2025 Windows Server
Product Information
Specifications
- Product: Windows Server 2025
- Features: Advanced multi-layer security, hybrid capabilities
with Azure, high-performance infrastructure - Target Users: Business decision makers, technical decision
makers, solution architects, IT professionals
Product Usage Instructions
How to Use Windows Server 2025
Windows Server 2025 is designed to provide advanced security
features, hybrid capabilities with Azure, and high-performance
infrastructure. Follow these steps to effectively utilize the
product:
Step 1: Understanding the Features
Review the advanced multi-layer security features, hybrid
capabilities with Azure, and the high-performance infrastructure
provided by Windows Server 2025.
Step 2: Installation and Setup
Install Windows Server 2025 on your server hardware following
the provided installation instructions. Configure the settings
based on your requirements.
Step 3: Security Configuration
Utilize the enhanced security features, such as Secured-core
server and secure connectivity, to protect your system from cyber
threats.
Step 4: Active Directory Management
Set up and manage Active Directory to organize and secure
network resources effectively. Configure logon authentication and
access control as needed.
Frequently Asked Questions (FAQ)
Q: What are the key features of Windows Server 2025?
A: Windows Server 2025 offers advanced multi-layer security,
hybrid capabilities with Azure, and a high-performance
infrastructure suitable for new CPU/GPU intensive workloads like
machine learning and artificial intelligence.
Q: Who is the target audience for this product?
A: The target users include business decision makers, technical
decision makers, solution architects, and IT professionals who need
to understand the differences between Windows Server versions and
make informed decisions.
Windows Server 2025
Comparison Guide
Windows Server 2025 delivers advanced multi-layer security and resiliency, hybrid capabilities with Azure, and a high-performance, future ready infrastructure with a flexible platform for new CPU/GPU intensive workloads like machine learning and artificial intelligence. Use this guide to understand the exciting new features in Windows Server 2025.
How to use this guide
This comparison guide is intended for business decision makers, technical decision makers, solution architects, and IT professionals to help communicate the differences between the Windows Server version they are running today and the latest version available from Microsoft. The guide compares selected features of Microsoft Windows Server 2019, Windows Server 2022, and Windows Server 2025.
Comparison matrix
The guide walks through three key capability areas to show the evolution of relevant features across Windows Server versions. A partial score indicates that the feature has some functionality in the specified version or that it may be available in a single edition only, such as Azure Edition. The legend for this notation is given in the following table.
Feature
Feature Name Feature description
Not supporte d
Partly supporte d
Mostly supporte d
Available
©2024 Microsoft Corporation. All rights re served. This document is
provided “as-is.” I nformation and views
expressed in this document, including URL and other Internet Web site
references, may change without notice.
Advanced, multi-layer security
Public and private sectors continue to suffer major data breaches, at an average cost of $4.35 million in 2022. (https://www.ponemon.org/). As cybersecurity threats escalate and the cost of incidents grow, security continues to be a top priority for customers. Windows Server 2025 includes enhanced security features with Secured-core server and secure connectivity.
Feature & Description
Secured-Core Server and Hotpatching
Windows Server 2019
Windows Server 2022
Windows Server 2025
Overview
Secured-core server brings together powerful threat protections for multi-layer security across hardware, firmware, and the operating system. Hotpatching allows you to secure the platform running your apps without downtime.
Hotpatch – Windows Server Datacenter: Azure Edition
Windows Server Hotpatch allows you to install updates to your Windows Server Datacenter: Azure Edition virtual machines on Azure/Azure Stack HCI without requiring a reboot.
Arc-enabled Hotpatch Windows Server Standard/Datacenter
This Arc-enabled feature allows you to install updates to your Windows Server virtual machines outside of Azure without requiring a reboot.
Credential Guard
Part of secured-core server, this feature can be enabled as an option to provide preventative defense for sensitive assets.
Credential Guard by default
Now enabled by default on devices that meet the requirements.
Active Directory
Overview
Active Directory (AD) provides a framework for managing and securing a network’s distributed resources. AD organizes and centrally manages network objects in a hierarchical structure, including users, computers, servers, and printers. AD integrates security through logon authentication and access control to objects in the directory. AD is a critical component for management and authentication in organizations.
32k database page size option
A 32k database page format offers a huge improvement in areas affected by legacy restrictions including multivalued attributes which are now increased 2.5x.
AD object repair
AD now allows enterprise administrators to repair objects with missing core attributes SamAccountType and ObjectCategory.
Feature & Description
Channel binding audit support Administrators can identify devices in the environment that do not support or fail channel binding validations
DC-location algorithm improvements Provides new functionality for mapping short NetBIOS-style domain names to DNS-style domain names
Improved algorithms for Name/Sid Lookups Local Security Authority (LSA) Name and Sid lookup use Kerberos authentication and DC Locator algorithm.
