The newest version of the Windows Server operating system is always an evolution of its predecessor. There are certainly pieces of technology contained inside that are brand-new, but there are even more places where existing technologies have been updated to include new features and functionality. In the case of Windows Server 2025, there are even some functions and features that are specifically called out by Microsoft as being deprecated and leaving us for good. As is often the case with Microsoft operating system releases, there are many intricate and under-the-hood changes, but not all of them are going to impact the way that you work on servers. For a full list of changes, you can simply visit Microsoft’s Learn documentation, search “What’s new in Server 2025?”, and get a play-by-play. Re-creating a cut and paste list here would be insulting to you as a reader and able-bodied IT person, so for the purposes of this chapter, I have selected new and updated feature sets that genuinely interest me as I believe these will also be the most interesting changes to you, in the businesses that you support. Let’s spend a few minutes providing an overview of some (truly interesting) changes that exist in Windows Server 2025.
CPU compatibility
For anyone who has worked with Windows Server for a long time, you likely hold it in your mind as tightly bound with Intel Xeon processors. Historically, I have found it quite rare to experience a production physical server that is running anything other than Xeon CPUs. This mindset may suddenly shift with Windows Server 2025, as Microsoft now supports a range of both Intel and AMD processors to run its latest operating system.
Updated in-place upgrades
If you’ve been following Microsoft’s progression of Windows Server through the years, and have helped to bring environments from 2016 -> 2019 -> 2022, you probably realize already that the in-place upgrade option has been significantly enhanced and improved over these years. Upgrading servers used to be a real challenge, and it was often easier to simply create a brand new server and transition your roles and data to it. I would say that starting with Server 2019, the option to in-place upgrade really stabilized and has continued to improve in the years since. Why are we talking about it in the “What’s new?” section? Because you can now in-place upgrade a server right from inside Windows Update settings! This is common knowledge in the Win10 -> Win11 world, but unprecedented for Windows Server. Shortly, we will spend some time installing Windows and upgrading a previous Windows Server to 2025, and we’ll also test out this new capability to allow that server to self-install Server 2025 by simply clicking some buttons inside the Windows Update settings. This is the same mechanism that Windows workstations have used to implement in-place feature updates for years. While the new Windows Update single-button mechanism for upgrading is only available on very recent servers, Microsoft has also expanded in-place upgrade capabilities when using the Windows Server 2025 installation media. As long as you have that ISO or DVD from which you can launch into an installer, you can perform what is known as N-4 versioning. That is, you can in-place upgrade 4 versions at a time! What this means in plain text is that you can pop Windows Server 2025 installation media into Windows Server 2012 R2 (or anything newer), and it will in-place upgrade all the way to Windows Server 2025. Holy moly, that is impressive.
Hotpatching
Windows Server hotpatching is an idea that came to light during the Server 2022 release, but only pertained to servers running the special Windows Server 2022 Azure Edition SKU. I recently attended a Microsoft presentation where it was made known, at no surprise to anyone, that hotpatching was by far the #1 requested update for Windows Server 2025’s release.
Now integrated into Windows Server 2025, with no reliance on the special Azure Edition version, hotpatching enables your servers to continue patching their regular monthly patch cycle, without rebooting! Microsoft releases and installs these monthly security patches in a new way that puts the updated code into place in real time, no longer requiring a restart of those services or the operating system to bring them to life. Then, once per quarter, Microsoft releases a more traditional round of updates that do require a restart, but seriously, if we could get away with restarting servers once per quarter rather than once per month, think about all of the increased uptime percentages and decreased headaches with planning out maintenance windows.
One very important thing to remember with hotpatching: even though this capability is now built into any version of Windows Server 2025, it can only be employed if your server(s) are tapped into Azure Arc, as this is the mechanism through which hotpatching is administered and managed.
The Windows 11 experience is here!
It was a surprise to many when Windows Server 2022 hit shelves still running a Windows 10 graphical interface, as Windows 11 was already in the wild. Whatever rough edges existed at the time have now been polished, and Windows Server 2025 looks and feels like Windows 11. At this point, Win11 should be familiar territory for anyone who regularly works in IT or with computers at all. It will be nice to fall back into standards when bouncing between workstations and servers in Microsoft-centric infrastructures. Bringing the Windows 11 experience to Server 2025 also brings related toolsets, such as the current Windows Terminal and the updated Task Manager, both of which we will explore within this book.
Azure Edition
We already discussed Windows Server 2025 Datacenter: Azure Edition, but it is still worth calling out that this Azure-specific version still exists and is updated in 2025. Previously, hotpatching and SMB-over-QUIC were two of the primary differentiators between a classic Server 2022 and the Azure Edition, and it is worth noting again that Microsoft is really listening to its audience, as they have now pulled these two great technologies into every version of Windows Server 2025, making them more accessible to the masses.
Bluetooth
In Windows Server 2025, we now have Bluetooth, because…why not? I’m not sure how often this will be utilized, but you can now tap Bluetooth keyboards, mice, headphones, and so on directly to your servers. Maybe this will be particularly useful for developers who might be running Server 2025 on their local workstations as they build out new software (for those not familiar with containers, anyway).
