 Hello, everyone, and welcome to this exciting session where we're going to talk about everything new in Windows Server 2025. And what we're going to talk about here is all the incremental improvements and differences between what you know in Windows Server 2022 today and to what's in the next release. So my name is Elden Christensen, I'm leading the Windows Server 2025 release. So in this, we're going to talk about some new innovation coming around hot patching. We're going to talk about Active Directory, Storage, Hyper-V, Networking, Containers, File Services. We're going to cover the full gamut of everything in Windows Server. Alright, so let's start out by talking about hot patching. Hot patching allows you to install security patches without a reboot. So today, as you know, every patch Tuesday, we release patches for your Windows systems. And what hot patching allows you to do is to apply those updates without requiring a reboot. This is accomplished by modifying the in-memory code and we don't actually have to restart the process. So, you know, I don't think I need to tell you, you know, how wonderful this is. And this is one of those kind of features that really gets customers excited. And so we actually introduced hot patching first with just the Azure Edition in Windows Server 2022. The really exciting thing in Windows Server 25 is that we're bringing hot patching to be available on every edition of Windows Server. So running on top of VMware, running on Hyper-V, running in any other cloud that you want to run it to, AWS, you can do that. It can be running on physical, on your physical hardware. So you get a SQL Server running on bare metal and you want to be able to apply hot patches without rebooting. Absolutely do that now. Through Arc Enablement, so you can Arc Enable your Windows Server standard or data center edition. So Windows Server 25 and apply hot patching. It's available as a monthly subscription. And then again, and then it will also be available in Azure Edition as it has been at no additional cost when you're running Azure Edition on top of Azure or Azure IaaS or on top of Azure Stack HCI. So what is this hot patching? How does this kind of work? Let me just kind of give a little overview. So as you're all aware, like we have our regular servicing, our patch Tuesday updates. They're available, you know, the second Tuesday of every month, you know, so every month we release these updates. They include security and quality updates and then you apply them, reboot your server and you kind of get into this monthly rhythm. If you would like to, there will be a new option with 25 to basically opt into hot patch servicing. And so basically what will happen here is that if you can then opt in and then you can get on effectively call it like the hot patching train. And so when you're hot patching, then you will, you will do the baseline to call it January. And then when you go to patch for February, you just take a hot patch so it doesn't require reboot. And then March would be a hot patch again, no reboot. And then and then in April again, so it would be, you know, once a quarter, we do what's called the baseline and the baseline would be applying the normal patch Tuesday updates. So then that would require reboot. So this gets you from monthly updates to basically quarterly updates. So you're going to take four updates, four reboots a year opposed to 12 reboots a year. So that's kind of the value prop and differences. And so that just kind of continues, right? So you'll basically go baseline, then hot patch, hot patch baseline, hot patch, hot patch baseline. And we're focused on the security updates. And there's some dot net right now is not hot patchable. So there's some things which aren't hot patchable, but we're just getting started on this and we are innovating. We are growing. We are expanding. So you should see hot patching is just going to get more and more exciting. So let me give you another example. So one thing is just not rebooting is is interesting in itself and not taking downtime. But let's talk about we had some kind of really success story with how Xbox has been using hot patching. So, you know, obviously, Xbox is is huge and just kind of as an example, they did a little rollout on a subset of systems with 1000 servers running 18 different services, a whole bunch of different workloads. Before hot patching, it took them three weeks to roll out hot patches across the across all the different and required downtime. And they had to do that 12 outages a year. So they had the schedule maintenance and it took them three weeks to roll out every one. Now with hot patching, they did all 1000 servers and patched them with critical security updates and under 48 hours. So the other thing is that not only are hot patches not require a reboot, the important thing I want to point out here is that they are also much faster to install because they're just modifying in memory code. And so it's actually a very, very fast install. And so that's the other thing is that one, you don't take a reboot. And secondly, if you do want to schedule a maintenance window, it'll be very fast and very short and you can very quickly get your fleet updated when you get like a critical security update and you need to get it rolled out. So that's hot patching. Now, let's talk about what's new in Active Directory. So first off, there's a ton of security improvements in Active Directory in Windows Server 2025. There's, you know, support for TLS 1.3. There's a bunch of new encryption enhancements. There's, we're, you know, setting decryptions by default. And so there's just a whole bunch of security improvements. So one of the things is that you should think about is that if you're a heavy AD user, getting to 25 is going to provide a lot of value in getting you to the most get current and get secure. Another thing we have in 25 is that we've