Improved security for confidential attributes DCs and AD LDS instances only allow LDAP to add, search, and modify operations involving confidential attributes when the connection is encrypted.
Kerberos AES SHA256 and SHA384 The Kerberos protocol implementation is updated to support stronger encryption and signing mechanisms with support for RFC 8009.
Kerberos PKINIT support for cryptographic agility Updated to support more algorithms and removing hardcoded algorithms.
LDAP encryption by default All LDAP client communication after a Simple Authentication and Security Layer (SASL) bind utilizes LDAP sealing by default.
LDAP support for TLS 1.3 LDAP uses the latest SCHANNEL implementation and supports TLS 1.3 for LDAP over TLS connections.
NUMA support AD DS now takes advantage of Nonuniform Memory Access (NUMA) capable hardware by utilizing CPUs in all processor groups.
Replication priority order AD now allows administrators to increase the system calculated replication priority with a particular replication partner for a particular naming context.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Feature & Description
Windows Server 2019
Windows Server 2022
Windows Server 2025
Windows Local Admin Password Solution
Windows Local Administrator Password
Solution (LAPS)
Windows LAPS helps organizations manage local administrator passwords on their domain-joined computers. It automatically generates unique passwords for each computer’s local administrator account, stores them securely in AD, and updates them regularly.
Automatic account management
feature
The latest update allows IT admins to create a managed local account with ease. With this feature, you can customize the account name, enable, or disable the account, and even randomize the account name for enhanced security.
Image rollback detection feature
Windows LAPS now detects when an image rollback occurs. If a rollback does happen, the password stored in AD may no longer match the password stored locally on the device. Rollbacks can result in a “torn state” where the IT admin is unable to sign into the device using the persisted Windows LAPS password.
Passphrase feature
IT admins can now utilize a new feature in Windows LAPS that enables the generation of less complex passphrases.
Improved readability password
dictionary
Windows LAPS introduces a new PasswordComplexity setting. This feature allows you to customize LAPS to use all four-character categories (upper case letters, lower case letters, numbers, and special characters) like the existing complexity setting of 4. However, with the new setting of 5, the more complex characters are excluded to enhance password readability and minimize confusion.
Secured Connectivity
Overview
Secured connectivity adds an additional layer of security during transport for advanced protection and includes improvements to hypertext transfer protocol secure (HTTPS), transport layer security (TLS), and Secure Message Block (SMB).
Feature & Description
Transport Layer Security 1.3 Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most widely deployed security protocol, which encrypts data to provide a secure communication channel between two endpoints.
SMB over QUIC allows on-premises, mobile and telecommuter the benefits of the QUIC, which provides low-latency, encrypted connections over the internet.
SMB over QUIC auditing SMB over QUIC client connection auditing captures events that are written to the event log.
SMB Signing and Encryption Auditing Administrators can enable auditing of the SMB server and client for support of SMB signing and encryption.
SMB NTLM Disable SMB NTLM Disable feature is designed to enhance security by blocking NTLM (NT LAN Manager) authentication for SMB (Server Message Block) connections & includes both Group Policy & PowerShell.
SMB Firewall Rule Hardening SMB Firewall Rule Hardening is a security feature designed to enhance the protection of SMB traffic. Key aspects include hardened security defaults, minimal port exposure mitigation of unauthorized access by restricting access to SMB ports and integration with other security features like SMB signing and NTLM deprecation to provide a comprehensive security posture.
Local Kerberos. Local Kerberos introduces a local Key Distribution Center (KDC) to enhance authentication security, especially for environments where traditional domainbased Kerberos is not feasible. Key aspects include Local KDC which allows for Kerberos authentication using local accounts, eliminating the need for NTLM in many scenarios. IAKerb which facilitates Kerberos authentication without requiring DNS or DCLocator services. Enhanced security by leveraging Kerberos, it reduces the reliance on NTLM.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Feature & Description
SMB Authentication Rate Limiter
The SMB (Server Message Block) authentication rate limiter is a feature designed to address brute force authentication attacks. To combat this, the SMB server service uses the authentication rate limiter to implement a delay between each failed NTLM or PKU2U-based authentication attempt.
SMB Dialect Control
SMB (Server Message Block) dialect control is a feature that allows administrators to manage the SMB2 and SMB3 dialects in Windows Server. Administrators can specify the SMB protocols used, blocking older, less secure, versions from connecting to the server. This can be configured using Group Policy or PowerShell.
SMB Alternative Ports
You can use the SMB client to connect to alternative TCP, QUIC, and RDMA ports than their IANA/IETF defaults of 445, 5445, and 443. This can be configured via Group Policy or PowerShell.