Wireless networking
Similar to my feelings about Bluetooth, when I first saw this, I almost laughed out loud. Are people really going to wirelessly connect Windows Servers? I do have to admit that wireless connectivity has improved dramatically over the past 10 years, and if you’re interested in wirelessly connecting your server, the Wireless LAN Service feature is now installed by default. Microsoft doesn’t really expect this to be a common need, though, and so the service is configured to manually start by default. You will need to intentionally start the service in order to use wireless on your new server.
Microsoft accounts
Most reading this have probably added Entra accounts, Microsoft accounts, or Microsoft work/school accounts to various Windows 10 or Windows 11 computers through the Settings -> Accounts tool. This same capability to make the operating system integrally aware of a Microsoft account now exists in Windows Server 2025 as well.
Credential Guard
Credential Guard has been around as a technology for a while, but is now enabled by default in Windows Server 2025, as long as your system meets hardware and licensing requirements. This is a technology that greatly improves security surrounding NTLM passwords, Kerberos tickets, and the credentials that get stored in Windows by applications. You’ve probably heard about pass-the-hash and pass-the-ticket attacks, and Credential Guard helps to block those types of attacks from happening.
Azure Local
Formerly called Azure Stack HCI, Azure Local is essentially a mechanism to utilize Windows Server 2025 to build your own private cloud. This enables you to employ Azure-specific capabilities, capacities, and protections within your physical building.
Windows Admin Center (WAC)
WAC originally came to us around the same time as Windows Server 2019, and really built some steam with the release of Server 2022. With 2025’s release, WAC is even more tightly integrated with Microsoft’s cloud services, now being tied into Azure Arc. This enables you to manage your Windows Server instances from inside the Azure Arc portal, whether your servers are on-prem or cloud-based!
To be clear, you can still run Windows Admin Center on a local server and allow it to manage your servers, without using Azure Arc at all. In fact, we will be deploying this free tool together later in this book.
Active Directory improvements
There is so much talk about Azure, it can feel like the classic Windows Server is dying. My perception is quite the opposite; the truth in many cloud migration cases is that we are still running regular ole Windows Server instances—they just happen to live in the cloud on Microsoft’s hardware instead of our own. It may seem surprising that Microsoft has pumped a bunch of improvements into something as classic as Active Directory, but ultimately, AD is timeless and will still be around for decades to come. There is quite a list of under-the-hood improvements that have been made to Active Directory Domain Services (AD DS) with the release of Windows Server 2025, most of which you probably wouldn’t care too much about. One stand-out is a major improvement to the JET database that underpins AD, which has been using 8k-sized page files since the year 1999. These pages have now been increased to 32k, a 4x increase, which removes AD object limitations that have always existed in the past. Additionally, default machine account passwords have increased security by using randomly generated computer account passwords, and AD DS can now utilize Non-Uniform Memory Access (NUMA) to take advantage of CPUs in all processor groups, where previously it could only use a single group.
Active Directory also gains some major security improvements, now utilizing current algorithms and encryption methods. For example, LDAP now supports TLS1.3 and Kerberos can run AES SHA256/384.
Delegated Managed Service Accounts (dMSA)
Service accounts in Active Directory have always been a necessary and important tool, but they can be used for evil just as quickly as for good. New with Windows Server 2025, dMSAs link the authentication of these accounts directly to a device’s identity in AD, which prevents attackers from harvesting credentials through a compromised account.
Dynamic Tracing (DTrace)
DTrace is not a brand-new toolset, but previously required installation in Windows. With Windows Server 2025, DTrace is now included out of the box, accessed via your favorite command line. This utility allows for monitoring and debugging of real-time system performance, and can even script actions to be taken based on monitored probes. We will take a closer look at DTrace in our last chapter, Troubleshooting.
Windows Local Administrator Password Solution (LAPS)
LAPS has been around for a long time, but is historically underutilized. Fresh attention has been given to this technology, which is a centralized management tool used to control local administrator passwords on all of your domain-joined machines. With LAPS, it is possible for every workstation to always have a unique local administrator password, which will keep attackers guessing for a very long time. New LAPS policies allow you to specify things such as the length of passwords and using word phrases instead of random characters for easier readability. There is a new AD attribute as well, called msLAPS-CurrentPasswordVersion, that helps to solve issues caused by reimaging or rolling back workstations, where in the past that action could cause the local administrator password to be out of sync between the workstation and AD, and AD would never update itself to store the correct password. Now it can. We’ll take a look at LAPS as we implement it together later, in our chapter on security.
ReFS improvements
The Resilient File System, better known as ReFS, has some under-the-hood improvements in Server 2025 that should automatically cause you to experience things such as faster file copies and reduced storage space. Work has been done to optimize ReFS’s deduplication and compression capabilities. These updates will improve daily interaction with files, as well as enhancing the capabilities of Dev Drive by enabling block cloning.
