Windows Server 2025 represents the next evolution of Microsoft’s server operating system, aiming to enhance security, performance, scalability, and IT infrastructure management. In this overview, we’ll get into the significant features and advancements expected in Windows Server 2025 and its system requirements.
Drawing from insights gathered from previous iterations like Windows Server 2019 and Windows Server 2022, Windows Server 2025 integrates feedback and experiences while leveraging innovations from Microsoft’s cloud platform, Azure. The forthcoming release focuses on features like Artificial Intelligence, Active Directory, Hyper-V, system updates, and security enhancements.
HotPatching is no longer exclusive to Azure.
Microsoft introduced a new method to update Windows Server 2022 called “hotpatching.” Hotpatching lets you update the operating system and its parts, like the .NET Framework, without needing to restart the system. This saves time in important services like domain controllers or virtualization servers.
Before, only Azure users could use hotpatching. But now, with Windows Server 2025, hotpatching isn’t just for Azure anymore. It works with any virtualization system and service: AWS, VMWare, Hyper-V on-premise, and more.
To use hotpatching outside of Azure, you must meet two conditions: first, connect the server to Azure Arc, which might be free depending on your use. Second, you’ll need to subscribe to the service for hotpatching.
We don’t know how much it will cost to access hotpatching for Windows Server 2025.
Windows Server 2025’s Next-Gen Active Directory: Features, Benefits,
Microsoft is working hard to update older technologies and retire those that newer ones are replacing. Active Directory is still widely used for managing enterprise networks, but it carries elements from the Windows 2000 era that can slow things down.
One such example is the page block size of the Active Directory database, which remains at 8k. This size made sense 25 years ago when server memory capacities were limited. However, technology has evolved since then, and Windows Server has held onto this limitation, making scalability challenging.
In Windows Server 2025, the block size for Active Directory will increase to 32k, although it will still support 8k blocks to prevent issues with older domain controllers within the same forest. This adjustment will enable Active Directory to utilize system memory more efficiently.
Additionally, Windows Server 2025 brings a new feature for Active Directory scalability by fully utilizing NUMA (Non-Uniform Memory Access) systems. This means that Active Directory will now take advantage of all the benefits offered by NUMA systems, using all the processor cores available in the system. Microsoft specifically mentions that the operating system is designed to be compatible with systems featuring more than 64 cores.
Security remains at the center of Active Directory
Security remains a top priority in Active Directory, prompting Microsoft to update its components to leverage the latest security enhancements continuously. For instance, LDAP will now support TLS 1.3, and connections will be encrypted, mandatory, in domain scenarios involving sensitive attributes.
By default, client communication will utilize an encrypted LDAP connection whenever possible. Furthermore, Kerberos stands to benefit significantly from support for more secure encryption and signing mechanisms like SHA-256 and SHA-384.
A new feature is that when setting up a new domain controller, the initial replica of a domain will now take less time and will be given priority over other operations. This improvement addresses issues encountered in large domains, where network problems or reboots could necessitate re-replicating the entire domain.
New Functional Level Paves the Way in Active Directory
It may have seemed like Microsoft had shifted its focus away from Active Directory in favor of Microsoft Entra ID (previously Azure Active Directory) because there hasn’t been a new functional level for 10 years. The last update occurred with Windows Server 2016, and subsequent releases like Windows Server 2019 and Windows Server 2022 didn’t introduce any changes.
However, things are set to change this year with the introduction of a new functional level of the domain in Windows Server 2025. It’s important to note that updating from very old versions won’t be possible, and you must have configured a functional level of Windows Server 2016 before attempting to update to the new version.
Windows Server 2025 is optimized for new hardware.
Windows Server 2025 significantly enhances working with new hardware, particularly NVMe SSD units. Compared to Windows Server 2022, this new operating system version delivers up to 70% more IOPs (Input/Output Operations per Second) when using NVMe SSDs.
Moreover, Microsoft is developing a new native driver specifically for NVMe drives. Their goal is to enhance the existing 70% improvement and achieve an impressive 90% performance boost. Whether this driver will be available at the initial launch or through a subsequent update is uncertain.
In addition to NVMe support, Microsoft recognizes that IT administrators frequently utilize SAN connectivity for storage management. Consequently, they are testing a new iSCSI TCP initiator designed to integrate with NVMe namespaces seamlessly.
Windows Server 2025 brings improvements to Storage Replica performance through the introduction of a new log type. Additionally, compression functionality will be accessible across all versions of Windows Server.
