Posted inUS_1

Windows Server 2025 Release Date: What to Expect and New Features

No Comments

Windows Server 2025 is the next highly anticipated iteration of Microsoft’s server operating system, promising significant advancements in security, performance, and hybrid cloud integration. While the official Server 2025 Release Date remains a topic of keen interest within the IT community, Microsoft has been actively sharing details about the exciting new features and improvements coming to this platform.

This article dives into the key innovations of Windows Server 2025, drawing from official Microsoft documentation, to give you a comprehensive overview of what to expect. Although a definitive server 2025 release date is still pending announcement, understanding these features will help you prepare for its arrival and strategize your infrastructure upgrades.

Desktop Experience and Upgrade Enhancements

Windows Server 2025 brings several updates to the desktop experience, making server management more intuitive and user-friendly.

Streamlined Upgrade Process

Upgrading to Windows Server 2025 is designed to be smoother than ever. You have the flexibility to perform in-place upgrades from source media or directly through Windows Update. For organizations preferring controlled rollouts, Microsoft offers feature updates via Windows Update, allowing for incremental upgrades managed through Group Policy. This feature update capability is available for devices running Windows Server 2019 and Windows Server 2022.

For those running older systems, Windows Server 2025 supports in-place upgrades from Windows Server 2012 R2 and later versions, enabling you to jump multiple versions in a single upgrade process.

Modern Desktop Shell and User Interface

Upon the first sign-in, users will notice a refreshed desktop shell aligning with the modern style and appearance of Windows 11. This consistency across Microsoft’s operating systems provides a more familiar and cohesive user experience.

Bluetooth Support

Windows Server 2025 now natively supports Bluetooth connectivity. This addition simplifies connecting peripherals like mice, keyboards, headsets, and audio devices directly to the server, enhancing usability, especially in environments where physical access might be limited.

Native DTrace Support

For performance monitoring and troubleshooting, Windows Server 2025 integrates dtrace as a native command-line tool. DTrace allows real-time system performance analysis at both the kernel and user-space levels without requiring code modifications. This powerful tool supports various data analysis techniques, including aggregations, histograms, and user-level event tracing, providing administrators with deep insights into system behavior.

Enhanced Account Management

Managing accounts is simplified with Windows Server 2025. The Settings app now allows adding various account types under Accounts > Email & accounts, including:

  • Microsoft Entra ID
  • Microsoft Account
  • Work or School Accounts

While domain join remains essential for most scenarios, these expanded account options offer greater flexibility in user and identity management.

Feedback Hub Integration

Microsoft values user feedback, and Windows Server 2025 includes the Windows Feedback Hub. This tool allows users to easily submit feedback and report issues directly to Microsoft. Including screenshots or recordings with feedback helps provide valuable context for issue resolution and feature improvements.

File Compression Enhancements

Managing files is more efficient with the new compression feature in Windows Server 2025. Accessible through a right-click context menu, the “Compress to” option supports ZIP, 7z, and TAR compression formats, offering a range of options for different compression needs.

Customizable Pinned Apps

The Start menu in Windows Server 2025 is now more customizable with pinned apps. Users can pin their frequently used applications for quick access. Default pinned apps include essential tools like Azure Arc Setup, Feedback Hub, File Explorer, Microsoft Edge, Server Manager, Settings, Terminal, and Windows PowerShell, providing a solid starting point for server administration.

Modern Task Manager

The Task Manager in Windows Server 2025 receives a visual refresh, adopting the modern Mica material design language consistent with Windows 11. This update brings a more contemporary look and feel to this essential system utility.

Integrated Wi-Fi Support

Wireless network capabilities are more readily available in Windows Server 2025. The Wireless LAN Service feature is now installed by default, simplifying the process of enabling Wi-Fi. While the service startup is set to manual, enabling it is as simple as running net start wlansvc in the command line, Windows Terminal, or PowerShell.

Windows Terminal by Default

For command-line aficionados, Windows Terminal is now included by default in Windows Server 2025. This powerful multi-shell application provides a modern and efficient command-line experience, readily accessible via the search bar.

WinGet Package Manager

Software management is streamlined with WinGet, the command-line Windows Package Manager, pre-installed in Windows Server 2025. WinGet simplifies application installation and management, offering a centralized tool for software lifecycle management on Windows Server.

