Windows Server Summit 2026 | Part 4: Security baselines, benchmarks, posture and scale
Krähe mit Hut
Security has become a top priority in services and products. As a result, policies and deployment features are constantly being refined.
This article covers the latest developments in security policies and options for management and deployment. There’s also an interesting initiative for all Group Policy experts!
New portal capabilities in Azure
Windows Server can be centrally managed via the Azure Arc service, regardless of the environment (on-premises data center, multi-cloud, etc.). This enables the use of additional services, such as Azure Policy, for deploying security policies.
The “Computer Configuration” component of Azure Arc will soon allow you to customize policies to meet your specific needs. To do this, you can use existing templates and modify them as needed.
The following new features are planned for Azure Policy and Azure Arc:
- CIS benchmarks (Center for Internet Security)
- STIG benchmarks (Security Technical Implementation Guides)
- Active remediation (verification and adjustment of settings according to the requirements of the configured policies)
- Version control
New security controls and rules
A new security policy template for Windows Server 2025 has been available since April. As usual, it can be downloaded from the Microsoft Download Center:: Download Microsoft Security Compliance Toolkit 1.0 from Official Microsoft Download Center
It now includes 430 settings (previously: 390). New additions include:
- CIS 2025 L1
- CIS v2
- STIG (however, these are not yet scanned)
Furthermore, LAPS settings are now also available for OsConfig and Azure Arc. This is an extremely helpful new feature, as it now enables the use of LAPS for locally deployed servers outside of an Active Directory (so-called workgroup servers). These were previously excluded from LAPS and required a separate procedure. Passwords can be secured using Entra ID.
"Azure ❤️Group Policy admins"
Microsoft has now realized that there are still many administrators out there who rely heavily on Group Policy to deploy policies and configurations. It’s simply a powerful solution, despite its well-known limitations (poor performance over VPN, requires a direct connection to a domain controller).
So it’s great news that Microsoft has launched the “Azure ❤️ Group Policy admins” initiative. This initiative facilitates direct communication between Microsoft and admins who work extensively with Group Policy. Microsoft wants to understand how Group Policy is used and how these requirements can be integrated into modern cloud solutions such as Azure Policy and Azure Arc. The goal is to bridge the current gaps between Group Policy and modern management solutions.
So feel free to join the initiative and share your experiences! There are no special requirements for participation. Just scan the QR code shown below. If that doesn’t work,
- open the video of the meeting and fast-forward to the 18-minute mark: Security baselines, benchmarks, posture, and scale - Windows Server Summit OR
- open the Forms survey directly: Follow-up Discussion Interest Survey: Security Baselines & Group Policy Scenarios
Liked this article? Share it!
2 thoughts on “Windows Server Summit 2026 | Part 4: Security baselines, benchmarks, posture and scale”