window server with Desktop experience.
- Turned off by default
Licensing
New subscription-based Purchasing Model available along with perptual.
- Windows Server pay as you go.
- Subscription model like Azure Stack HCI and SQL Server 2022.
- Burst or if you need one more VM license.
- Simplifies Hoster licensing
Call to Action!
Download Server 2025 from Windows Server Insiders
Other great sessions:
Windows Admin Center:
Windows Admin Center roadmap: What’s new and what’s coming | Windows Server Summit 2024 (microsoft.c...
Manage Azure File Sync with Windows Admin Center | Windows Server Summit 2024 (microsoft.com)
Future for Windows 2025:
What’s ahead for Windows Server | Windows Server Summit 2024 (microsoft.com)
SCCM:
Security:
Migration:
Seven steps for a successful Azure migration | Windows Server Summit 2024 (microsoft.com)
Microsoft options for VMWare migration | Windows Server Summit 2024
Hope this helps consolidate some of the announcements and let me know if you have any questions!
Thank You
Amy Colyer