Post-Quantum Resilient Kerberos
is an advanced security feature designed to protect Kerberos authentication against potential threats posed by quantum computing. This feature incorporates cryptographic algorithms that are resistant to quantum attacks, ensuring that Kerberos authentication remains secure even as quantum computing advances. The post-quantum resilient Kerberos integrates smoothly with existing Kerberos infrastructure, providing enhanced security without requiring significant changes to current systems.
Remote Mailslots Deprecated and disabled by default
Remote Mailslots are deprecated and disabled by default for SMB and for DC locator protocol usage with Active Directory.
Routing and Remote Access Services (RRAS) Hardening. By default, new Routing and Remote Access Services (RRAS) setups do not accept VPN connections based on PPTP and L2TP protocols. You can still enable these protocols if necessary.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Hyper-V, AI, Performance
Feature & Description
Windows Server 2019
Windows Server 2022
Windows Server 2025
Overview Hyper-V is Microsoft’s hypervisor used to power Azure, Azure Stack, Windows, and Windows Server. It is used for virtualization, security, containers, and AI enablement.
Hyper-V GPU Partitioning (GPU-P)
GPU partitioning allows you to share a physical GPU device with multiple virtual machines (VMs). Instead of allocating the entire GPU to a single VM, GPU partitioning assigns dedicated fractions of the GPU to each VM.
Hyper-V GPU-P High Availability
GPU-P with HA ensures that in the case of unplanned downtime, a VM with GPU-P is automatically enabled on another cluster node.
Hyper-V GPU-P Live Migration
GPU-P Live Migration provides a solution to move a VM (for planned downtime or load balancing) with GPUP to another node whether it is standalone or clustered.
Hyper-V Discrete Device Assignment
(DDA).
Hyper-V DDA is a feature that allows you to pass an entire PCIe device directly into a virtual machine (VM). By doing so, you can achieve highperformance access to devices like NVMe storage or graphics cards from within the VM while leveraging the device’s native drivers.
Hyper-V DDA Pools
A way to manage and allocate GPU resources in a Hyper-V HA cluster.
Hyper-V Dynamic Processor Compatibility
A feature that allows you to move a running virtual machine (VM) or save its state between virtualization hosts that use different generations of processors while delivering the maximum performance.
Hyper-V Workgroup Clusters
Hyper-V Workgroup clusters are a special type of Windows Server failover cluster where the Hyper-V cluster nodes are not members of an Active Directory domain.
Feature & Description
Hyper-V Workgroup Cluster Live Migration The ability to live migrate VMs in a Workgroup Cluster.
Network ATC Network ATC simplifies the deployment and management of network configurations for clusters. It provides an intent-based approach to host network deployment, allowing you to automate the intended configuration with continuous drift remediation.
Hyper-V Scalability Industry leading scalability. Up to 4 Petabytes of memory and 2048 logical processors per host. Up to 256 TB of memory and 2048 virtual processors per VM.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Storage
Feature & Description
SAN Support Block based external storage access via Fibre Channel or iSCSI.
NAS Support File based external storage access via SMB 3.0.
Storage Replica Compression Storage Replica Compression reduces the amount of data transferred over the network during replication.
Storage Replica Enhanced Log Enhanced Logs help the Storage Replica log implementation to eliminate the performance costs associated with file system abstractions, leading to improved block replication performance.
ReFS Native Storage Deduplication & Compression ReFS Native storage deduplication and compression are techniques used to optimize storage efficiency for both static and active workloads such as file servers or virtual desktops.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Feature & Description
Thinly Provisioned Storage Spaces Direct
Thinly Provisioned Storage Spaces Direct are a way to allocate storage resources more efficiently and avoid costly overallocation by allocating from the pool only when needed in a cluster.
Convert fixed to thin provisioned volumes
Converting from fixed to thin provisioned volumes returns any unused storage back to the pool for other volumes to leverage.
Adjustable Storage Repair
Adjustable Storage Repair is a feature that allows administrators to fine-tune the speed and resource allocation for storage repair and resynchronization processes. Key aspects include Customizable Repair Speed, administrators can adjust the speed of storage repair to balance between maintaining virtual machine (VM) performance and ensuring data integrity. Windows Admin Center Integration to easily manage the desired repair speed. Resource Allocation by adjusting the repair speed, you can allocate more resources to either the repair process (for faster data recovery) or to active workloads (to maintain performance).
Storage Spaces Direct Campus Clusters
Campus clusters are an advanced feature designed to enhance the resilience and availability of services across geographically dispersed locations. Key aspects include Geographical Distribution: Campus clusters allow you to set up clusters that span multiple physical locations, providing high availability and disaster recovery capabilities. This feature includes support for 2 or 3-way mirrors, which means data is replicated across three different nodes, ensuring data integrity and availability even if multiple nodes fail.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Azure Arc and Hybrid
Extend your datacenter to Azure for greater IT efficiency and take advantage of cloud innovation with your on premises investments — while you enjoy improved tools to help manage servers wherever they are.
