Windows Server Summit 2026 | Part 2: Windows Server 2025 in practice: What's new post-GA

Since its release, Windows Server 2025 has already received numerous functional enhancements. Some are quite recent, while others are still on the way.

This article provides an overview of what is coming soon to Windows Server 2025. And big things are in store!

Azure Virtual Desktop for hybrid environments

This is likely one of the most exciting developments, particularly given that Microsoft was originally no fan of client operating system virtualization...As of recently, Azure Virtual Desktop can also be hosted within an organization's own data center using Azure Local. However, this naturally presupposes that the company is already utilizing—or intends to implement—Azure Local. For many organizations, this may still present a barrier.Soon, however, it will be possible to run AVD on virtually any virtualization platform and on any hardware! A public preview will be available "soon," with general availability expected by the end of the year.

Native NVMe storage connection

Windows Server 2025 now supports native access to NVMe storage. This delivers a drastic performance boost, though it currently requires manual activation. Important: the March 2026 update includes several critical fixes and should therefore be installed prior to use.

Windows Admin Center - Virtualization Mode

The virtualization mode in WAC has recently become available, enabling comprehensive management of virtualization platforms—including storage and networking.Furthermore, a feature has been added that has been requested for years, yet was previously available only in a half-baked state—or not at all: a wizard for converting VMware VMs to Hyper-V. This now makes migrating from VMware to Hyper-V just as easy as the reverse process has been for years.Additionally, WAC can be connected to Azure Arc if needed. There is a separate article dedicated to Azure Arc that delves into the details of the service and its capabilities.

Direct upgrade via Windows Update

For some time now, server migrations no longer need to be a complex and laborious undertaking. Direct upgrades—also known as "in-place upgrades"—have been possible for operating systems starting with Windows Server 2012 R2. This process has now become even easier: as of very recently, it is now possible to update Windows Server directly via Windows Update. This feature actually made headlines some time ago, when Microsoft accidentally enabled it, causing servers to update automatically without user intervention.However, the process has since matured and now requires explicit activation before an update can be initiated. Consequently, the feature was made generally available with the April 2026 update.

Failover Clustering

In the future, both Storage Spaces Direct storage systems and SAN systems can be operated in parallel within a failover cluster.

Various recovery scenarios for distributed clusters will also be available:

• Metro Disaster Recovery: Recovery over short distances (e.g., on a campus)
• Geo Disaster Recovery: Recovery over long distances (e.g., across regions or countries)

The use of so-called cloud witnesses—that is, shares located in an Azure Blob Storage account—can also be implemented in the future using a managed identity instead of an access key. A managed identity can, in principle, be compared to a group-managed service account in Active Directory. The credentials for this identity are managed by Entra ID and are therefore not accessible.

This enhances security by eliminating the need to store credentials in the local database of the failover cluster.

Microsoft is currently conducting extensive testing to evaluate large clusters with up to 64 nodes and a SAN storage connection.

Networking improvements

It is possible to configure DNS over HTTPS (DoH) for the DNS Server service.

The Network HUD feature can now also identify network issues, such as those related to VLANs, drivers, and unstable network adapters.

A very interesting feature is coming to the Windows Firewall. In the future, it will be able to operate in a monitoring mode. This allows you to record the effects of firewall rules without having to activate them. This makes it much easier to harden the rule set retrospectively, especially in environments where the Windows Firewall may have been completely disabled for historical reasons.

Active Directory

One of the biggest new features is the availability of post-quantum cryptography for the Active Directory Certificate Authority. This enables the use of quantum-resistant cryptographic methods for issuing certificates. To achieve this, Microsoft is relying on the official ML-DSA (Module-Lattice-Based Digital Signature Algorithm) standard. This standard is expected to become available with the May update.

Microsoft is also pushing forward with the transition to Entra ID as the authority for user and group management. The “Entra Cloud Source of Authority Lockdown” feature allows the management of synchronized groups to be switched to Entra ID.

Hotpatching

Hotpatching reduces the number of maintenance windows required to install updates. Hotpatching-based updates are applied directly in memory and are therefore active immediately without requiring a reboot. This allows servers to run continuously for longer periods without interruption, eliminating the need for a monthly maintenance window.

This feature is natively available for virtual machines in Azure. For on-premises data centers, servers (running Windows Server 2022 or later) must be connected to Azure Arc and actively integrated with hotpatching. Additionally, Virtualization-Based Security (VBS) must be enabled on the servers.

Sneak Peak into Windows Server vNext

Microsoft is clearly committed to Windows Server. Accordingly, new versions of Windows Server will continue to be released. Any rumors that Microsoft is discontinuing Windows are therefore nothing more than rumors. As with recent versions, the release cycle for new versions will be 2–3 years.

In addition, the following innovations are planned:

Modern SAN connectivity with NVMe-oF initiator (this will be discussed in more detail in another post)

• ReFS for the boot drive (goal: ReFS is to be established as the new standard file system)
• Rollback to a previous Windows Server version during a direct update via Windows Update (this is not currently supported or possible)

Of course, a few features and services have been or will soon be removed:

• PowerShell 2.0
• RC4 in Active Directory
• .NET 6 for virtual machines in Azure starting with Windows Server 2022

The following features and services will be removed in the next version of Windows Server:

Support for older BIOS variants (pre-UEFI)

• SMB v1
• “WINS” server role
• “Direct Access” and “PPTP/L2TP” role services of the Remote Routing and Access Services (RRAS) server role
• VBScript

Liked this article? Share it!

• Share on LinkedIn
• Share on Bluesky
• Share on Facebook
• Email this Page
• Share on Reddit