also expanded from a scalability perspective to have a 32K page sizes. So on a domain controller in the past, we had 8K pages, right? And so that limited the kind of from a scalability perspective, how large these could be. So now with Windows Server 25, we now support 32K page sizes, which significantly increases the amount of data that we can hold on individual in scalability for Active Directory. Now this does require a functional level update, and I want to talk about that in a little bit here. Another improvement that we've done around kind of perf and scale for Active Directory is it's now NUMA Aware. And so that's going to also take advantage of all the CPUs and really help Active Directory be more scalable on your domain controller. So again, getting to Server 25 is going to bring you a lot of security. It's going to bring you scalability improvements. It's going to bring you not only in NUMA Awareness and taking advantage of all those CPU cores, but it's also going to also bring the increased page sizes. Another change in Active Directory is that we're going to have a priority boost. So imagine you deploy a new domain controller and you want that to synchronize faster. Maybe you're on site, you're deploying the domain controller, and you are not going to get back on a plane and fly home or drive back home from that remote facility or remote branch office until you know everything's synchronized and looking good. So you can actually go and set a prioritization boost to an individual specific link that's going to help it synchronize faster. And so I talked about we are going to have a new functional level, so both a new domain functional level and a new forest level, and these will be required for these new features like being able to move from 8K sizes to 32. And actually we will, even if you introduce a Windows Server 25 domain controller, it will operate in the down level functional level. Obviously it's how domain functional levels have worked historically. So it will operate in a down level functional level, and then you can then update it once you get them all to the Windows Server 25 state, then the new features will unlock. So another thing I want to talk about is just kind of on our path to deprecate NTLM. We have a bunch of improvements. So this is an Active Directory specific, but this is just kind of related. So with Active Directory, one of the big key things you get is being able to do Kerberos authentication. Now for local accounts, historically that's used NTLM. So now we have the Kerberos key distribution service is now built into Windows. So we call that local KDC. So we have a local KDC that will authenticate local users. So we're no longer using NTLM. We'll now do Kerberos authentication for local user accounts. And then we have IA Kerberos, which is just we're doing Kerberos authentication negotiation across many more scenarios. And so you're going to see far fewer instances where we're really kind of working to remove NTLM dependencies throughout the stack and being able to modernize and be more secure on Kerberos. All right, so let's talk about storage. So one huge improvement we have in Windows Server 25 is around optimizing NVMe. And so this will really accelerate your mission critical workloads. It's going to improve performance, lower your CPUs, and you don't have to do anything. You just upgrade to Windows Server 25. You're going to get this new optimized NVMe driver. And you're going to notice that your hardware is going to operate significantly faster in your app. So let's just take a look at what this looks like. So if I do a little demo here, and on the left, you see I've got Windows Server 2022 and it's got 1.1 million IOPS. So that's what we did. We just ran a disc speed test. And on the right, you're going to see that we're getting significantly better performance. So all we did was we took the same hardware. We had Windows Server 2022 on it, we ran disc speed, then we put Server 25 on it, we ran disc speed. And you can see that we got a 70% performance improvement through these optimizations we've made in the storage stack. So this is just a crude value that should excite you that if NVMe is important to everyone these days, that you're going to want to get to Windows Server 25 to get these storage improvements. There's also a bunch of value that Windows Server 25 accrues value. So from Azure Stack HCI and other things. So we build actually features into, so Windows, it's a common kernel which is shared across many different products that we ship. So for Azure Stack HCI, you see features is on a faster release cadence, right? They're in an annual release cadence where we would ship features such as our EFS, you know, optimized Ddupe and compression, which is really good for like active workloads. The old Ddupe we had for was really good for static data. So great for like file servers, but not so good for like active running workloads like virtual machines. So we had a new Ddupe which showed up first in Azure Stack HCI because it's an annual release cadence and Windows Server is on a every two to three years release cadence for an LTSC release. And so eventually every when those LTSC we scoop up all that value and ship it through Windows Server. So we did a bunch of storage replic enhancements to improve the performance. We introduced compression now across all the different additions of Windows Server. And then we introduced for an Azure Stack HCI, you probably saw thinly provisioned spaces show up first, stretch cluster support of storage spaces. And now that's all accruing into Windows Server 2025. All right. Speaking of clustering, let's talk a little bit about clustering. So some changes in clustering for Server 25. So one, we make a bunch of reliability and performance improvements for cluster where updating cluster where updating is the orchestration tool that you can use to apply updates