Feature & Description
Azure Arc
Connecting to Azure Arc enables customers to manage, secure, and govern Windows Server on-premises, at the edge, or in multi-cloud environments from a single control plane in Azure. Brings in Azure management capabilities (some at additional cost) for those servers.
Simplified Azure Arc Setup
Azure Arc setup feature-on-demand is installed, which offers a user-friendly wizard interface and a system tray icon in the taskbar to facilitate the process of adding servers to Azure Arc.
Native Windows Server SDN Network Controller
Microsoft SDN has a new native Network Controller plane that is deployed as clustered services on the hosts and no longer requires VMs. Network Controller is now always up to date when Windows Server is patched.
Software Defined Networking Multisite
Software-Defined Multisite is a feature that enhances network management and connectivity across multiple locations. Key aspects include: Native L2 and L3 Connectivity to provides native Layer 2 (L2) and Layer 3 (L3) connectivity for workloads across different sites. Unified Network Policy Management: This feature allows for unified management of network policies, making it easier to maintain consistent security and performance standards across all sites. Hybrid and Multicloud Support: It integrates well with hybrid and multicloud environments, allowing for flexible and scalable network configurations.
SMB Compression
SMB compression allows an administrator, user, or application to request on-the-fly compression of files as they transfer over the network. Compressed files will consume less network bandwidth and take less time to transfer.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Feature & Description
Storage Migration Service (SMS)
Helps inventory and migrate data, security, and configurations from legacy systems to Windows Server or a cloud virtual machine. Starting with Windows Server 2022, customers can integrate SMS with Azure File Sync and migrate to low-latency private cloud servers or the bottomless cloud storage in Azure while reducing on-premises storage footprint. SMS migrates file servers from Windows Server, Windows clusters, Samba, and starting in Windows Server 2022– NetApp FAS arrays.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Windows Server Desktop Experience and Upgrades
Feature & Description
Broadest Application Compatibility Validation Expanded Microsoft application testing to verify with top industry applications.
Windows Server Upgrade Support Windows Server Upgrade supports N-2 upgrades where “N” is a major version. (For example, upgrading from Windows Server 2019 to Windows Server 2025).
Windows Server Upgrade Support Windows Server Upgrade supports N-4 upgrades where “N” is a major version. (For example, upgrading from Windows Server 2012R2 to Windows Server 2025).
Windows Shell Desktop shell experience conforms to the style and appearance of Windows 11.
In-Place Upgrade via Windows Update Perform upgrades via Windows Update to newer versions.
Windows Terminal A powerful and efficient multi-shell application for command-line users.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Feature & Description
Dtrace A command-line utility that enables users to monitor and troubleshoot their system’s performance in real-time without any need to modify the code itself.
WinGet A command line Windows Package Manager tool that provides comprehensive package manager solutions for installing applications on Windows devices
Wi-Fi It is easier to enable wireless capabilities for edge deployments as the Wireless LAN Service feature is now installed by default
Flighting. Allows users to receive Windows Server flights similar to Windows client.
File Compression A new compression feature that supports ZIP, 7z, and TAR compression formats with specific compression methods for each.
Feedback Hub Submitting feedback or reporting problems encountered while using Windows Server 2025 can now be done using the Windows Feedback Hub.
Windows Admin Center v2 Windows Admin Center is a browserbased management tool designed to manage Windows Servers, clusters, and hyper-converged infrastructure. It supports both client and server deployments with & without high availability.
Windows Server 2019
Windows Server 2022
Windows Server 2025
Containers
Feature & Description
Container Image Portability Container base image portability ABI. Run Windows Server 2022 containers on Windows Server 2025 without upgrading the base image.
Windows Server Annual Channel (preview) Get the latest OS innovations with annual updates to Windows Server. Combined with Container Image Portability, your container images remain the same, but the container host benefits from the latest advancements. Use Windows Annual Channel for Containers on Azure Kubernetes Service (AKS) – Azure Kubernetes Service | Microsoft Learn
Reduced Image Size Container images are smaller and will remain smaller with optimized monthly updates. Exact size will be available when generally available.
Improved App Compat for Nano Server Nano Server, the smallest and most secure container image, can now support some applications that previously required Server Core.
Networking Control Path Performance Performance improvements made to the networking control path to reduce latency, increase throughput, and improve reliability
Windows Server 2019
Windows Server 2022
Windows Server 2025
Get started with Windows Server 2025
Windows Server product page
Evaluate Windows Server
Documents / Resources
 |
Microsoft 2025 Windows Server [pdf] User Guide 2025 Windows Server, 2025, Windows Server, 2025 Server |