ReFS (Resilient File System) will play a crucial role regarding storage efficiency. It will reduce storage consumption by up to 60% through native deduplication and compression methods when storing virtual machines. This enhancement ensures more efficient utilization of storage resources, ultimately benefiting system performance and management.
Cluster-Aware Applications: Eliminating the Single Point of Failure in AD
Previously, achieving a highly available cluster required maintaining an Active Directory to manage connectivity and quorum between the nodes. However, with Windows Server 2025, it will be possible to maintain clusters without Active Directory by authenticating the nodes using certificates.
This advancement allows for live migrations without the need for extra infrastructure maintenance. Furthermore, Windows Server 2025 improves the performance of storage replicas in Storage Spaces Direct (S2D) clusters and enhances the reliability of updates between nodes. These improvements streamline cluster management and enhance system performance and reliability.
Hyper-V prepares for the arrival of Artificial Intelligence
Windows Server 2025 introduces GPU sharing through GPU-P (GPU Partitioning). In the past, Windows Server 2022 allowed graphics cards within virtual machines but had limitations. The GPU essentially belonged to the entire Hyper-V machine and wasn’t visible on the host.
Recognizing the growing importance of Artificial Intelligence, Microsoft has enhanced GPU capabilities. GPU-P enables the partitioning of a graphics card, allowing the same GPU to be shared by multiple virtual machines. Each virtual machine can be allocated a specific number of cores and memory from the GPU.
Moreover, this enhancement ensures compatibility with failover clusters and facilitates live migration of virtual machines. This advancement in GPU sharing expands possibilities for AI and other graphics-intensive applications in virtualized environments.
However, GPU-P won’t be accessible to everyone. It requires an SRV-IO compatible server with AMD Milan, Intel Sapphire Rapids, or later processors introduced in 2023.
NVIDIA adds another layer of complexity by requiring a license for vGPU, and not all graphics cards are compatible. Only NVIDIA A2, A10, A16, and A40 cards are currently supported, although compatibility may expand over time. These cards are primarily designed for processing Artificial Intelligence models.
Supported guest operating systems for GPU-P, including Windows 10 and Windows 11, Windows Server 2019 and Windows Server 2022, and LTS versions of Ubuntu starting from 18.04 in the Linux world. This compatibility ensures that various systems can leverage GPU-P for enhanced performance and capabilities.
GPU Assemblies for High Availability
Windows Server 2025 introduces the capability to create sets of GPUs, known as GPU pools. This feature enables high availability by assigning all graphics cards to virtual machines. If GPUs are on different nodes, the virtual machine won’t be assigned a specific GPU but the entire node.
In the event of a cluster node failure or during a live migration, the cluster will relocate the virtual machine to another node, ensuring continuity. The new node will be assigned the same number of graphics cards available in the pool, maintaining performance and functionality for the virtual machine. This enhances reliability and flexibility in managing GPU resources across the cluster.
Dynamic processor support
In high-availability clusters, it has been necessary to maintain uniform hardware across all machines, especially the same processor. This ensures that nodes are compatible with the same features and instruction sets, minimizing the risk of failures.
However, expanding cluster nodes often meant replacing all nodes if the same hardware wasn’t available. With the introduction of “Dynamic Processor Compatibility” in Windows Server 2025, the operating system maintains node compatibility.
For instance, if nodes feature different generations of Intel Xeon processors, such as third and fourth generations, Windows Server 2025 will conceal the improvements introduced in the newer processors from the cluster to ensure compatibility. This feature streamlines cluster management and allows for greater flexibility when expanding or upgrading cluster nodes.
Generation 2 Machines Take the Lead: Becoming the New Standard
A significant yet minor change in Windows Server 2025 is the default option for virtual machines, which will now be Generation 2. Previously, since the release of Generation 2 in 2012, Generation 1 was marked as the default option when creating a virtual machine.
With this update, Windows Server 2025 makes Generation 2 the default selection in the Hyper-V wizard for creating new virtual machines. Moreover, Azure Marketplace images will also default to Generation 2. This change reflects the evolution of virtualization technology and ensures that users benefit from the improved features and capabilities of Generation 2 virtual machines by default.
Containers are still in fashion.
Windows Server 2025 marks the culmination of the work initiated with containers in Windows Server 2022. The efforts for this release primarily revolve around maintaining compatibility, optimizing workloads, and refining the process for updating container images.
For instance, Windows Server 2022 containers remain usable on Windows Server 2025 without requiring an upgrade to the base image. Additionally, the release of the base image now follows an annual cadence, ensuring that users can expect regular updates and enhancements.