across all the nodes in your cluster. One of the things we've done is that now cluster we're updating will actually do OS upgrades. So you can actually cluster we're updating. So now I'm going to talk about a little bit. We have the ability to update Windows Server through Windows Update. That's a completely new thing. You're probably used to it on your Windows 11 devices. You just go into Windows Update. It says, Hey, there's a new version of Windows available. Do you want to upgrade and you just hit upgrade? It pulls it down over the internet. It reboots and then boom, you're up and running on the new version. We have brought all that simplicity to Windows Server 25. And you can orchestrate that on a cluster through cluster where updating. So in cluster where updating, you can say go upgrade the OS on my nodes. It will go through Windows Update, pull down the OS update. It will it will pause the node, drain the VMs. It will apply the OS update. It will reboot the node and it will roll through all the nodes. And at the end, you just need to, once you've verified everything's up and running, you just update the cluster function level. So that's wonderful. And so workgroup clusters is another thing. So we introduced workgroup clusters a couple of releases ago. Was it 16, 19? And that's ability for clusters to work without being joined to a domain, to an active directory domain. But one of the things that didn't work was the ability to do a live migration. So now live migration works without having domain dependencies. We're also using certificates to do authentication for live migration. And so that really lights up the whole scenario end to end, that if you want to deploy a Hyper-V cluster outside a DMZ at a remote branch office, maybe where it's not going to have a local domain controller, could lose access to a domain controller, you want to put it in some remote branch office in a retail store or something like that. Now live migration will work without requiring a domain controller. We also support GPUP live migration on failover clusters. That's going to copy the state on the graphics card from one, just like you're copying in-memory state of a virtual machine from one to another one. And then we also support stretch clusters between two sites with storage replica. All right, so let's move on and talk about Hyper-V. So first off, I just want to say Hyper-V is a critical foundational technology for Microsoft. We use it everywhere. Hyper-V is used as the foundation for Azure. Azure is built on Hyper-V. The Azure Stack family, whether you want to talk about Azure Stack HCI, Azure Stack Hub, they're all built on top of Hyper-V. Windows Server has Hyper-V. Windows Client has Hyper-V. Our container story is built on top of Hyper-V. And a lot of our platform security features actually take advantage of technologies in Hyper-V. And Xbox actually uses Hyper-V. I don't know if you knew that, but when you're playing games, you're running on top of Hyper-V. And so Hyper-V is critical to Microsoft as a whole. And sometimes here people say these kind of crazy things like, oh, Hyper-V is dead. That couldn't be a more ridiculous statement because Hyper-V is the foundation for everything critical to Microsoft. And so I just want to clearly establish that that Hyper-V is in Windows Server. It's not going away. We embrace customers running virtual machines on-prem, meeting where you're at. So as the leader of Windows Server, I'm here to tell you that you should not have any doubts. All right, let's keep going on some feature set stuff. So one I want to talk about, GPUP is now in Windows Server 25. That allows you to take a GPU and share it across multiple virtual machines. And we also support live migration of GPUP, that you can live migrate these VMs from one node to another and they're shared across it. We also support GPU pools where you can discreetly assign a GPU to an individual virtual machine. So let's say for example you have a VM that's running some ML workload and you want to assign an entire GPU to it and you want to have that dedicated GPU, you can absolutely do that. So you can do GPUP where you're sharing GPUs across different virtual machines or you can make sense for like a VDI or an RDS Remote Desktop Services type deployment. Where GPU pools might be for you have an ML app that requires some dedicated resources. We have improved in Windows Server 25 the dynamic processor compatibility. So we had dynamic processor compatibility and what that means is that let's imagine you have a cluster and you've added different servers to it that have different CPU capabilities. In the past we would say we have a bunch of different servers with different CPU capabilities and then we would reduce the functional set of the processor capabilities and we would do it to a pretty extreme measure that would really significantly reduce the performance of the virtual machine. And so as a result of that people always tried to avoid mixing and matching different hardware in the same cluster because it would really impact the performance. But now in server 25 we have completely redone dynamic processor compatibility. It's much more granular and looks at all the different capabilities between the different processors and then it's just reducing just the subset of capabilities which are not capable. So again it's significantly improved than what it was in the past. Another thing we have in 25 is that we've got some increased scalability for virtual machines 240 terabytes of RAM and most importantly what's new is the 204048 virtual processors. I don't know if people are going to be doing that big but if you want to there it is. And again I just want to do a reminder always use Gen2 VMs. A these large capabilities are only capable with Gen2 VMs. You want to use a UEFI BIOS. You want all the modern attributes that bring Gen2. So always use Gen2 VMs as my is