Compress to…
I can’t tell you how many times I have installed third-party tools such as 7-Zip recently, because the built-in Windows Zip function seems to be a little flaky in recent versions of the Windows operating system. Never fear, I think we have a resolution to this issue beginning in Server 2025. In fact, right-clicking on a file now gives you a new Compress to… option, which allows you to easily compress files out to ZIP, 7-Zip or TAR files with a single click.
SMB over QUIC
Okay, I am very excited about this one! With the release of Windows Server 2022, we learned about this cool new SMB protocol that securely enables SMB traffic (file shares) to natively map directly over the internet using TLS1.3 without needing any kind of VPN connection. This enables mapped network drives to file servers to work directly, but still securely, over the internet. That is incredible! The downside to using SMB over QUIC was that it required you to utilize a special edition of the operating system, Windows Server 2022 Azure Edition. This is no longer a requirement! SMB over QUIC is now built natively into Windows Server 2025 Standard or Datacenter. We will take a closer look at this new file access protocol in Chapter 6, File Management.
OpenSSH
In previous versions of Windows Server, you were required to install a tool manually to use OpenSSH. It is now built into Windows Server 2025, indicating Microsoft expects this to be more widely used moving forward. They have also added a new local group to Windows called OpenSSH Users for easy control over who can or cannot access your devices using OpenSSH.
Windows VPN hardening
Routing and Remote Access Service (RRAS) has been serving up Windows Server-based VPN connectivity for many, many years. Throughout that time, there have been a couple of VPN protocols that have always been enabled options, but those protocols are now considered to be unsafe, compromised, and all-around bad ideas. Namely, I’m talking about PPTP and L2TP, which you will now find disabled by default in Windows Server 2025. They can still be enabled if needed, but Microsoft rightly expects you to now be making use of SSTP or IKEv2 for all Windows-based VPN connectivity.
Azure Arc
While this is not inherently a technology about Windows Server, Azure Arc is a cloud-based server management platform that could certainly interact with all instances of Server 2025 (and more), allowing you to centrally manage even on-prem servers from Azure. Tapping local servers into Azure Arc is as simple as running through a quick wizard in the operating system or by using PowerShell. As Microsoft continues to add new Azure-like features to on-prem versions of Windows Server, we should expect that plugging those servers into Azure Arc will become a routine and necessary action to enable those new functions.
AI-ready
As I was researching interoperability between Windows Server 2025 and AI, I was sick to my stomach to find that many of the articles written about AI are, indeed, written by AI itself. It is still fairly obvious to the human brain at this point. In fact, I found entire websites that seem to have been created by AI. These websites are full of buzzwords and popular phrases, but in the end, they lack any real content. While there are clearly some people tying Server 2025 and AI together in what they are writing, and certainly AI-written articles have decided to self-promote AI (cue end-of-the-world scenarios), this seems to be the reality of where Server 2025 meets AI.
Server 2025 includes some improvements that help this latest operating system to be better ready to service AI workloads, as companies move further and further into this space. GPU partitioning, in particular, allows companies to divide GPUs across multiple applications and services, increasing system performance in a way that is particularly helpful for AI workloads. For example, a single physical GPU can be split among multiple VMs.
Also, NVMe storage boost allows for up to 60% faster IOPS compared to Server 2022, which will significantly enhance data retrieval and processing, integral for large data transactions commonly associated with the AI world.
Feedback Hub
How many times have you seen or experienced something on a Windows machine and thought, “I wish I could report this to Microsoft, but would anybody actually look at it?” We now have a mechanism to do exactly that. Feedback or problems can be reported to Microsoft directly from the Windows Server 2025 interface via Feedback Hub. You can even include screen recordings!
Hyper-converged infrastructure (Azure Local)
I already mentioned Azure Local, formerly known as Azure Stack HCI, in the list of new features Microsoft is offering. If the term Hyper-Converged Infrastructure (HCI) is new to you, a little backstory may prove beneficial here.
When you see the term HCI, it is important to understand that we are not talking about a specific technology that exists within your server environment. Rather, HCI is a culmination of a number of different technologies that can work together and be managed together, all for the purpose of creating the mentality of a Software-Defined Datacenter (SDDC as it is sometimes referred to).
Specifically, HCI in the Microsoft world is most often referred to as the combination of Hyper-V and Storage Spaces Direct (S2D) on the same cluster of servers. Clustering these services together enables some big speed and reliability benefits over hosting these roles separately and on their own systems. It also creates a tech stack that begins to resemble the way that Azure runs, but within your own physical server infrastructure.
Another component that is part of, or related to, an SDDC is Software-Defined Networking (SDN). Similar to how compute virtualization platforms (such as Hyper-V) completely changed the landscape of what server computing looked like 15 or more years ago, we are now finding ourselves capable of lifting the network layer away from physical hardware and shifting the design and administration of our networks to be virtual and managed by the Windows Server platform.
Where the idea of HCI really takes a leap, as it relates directly to the Windows Server 2025 release, is through integration with Azure Local. Now that we can run private clouds within our datacenter walls, Microsoft has provided us with true cloud capabilities through the use of Windows Server 2025 Datacenter: Azure Edition within that Azure Local environment.
Free Chapter