Advanced Multilayer Security Features

Security is paramount in Windows Server 2025, with significant enhancements across multiple layers to protect your infrastructure.

Hotpatching for Azure Arc-connected Servers (Preview)

Minimize downtime with Hotpatch, now available in preview for Windows Server 2025 machines connected to Azure Arc. Once enabled in the Azure Arc portal, Hotpatch allows applying OS security updates without requiring a machine restart. This feature significantly improves uptime and reduces the impact of security patching.

Credential Guard Enabled by Default

Starting with Windows Server 2025, Credential Guard is enabled by default on compatible devices. Credential Guard leverages virtualization-based security to protect credentials, mitigating pass-the-hash attacks and enhancing overall credential security.

Active Directory Domain Services Innovations

Active Directory Domain Services (AD DS) and Active Directory Lightweight Domain Services (AD LDS) receive substantial updates in Windows Server 2025, enhancing domain management and security.

  • Optional 32k Database Page Size: A significant architectural update allows for an optional 32k database page size for new domain controllers, moving beyond the legacy 8k limit. This change overcomes limitations in object size and multivalued attributes, offering scalability improvements. New DCs can be installed with a 32k-page database, while upgraded DCs retain their existing format.

  • Active Directory Schema Updates: Schema extensions are introduced with three new log database files (sch89.ldf, sch90.ldf, and sch91.ldf) for AD DS, and MS-ADAM-Upgrade3.ldf for AD LDS, further expanding the capabilities of Active Directory.

  • Active Directory Object Repair: Administrators gain the ability to repair objects with missing core attributes like SamAccountType and ObjectCategory and reset the LastLogonTimeStamp attribute, improving domain health and management.

  • Channel Binding Audit Support: Auditing capabilities are expanded with events 3074 and 3075 for LDAP channel binding, allowing administrators to identify devices not supporting secure channel binding policies.

  • DC-location Algorithm Improvements: The domain controller discovery algorithm is enhanced with improved mapping of short NetBIOS-style domain names to DNS-style domain names, streamlining domain discovery.

  • Forest and Domain Functional Levels: A new functional level is introduced to support the 32k database page size feature and general supportability, represented by DomainLevel 10 and ForestLevel 10. Microsoft recommends planning upgrades to Windows Server 2022 in preparation for Windows Server 2025.

  • Improved Algorithms for Name/SID Lookups: Local Security Authority (LSA) Name and SID Lookup forwarding now leverages Kerberos authentication and the DC Locator algorithm instead of the legacy Netlogon secure channel, enhancing security.

  • Improved Security for Confidential Attributes: LDAP operations involving confidential attributes now require encrypted connections, further securing sensitive data within Active Directory.

  • Improved Security for Default Machine Account Passwords: Active Directory now uses randomly generated default computer account passwords, and Windows 2025 DCs block setting passwords to the default computer account name, mitigating security risks associated with default passwords.

  • Kerberos PKINIT Support for Cryptographic Agility: Kerberos Public Key Cryptography for Initial Authentication (PKINIT) is updated to support cryptographic agility, allowing for broader algorithm support and removing hardcoded algorithms.

  • LDAP Encryption by Default: LDAP client communication after SASL bind now defaults to LDAP sealing, enhancing the security of LDAP traffic.

  • LDAP Support for TLS 1.3: LDAP now supports TLS 1.3, leveraging the latest SCHANNEL implementation for LDAP over TLS connections, eliminating outdated cryptographic algorithms and strengthening security.

  • Legacy SAM RPC Password Change Behavior Restrictions: Legacy SAM RPC password change methods are restricted, with secure protocols like Kerberos being the preferred method. Remote calls to legacy methods are blocked by default, especially for Protected Users group members and local accounts on domain-joined computers.

  • NUMA Support: Active Directory Domain Services now takes advantage of Non-Uniform Memory Access (NUMA) capable hardware, utilizing CPUs across all processor groups and expanding beyond 64 cores, improving performance on modern hardware.

  • Performance Counters: New performance counters are available for monitoring and troubleshooting DC Locator, LSA Lookups, and LDAP client performance, providing deeper insights into Active Directory operations.