just a reminder here. Alright with that let's talk about networking. So a bunch of networking improvements coming to Windows Server 25. One we have a network ATC which allows you to do very simple deployment and configuration across the nodes in a cluster. So it really simplifies the configuration of SDN across the nodes in the cluster. We also have network HUD kind of a heads up display which provides alerting and remediation of networking issues on your clusters. We now support multi-site for if you want to do a stretch cluster of SDN. We have a bunch of performance improvements. So a whole bunch of networking improvements coming to Windows Server 25. Let's talk about containers. So we have a bunch of flexibility in the sense that you can now upgrade the container. You can now upgrade the host without having to upgrade container. So they don't have to be in perfect lock steps that brings a lot of flexibility. And we have a faster release cadence with the Windows Server annual channel for those who want greater agility. There's some image size reductions that are going to help optimize the image. And we have some FODs, some features on demand that improve the AppCompat for Nano. So if you've been thinking about Nano, you've got some AppCompat issues. We have these FODs you can now install that will increase the binary surface and give you better AppCompat for Nano. And then we have a bunch of performance improvements. All right, let's talk about file services. So Quik is a secure and reliable transport built on UDP. We actually introduced SMB over Quik first in Windows Server 22 but only in Azure Edition. One big thing is that we now support Quik across all editions, Standard, Data Center and Azure Edition. And really it enables SMB for telecommuters, mobile devices, doesn't require a VPN, runs over port 443, it's always encrypted, it does TLS 1.3 authentication, so it's secure, secure communication over the internet. Let me show you a little demo. Let's see what this looks like. All right, so you're just going to go, I'm just going to show a little demo here. So I go to a file share, I'm here in a file server, I'm going to open a doc. This is what you've been doing for 20 years, right? You get a file server in your local land, you connect to it of course. So it's a demo put together by Ned Pyle who is the PM for SMB and of course no demo of Ned's would be complete without his dogs. So I'm going to sign out, I'm going to pick up my laptop, I'm going to walk down the road to a local coffee shop. So I'm just virtually walking down to a remote coffee shop. So what if I go do that same scenario, right? So I'm going to go ahead and try to open that file, there's my link to my file server, whack, whack, win, blah, blah, blah, blah, blah. And of course you know this doesn't work, right? If you're not on the local land, then you're not going to get access to your file server, you're not going to get access to your files. So now in Windows Server 25, I can go in and into this is in Windows Admin Center and I can go in and I can configure quick. And so I can define some aliases that I want to connect to and I can select, I'm going to select the names that want to be able to respond to those names. I'm going to change that to enabled for quick. It's over, you can see over port 443, I just hit enable. And now you can see it's enabled SMB over quick is enabled. It's all ahead to do. I just went in there. Now I'm going to try to open that same file. I'm at my coffee shop, right? And it will try to connect and there's my file, right? So it initially, and now you can see I'm running over quick. So I'm in my coffee shop, connected over quick. I didn't have to do any changes to the client. I just did a server side change to enable quick and your Win 11 client will communicate over quick to the server. So that's pretty powerful. But we did a bunch of security improvements for SMB as well. And so we have SMB signing is enabled by default. I want to pop. I want to highlight that as a potential app compat risk. So we are taking a different mindset with Windows Server 25, which is being secure by default. In the past, we always were, you know, more reluctant and always weaned on the side of ensuring compatibility, a little bit of a mindset change that we've taken with 25 is being secure by default. Again, you can go turn this off, but we're going to be secure by default out of the box. So when you just click next, next, next, it's going to be secure and you can sleep well at night. So signing is enabled by default now, which stops relay attack, tax the mills and phishing. We have an authentication rate limiter that limits password retry attempts by two seconds. That significantly slows down brute force attacks, takes them from taking seconds to do brute force attacks to days. And so that's going to give you an opportunity of visibility when brute force attacks are happening and really slow down that vulnerabilities. We did a bunch of hardening of the SMB firewall rules. We don't open SMA ports as we used to. And we have some granular controls of the SMB dialects and disabling NTLM, which is all new. So let's talk about the modern server experience. So I want to talk about Wing Get really quick. Actually, I'm just going to jump right in the demo because it's just so cool. What Wing Get does is I'm going to describe it as the store for Windows Server, right? It allows you to discover and install and upgrade apps. You know what? Scene is believing if you haven't used Wing Get yet. All right. So I'm going to open a terminal session and I'm going to do a Wing Get search and let's look for everything Microsoft. And so it comes back and you can see there is a lot already published and that you can install off of Wing Get. We've got .NET, we've got PowerShell, which is actually, I think, the most interesting for IT admins is that now you can install PowerShell 7 