These improvements streamline container management and ensure smooth transitions between versions, fostering a more efficient and reliable container environment.
Windows Server 2025 File Server Enhancements
SMB over QUIC, initially exclusive to Azure, was introduced alongside hotpatching with Windows Server 2022. This feature allowed users to access file servers over the internet without requiring a VPN connection. However, it was limited to Azure environments.
With Windows Server 2025, SMB over QUIC becomes available beyond Azure. Additionally, servers can select trusted clients and issue certificates, ensuring only authorized clients can access them. This added layer of security enhances the connection’s safety, especially since it’s exposed to the internet.
Microsoft is introducing more flexibility for administrators to disable NTLM (NT LAN Manager). To cease using NTLM, clients can now be configured using PowerShell, Group Policy, and other management tools.
Microsoft has announced that NTLM will become an obsolete technology shortly, even on local systems. Consequently, they are paving the way to replace NTLM entirely with Kerberos authentication. This shift reflects Microsoft’s commitment to enhancing security protocols and ensuring the reliability of authentication mechanisms across their systems.
Measures against brute force attacks
Windows Server 2025 introduces new mechanisms to thwart brute force attacks on SMB (Server Message Block). For instance, when attempting to authenticate using NTLM, a two-second delay will be imposed between each failed attempt. This feature will be enabled by default in Windows 11 and Windows Server.
Administrators can fine-tune this delay using PowerShell, offering flexibility in aligning security measures with specific organizational requirements. This enhancement strengthens defenses against brute force attacks, creating a more secure network environment for Windows Server users.
In Windows Server 2025, SMB signing, introduced in Windows Server 2022, will be enabled by default. This measure aims to mitigate security threats, including phishing, man-in-the-middle attacks, and Stop Relay attacks.
Administrators can leverage Group Policy Objects (GPOs) to manage the SMB versions utilized by clients in the environment. This capability allows administrators to enforce restrictions, ensuring that computers only accept connections starting from or up to a specified version of SMB.
To further enhance security, Windows Firewall will no longer automatically open ports 445, 5445, WMI, and DCOM when installing the File Server role. Instead, it will utilize the service itself as an allowed incoming application. This approach minimizes the unnecessary expansion of the attack surface towards other ports, bolstering the overall security posture of the system.
The transition to Windows Server 2025 will be streamlined through Windows Update,
Making the upgrade process easier than ever. Similar to the update process for Windows 10 and Windows 11, you’ll be able to upgrade from Windows Server 2022 with a simple click of a button.
The update to Windows Server 2025 will be available as an optional update in Windows Update. Microsoft will conduct thorough validations on the server to determine if the update can proceed without any issues, ensuring a smooth transition for users. This simplified update process minimizes the complexities typically associated with upgrading server systems, enhancing convenience and efficiency for administrators.
Transitioning to Azure Arc is easier than ever
Microsoft has unveiled a new wizard designed to simplify joining Windows Server 2025 servers to Azure Arc. This streamlined wizard enables users to complete the integration in just a few steps, eliminating the need for complex installation procedures.
With this wizard, administrators can manage their servers from Azure in a matter of minutes, reducing the time and effort traditionally required for server management tasks. This user-friendly approach enhances the accessibility and efficiency of server management, empowering organizations to leverage Azure Arc seamlessly within their infrastructure.
New Pay-As-You-Go license
Windows Server 2025 introduces a significant change by offering subscription-based licensing in addition to the traditional perpetual license model. users can purchase the operating system through a subscription model, in addition to the conventional on-premise scenarios or other cloud environments.
To activate the subscription license, users must join the server to Azure Arc and select the subscription model during activation. This flexibility can benefit licensing new virtual machines or projects requiring specific licensing arrangements.
However, the exact details regarding the subscription cost are currently unknown. As more information becomes available, organizations can assess the subscription model’s suitability based on their requirements and budget considerations.
Windows Server 2025 will have support for WiFi and Bluetooth
Indeed, Windows Server 2025 is introducing support for WiFi and Bluetooth technologies, which may seem unconventional for a server operating system. While Windows Server 2022 already allowed computers to connect to WiFi networks, the process was cumbersome due to the disabled component.
In the desktop version of Windows Server 2025, WiFi and Bluetooth components are enabled by default. However, they remain turned off initially but can be easily activated with a single click from the Settings app, mirroring the functionality in Windows 11. This enhancement simplifies enabling and managing wireless connections, improving user experience and convenience for server administrators.