  • Replication Priority Order Control: Administrators can now prioritize replication with specific partners for particular naming contexts, offering more granular control over replication traffic flow.

Delegated Managed Service Accounts (dMSA)

Windows Server 2025 introduces Delegated Managed Service Accounts (dMSA), a new account type designed to facilitate migration from traditional service accounts. dMSAs offer managed and randomized keys, minimizing application changes while disabling original service account passwords, enhancing security and manageability.

Windows Local Administrator Password Solution (LAPS) Enhancements

Windows LAPS receives significant improvements in Windows Server 2025, further enhancing local administrator password management.

  • Automatic Account Management: Simplified creation and management of managed local accounts, including customizable account names, enabling/disabling accounts, and randomizing account names.

  • Image Rollback Detection: A new feature detects image rollbacks using the msLAPS-CurrentPasswordVersion Active Directory attribute, ensuring password synchronization and immediate rotation upon rollback detection, preventing “torn state” issues.

  • Passphrase Support: Windows LAPS now supports generating less complex, more readable passphrases (e.g., “EatYummyCaramelCandy”) using configurable word lists and passphrase length, offering a balance between security and usability.

  • Improved Readability Password Dictionary: A new PasswordComplexity setting (5) excludes visually similar characters (e.g., 1 and I, 0 and O) from generated passwords, improving readability and reducing confusion.

  • Post-Authentication Action (PAA) Enhancements: A new PAA option allows resetting the password, signing out the managed account, and terminating any remaining processes running under the managed account, enhancing security and control after authentication.

OpenSSH Included by Default

OpenSSH, a critical connectivity tool, is now installed by default in Windows Server 2025. Server Manager includes a one-step option to enable or disable the sshd.exe service, and user access can be controlled via the OpenSSH Users group, simplifying secure remote management.

Security Baseline Implementation

Implementing a customized security baseline is easier with Windows Server 2025, offering over 350 preconfigured Windows security settings. This baseline allows organizations to establish a strong security posture from the outset, aligning with Microsoft and industry best practices.

Virtualization-Based Security (VBS) Enclaves

Windows Server 2025 introduces Virtualization-Based Security (VBS) enclaves, providing software-based trusted execution environments within a host application’s address space. VBS enclaves isolate sensitive application portions in secure memory partitions, enhancing protection against both host application vulnerabilities and malicious attackers.

Virtualization-Based Security (VBS) Key Protection

VBS key protection allows Windows developers to secure cryptographic keys using VBS. Keys are isolated in a secure process, and operations occur without exposing private key material. At rest, keys are encrypted using a TPM key, binding them to the device and preventing exfiltration attacks.

Secured Connectivity Enhancements

Windows Server 2025 focuses on securing network connections with several improvements.

Secure Certificate Management

Certificate management is enhanced with SHA-256 hash support for certificate searching and retrieval functions. TLS server authentication now mandates a minimum RSA key length of 2,048 bits, strengthening TLS security across Windows.

SMB over QUIC Now Standard

The SMB over QUIC server feature, previously exclusive to Windows Server Azure Edition, is now available in Windows Server Standard and Datacenter editions. SMB over QUIC provides low-latency, encrypted internet connections via QUIC protocol.

SMB over QUIC Policy Control and Auditing

Administrators can disable SMB over QUIC client via Group Policy and PowerShell. Auditing capabilities are expanded for SMB signing, encryption, and SMB over QUIC connections, providing detailed event logs for monitoring and security analysis.

SMB over QUIC Client Access Control

Client access control for SMB over QUIC is introduced, allowing administrators to restrict data access using certificates, adding a layer of security for edge file servers over untrusted networks.

SMB Alternative Ports

Windows Server 2025 allows SMB clients to connect to alternative TCP, QUIC, and RDMA ports, deviating from default ports (445, 5445, 443). This configuration flexibility is manageable via Group Policy or PowerShell.

SMB Firewall Rule Hardening

SMB firewall rules are hardened with the introduction of the File and Printer Sharing (Restrictive) group. New SMB shares now automatically configure this restrictive group, blocking inbound NetBIOS ports 137-139 by default.

Enforce SMB Encryption

SMB encryption enforcement is enabled for all outbound SMB client connections. Administrators can mandate SMB 3.x and encryption support on destination servers, ensuring secure connections.