through Wing Get. And I think that's actually the most interesting one. But just as an example here, we're going to do a search and we're going to install, well, a super critical app. It's belonging to my server. Let's look for sticky notes. Oh, there's sticky notes. So we'll just do this kind of for fun. We're going to install Wing Get install and then we're going to do sticky notes. And that's it. I just do Wing Get install sticky notes and it's installing it on my Windows Server. So now let's do another search, another common tool. Everybody loves this internals tools, right? So I want to be able to install. So I can do a Wing Get. I can search. I can find all our SysInternal tools. But let's do an install. Let's install actually doing, with the syntax, you can pass it multiple times. So this is installing Process Monitor, Process Explorer, TCP Viewer. These are tools you might want on your Windows Server. So now that's all it was. So now you can see I launch Process Monitor. So super simple, right? Process Explorer, go back to my command prompt. And there's Process Explorer. So that was just a really clean, simple way. You don't have to go search the internet now. Go find these tools to be able to install them. Effectively think of this as the store for, I like to think of it as the store for Windows Server. And in a very scalable way, you see that I was able to go install three apps at the same time and stack them all up and install them all at the same time. So you could say you got a bunch of different things you want to install. You could install them all at the same time. But it's more than just simple things like doing sticky notes and some basic system internal tools. Let's install SQL Server. So here you can see SQL is out on Winget and we're installing SQL Server right now. That's going through the installation process. We'll give it just another minute here. And it's still going. And there we go. Completed. So there you go. I just installed SQL Server through Winget on my Windows Server. And now let's grab that log file and maybe there is a user sticky notes. We're going to go. We can paste that in the sticky notes. So there you go. There's a user sticky notes on my server. So, all right. So now let's talk about upgrades. So one of the things that I alluded to before was OS upgrades through Windows updates. So as you are used to on your Windows client devices, you run Windows update and you click, and it says, hey, there is an OS update available, a new version. This is some pre-release kind of stop screenshots here. So kind of ignore that. But on my left is Windows Server 22 and it says, hey, there's an OS update available. Do you want to upgrade? And you just say, download and install like you would on your Windows client and it will pull down Windows Server 25. It will install it. You reboot your up on the new version. It's that simple. You, in the past, it was so hard and friction-full to present the media into the VM, especially like if you're running on Azure. It was super hard to upgrade the OS versions. Now, if you've got like a Windows Server running on Azure and an IaaS VM, you just get to upgrade and you're up and running on the new version. This is also fully controllable through Group Policy. So if you want to prevent your junior admins, if like you haven't approved running to Windows Server 25, yet you can have Group Policies to control these Windows updates just the same as on client. So if you don't want people, junior admins running around, upgrading all your servers to 25 because you haven't approved it at the corporate level yet. We also have some ARC integration wizards to make it really simple to set up ARC. In the past, it was very hard. All PowerShell, command line syntax, very complex. Now it's super easy. We've modernized a lot of things on Windows Server. We've got Bluetooth support now. So if you want a Bluetooth keyboards and mice that you want to use with Windows Server, again, that just kind of seems silly in a modern day that we didn't support that. We have Wi-Fi support. So if you have a Windows Server sitting in a branch office, you know, like back in some manager's office or like at a retail store and you want to have Wi-Fi support. And then another thing we're going to have in Server 25 is a new subscription-based purchasing model. So in the past, Windows Server has always been sold as a perpetual license. You buy it. You get a key and you own it for 10 years or you own it as a perpetual license, excuse me, and it's supported for 10 years. But you own it as a perpetual license. We are now introducing it in a subscription model. We have other products available in subscription models such as Azure Stack HCI and SQL Server 2022 also introduced it. And they're all built through Azure Commerce. So if you like an OPEX model, if you want to be built through Azure Commerce and you want to have a, maybe you're a customer who's 95% in on Azure and you just have a small little footprint on-prem, it can now be built through a common way. So we now have Windows Server that'll be available as that. But don't worry, all the ways we've sold Windows Server for the last, you know, 20 years are not going away. So you can still buy perpetual licenses through all the ways you've been doing in the past, whether you've got your software assurance customer and enterprise agreement or volume licensing or whatever you have done in the past. And if you like that, it's still there, not going away. But this is just a new flexible option. All right. And with that, that's kind of the top level overview, kind of a speed run of everything new in Windows Server 25. I encourage, please go download the Windows Server Insiders. All these features are there. Go try them out. We love your feedback. We have a Windows Server Insider community where you can post feedback. All right. And with that, thank you and have a good day.