SMB Authentication Rate Limiter

The SMB authentication rate limiter is enabled by default, mitigating brute-force authentication attacks by introducing delays between failed NTLM or PKU2U authentication attempts.

Disable SMB NTLM

SMB client now supports blocking NTLM for remote outbound connections, promoting the use of more secure authentication mechanisms like Kerberos.

SMB Dialect Control

Administrators gain control over SMB dialect negotiation, allowing configuration of SMB 2 and SMB 3 dialects negotiated by the SMB server, offering finer control over SMB protocol versions.

SMB Signing Required by Default

SMB signing is now mandatory for all outbound SMB connections, enhancing security by default, extending beyond the previous requirement for SYSVOL and NETLOGON shares on Active Directory DCs.

Remote Mailslot Deprecation

The Remote Mailslot protocol is disabled by default for SMB and DC Locator protocol use with Active Directory and may be removed in future releases, reflecting a move away from legacy technologies.

Routing and Remote Access Services (RRAS) Hardening

New RRAS installations no longer accept VPN connections based on PPTP and L2TP by default, encouraging the use of more secure protocols like SSTP and IKEv2. Existing configurations remain unaffected by default, preserving backward compatibility for upgrades.

Hyper-V, AI, and Performance Enhancements

Windows Server 2025 brings performance and scalability improvements to Hyper-V, along with features relevant to AI workloads.

Accelerated Networking (AccelNet)

Accelerated Networking (AccelNet) simplifies SR-IOV management for VMs in Windows Server 2025 clusters. AccelNet leverages SR-IOV for high-performance networking, reducing latency, jitter, and CPU utilization, while providing a management layer for configuration and optimization.

Hyper-V Manager Default Generation

When creating new VMs in Hyper-V Manager, Generation 2 is now the default VM generation, reflecting the best practices for modern virtual machines.

Hypervisor-Enforced Paging Translation (HVPT)

Hypervisor-enforced paging translation (HVPT) is a security enhancement enabled by default (where hardware supported), protecting critical system data from write-what-where attacks by securing page tables and extending hypervisor-protected code integrity (HVCI).

GPU Partitioning Enhancements

GPU partitioning (GPU-P) allows sharing physical GPUs with multiple VMs. Hyper-V GPU-P now includes high availability, automatically enabling GPU-P VMs on other cluster nodes during unplanned downtime. GPU-P Live Migration enables moving VMs with GPU-P to different nodes for planned maintenance or load balancing.

Dynamic Processor Compatibility Updates

Dynamic processor compatibility mode is updated to leverage new processor capabilities within clusters, using the maximum feature set available across cluster servers and improving performance compared to previous compatibility modes. It also supports state saving between virtualization hosts with different processor generations.

Workgroup Clusters for Hyper-V

Hyper-V workgroup clusters, a special type of Windows Server Failover Cluster, enable live migration of VMs in workgroup environments without Active Directory domain membership, expanding deployment flexibility.

Network ATC for Simplified Network Configuration

Network ATC streamlines network configuration deployment and management for Windows Server 2025 clusters. Using an intent-based approach (management, compute, storage), Network ATC automates configuration, reducing complexity, errors, and configuration drift, ensuring consistency across the cluster.

Hyper-V Scalability Improvements

Hyper-V in Windows Server 2025 achieves significant scalability increases, supporting up to 4 petabytes of memory and 2,048 logical processors per host, and up to 240 TB of memory and 2,048 virtual processors for generation 2 VMs, accommodating larger and more demanding workloads.

Storage Innovations

Windows Server 2025 introduces several storage enhancements focused on performance and efficiency.

Block Cloning Support for Dev Drive

Dev Drive, optimized for developer workloads, now supports block cloning, leveraging the Resilient File System (ReFS) format. Block cloning significantly accelerates file copying by using metadata operations instead of full read-and-write operations, improving performance and storage capacity.

Dev Drive for Developer Workloads

Dev Drive, built on ReFS, enhances performance for developer workloads with specific file system optimizations, offering greater control over storage volume settings, security, and administrative control.

NVMe Performance Optimization

Windows Server 2025 optimizes NVMe storage performance, resulting in increased IOPS and reduced CPU utilization for fast solid-state drives.

Storage Replica Compression

Storage Replica now includes compression, reducing data transfer over the network during replication and improving replication efficiency.

Storage Replica Enhanced Log

Storage Replica Enhanced Log improves log implementation, eliminating file system abstraction performance overhead and boosting block replication performance.

ReFS Native Storage Deduplication and Compression

ReFS native storage deduplication and compression optimize storage efficiency for static and active workloads like file servers and virtual desktops, improving storage utilization.

Thin Provisioned Volumes with Storage Spaces Direct

Storage Spaces Direct now supports thin provisioned volumes, enabling efficient storage allocation and preventing over-allocation by allocating pool storage only when needed. Conversion from fixed to thin provisioned volumes is also supported, reclaiming unused storage.

Server Message Block (SMB) Compression with LZ4

SMB in Windows Server 2025 adds support for the industry-standard LZ4 compression algorithm, in addition to existing algorithms, enhancing SMB compression capabilities and potentially improving file transfer speeds.

Azure Arc and Hybrid Capabilities

Windows Server 2025 strengthens hybrid cloud integration with enhanced Azure Arc capabilities.

Simplified Azure Arc Setup

Azure Arc Setup is pre-installed as a Feature on Demand, offering a user-friendly wizard and system tray icon to simplify onboarding servers to Azure Arc, extending Azure platform capabilities to diverse environments.

Pay-as-you-go Licensing via Azure Arc

Azure Arc enables pay-as-you-go subscription licensing for Windows Server 2025, providing an alternative to perpetual licensing. This option allows deploying and licensing Windows Server and paying only for actual usage, billed through Azure subscriptions.

Windows Server Management Enabled by Azure Arc

Windows Server Management enabled by Azure Arc offers benefits for customers with Software Assurance or subscription licenses, including:

  • Windows Admin Center in Azure Arc: Manage Windows Server instances directly from the Azure Arc portal, providing a unified management experience across on-premises, cloud, and edge environments.

  • Remote Support Enhancements: Grant just-in-time access to professional support with detailed execution transcripts and revocation rights, improving support efficiency and security.

  • Best Practices Assessment: Automated server data collection and analysis provide issue detection, remediation guidance, and performance improvement recommendations.

  • Azure Site Recovery Configuration: Simplified configuration of Azure Site Recovery for business continuity, enabling replication and data resilience for critical workloads.

Software-Defined Networking (SDN) Advancements

Software-Defined Networking (SDN) in Windows Server 2025 offers enhanced flexibility, programmability, and performance for network management.

  • Network Controller as Failover Cluster Service: The SDN Network Controller now runs directly as Failover Cluster services on physical hosts, simplifying deployment, management, and resource utilization by eliminating the need for dedicated VMs.

  • Tag-Based Segmentation: Administrators can use custom service tags to associate network security groups (NSGs) and VMs for access control, using intuitive labels instead of IP ranges, simplifying network security policy management.

  • Default Network Policies: Azure-like default network policies are introduced for NSGs, denying all inbound access by default and allowing selective opening of well-known ports while permitting full outbound access, enhancing VM security from creation.

  • SDN Multisite: SDN Multisite provides native layer 2 and layer 3 connectivity between applications across geographically separated locations without extra components, enabling seamless application mobility and unified network policy management.

  • Enhanced Performance of SDN Layer 3 Gateways: SDN Layer 3 gateways achieve higher throughput and reduced CPU cycles, improving network performance for SDN deployments.

Windows Containers Portability

Windows Server 2025 emphasizes container portability, allowing users to move container images and associated data between different hosts or environments without modifications, simplifying upgrades and enhancing container flexibility and compatibility.

Windows Server Insider Program

Stay informed about the server 2025 release date and upcoming features by joining the Windows Server Insider Program. This program provides early access to the latest Windows Server builds, allowing you to test new features and provide feedback directly to Microsoft. While the server 2025 release date is not yet public, the Insider Program is the best way to get the most up-to-date information and prepare for the official launch.

For further discussions and community engagement related to Windows Server Insider builds, refer to the Windows Server Insider Community discussions.

While we eagerly await the official server 2025 release date, the wealth of new features and improvements already unveiled promises a significant step forward for the Windows Server platform. Keep an eye on official Microsoft channels and the Windows Server Insider Program for updates on the server 2025 release date and further details.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *