Windows Admin Center Secured-core server view

The latest Windows Admin Center (WAC) release, version 2511 (November 2025, public preview), introduces refreshed management tools and deeper integration with modern Windows security features like Secure Boot, TPM 2.0, Kernel DMA Protection, Virtualization‑based Security (VBS), and OSConfig baselines for Windows Server.

Secured-core is a collection of capabilities that offers built-in hardware, firmware, driver and operating system security features. The protection provided by Secured-core systems begins before the operating system boots and continues whilst running. Secured-core server is designed to deliver a secure platform for critical data and applications.

Secured-core server is built on three key security pillars:

• Creating a hardware backed root of trust.
• Defense against firmware level attacks.
• Protecting the OS from the execution of unverified code.

Windows Admin Center 2511: Security Meets Modern Management

Windows Admin Center has steadily evolved into the preferred management platform for Windows Server and hybrid environments. With the 2511 build now in public preview, Microsoft continues to refine the experience for IT administrators, blending usability improvements with defense‑in‑depth security Microsoft Community.

 Security Features at the Core

What makes this release stand out is how WAC aligns with the latest Windows security stack. Let’s break down the highlights:

• OSConfig Security Baselines
  WAC now integrates baseline enforcement, ensuring servers adhere to CIS Benchmarks and DISA STIGs. Drift control automatically remediates deviations, keeping configurations locked to secure defaults. ( I like this one!)
• Hardware‑based Root of Trust
  Through TPM 2.0 and System Guard, WAC can validate boot integrity. This means admins can remotely attest that servers started securely, free from tampering.
• Kernel DMA Protection
  Thunderbolt and USB4 devices are notorious vectors for DMA attacks. WAC surfaces configuration and compliance checks, ensuring IOMMU‑based protection is active.
• Secure Boot Management
  OEM Secure Boot policies are visible and manageable, giving admins confidence that only signed, trusted firmware and drivers load during startup.
• Virtualization‑based Security (VBS)
  WAC exposes controls for enabling VBS and Memory Integrity (HVCI). These features isolate sensitive processes in a hypervisor‑protected environment, blocking unsigned drivers and kernel exploits.

Windows Server security baseline not yet implemented as you can see

 What’s New in Build 2511

Beyond security, version 2511 delivers refinements to the virtual machines tool, installer improvements, and bug fixes. Combined with the backend upgrade to .NET 8 in the earlier 2410 GA release, WAC is faster, more reliable, and better equipped for enterprise workloads.

Why It Matters

In today’s hybrid IT landscape, security and manageability must coexist. Windows Admin Center 2511 demonstrates Microsoft’s commitment to:

• Unified management: One pane of glass for servers, clusters, and Azure Arc‑connected resources.
• Compliance assurance: Built‑in baselines reduce audit headaches.
• Future‑proof security: Hardware‑rooted trust and virtualization‑based isolation protect against evolving threats.

Final Thoughts

If you’re an IT admin preparing for Windows Server 2025 deployments, the new Windows Admin Center build is more than just a management tool—it’s a security enabler. By weaving in Secure Boot, TPM, DMA protection, and VBS, WAC ensures that your infrastructure isn’t just easier to manage, but fundamentally harder to compromise.

Here you find the Microsoft docs :

What is Secured-core server for Windows Server | Microsoft Learn

OSConfig overview for Windows Server | Microsoft Learn

How System Guard helps protect Windows | Microsoft Learn

Kernel DMA Protection | Microsoft Learn

Secure boot | Microsoft Learn

Trusted Plaform Module (TPM) 2.0 | Microsoft Learn

Virtualization-based Security (VBS) | Microsoft Learn

Enable memory integrity | Microsoft Learn

What is Windows Admin Center Virtualization Mode (Preview)?

Windows Admin Center Virtualization Mode is a purpose-built management experience for virtualization infrastructure. It enables IT professionals to centrally administer Hyper-V hosts, clusters, storage, and networking at scale.

Unlike administration mode, which focuses on general system management, Virtualization Mode focuses on fabric management. It supports parallel operations and contextual views for compute, storage, and network resources. This mode is optimized for large-scale, cluster-based environments and integrates lifecycle management, global search, and role-based access control.

Virtualization Mode offers the following key capabilities:

• Search across navigation objects with contextual filtering.
• Support for SAN, NAS, hyperconverged, and scale-out file server architectures.
• VM templates, integrated disaster recovery with Hyper-V Replica, and onboarding of Arc-enabled resources (future capability).
• Software-defined storage and networking (not available at this time).

Install Windows Admin Center Virtualization Mode

Test all these New features of Windows Admin Center and Windows Server in your test environment and be ready for production when it becomes general available. Download Windows Admin Center 2511 Preview here

As businesses race toward cloud-native infrastructure and microservices, Windows Server 2025 Core emerges as a lean, powerful platform for hosting Docker containers. With its minimal footprint and robust security posture, Server Core paired with Docker offers a compelling solution for modern application deployment.

Architecture Design: Windows Server Core + Docker

Windows Server 2025 Core is a headless, GUI-less version of Windows Server designed for performance and security. When used as a Docker container host, it provides:

• Lightweight OS footprint: Reduces attack surface and resource consumption.
• Hyper-V isolation: Enables secure container execution with kernel-level separation.
• Support for Nano Server and Server Core images: Ideal for running Windows-based microservices.
• Integration with Azure Kubernetes Service (AKS): Seamless orchestration in hybrid environments.

Key Components

Component	Role in Architecture
Windows Server 2025 Core	Host OS with minimal services
Docker Engine	Container runtime for managing containers
Hyper-V	Optional isolation layer for enhanced security
PowerShell / CLI Tools	Management and automation
Windows Admin Center	GUI-based remote management

Installation Guide

Setting up Docker on Windows Server 2025 Core is straightforward but requires precision. Here’s a simplified walkthrough:

Windows Server 2025 Datacenter Core running

1. Install Required Features

Use PowerShell to install Hyper-V and Containers features:

Install-WindowsFeature -Name Hyper-V, Containers -IncludeManagementTools -Restart

2. Install Docker

Download and install Docker from the official source or use the PowerShell script provided by Microsoft:

Invoke-WebRequest “https://download.docker.com/win/static/stable/x86_64/docker-28.4.0.zip” -OutFile “docker.zip”

Unzip and configure Docker as a service:

at Docker directory to your path

Add the Docker config directory

Set the daemon

Create the Docker Service

net start docker

docker version

Docker Host on Windows Server 2025 Core is Installed

3. Configure Networking

Ensure proper NAT or transparent networking for container communication.

4. Pull Base Images

Use Docker CLI to pull Windows container images:

docker pull mcr.microsoft.com/windows/servercore:ltsc2025

5. Test Deployment

Run a sample Windows Server 2025 core container:

docker run -it mcr.microsoft.com/windows/servercore:ltsc2025

Inside the Windows Server 2025 Core Container on the Docker host.

Best Practices

To maximize reliability, security, and scalability:

• Use Hyper-V isolation for sensitive workloads.
• Automate deployments with PowerShell scripts or CI/CD pipelines.
• Keep base images updated to patch vulnerabilities.
• Monitor containers using Azure Arc monitoring or Windows Admin Center.
• Limit container privileges and avoid running as Administrator.
• Use volume mounts for persistent data storage.

Conclusion: Why It Matters

For developers, Windows Server 2025 Core with Docker offers:

• Fast iteration cycles with isolated environments.
• Consistent dev-to-prod workflows using container images.
• Improved security with minimal OS footprint and Hyper-V isolation.

For businesses, the benefits are even broader:

• Reduced infrastructure costs via efficient resource usage.
• Simplified legacy modernization by containerizing Windows apps.
• Hybrid cloud readiness with Azure integration and Kubernetes support.
• Scalable architecture for microservices and distributed systems.

Windows Server 2025 Core isn’t just a server OS—it’s a launchpad for modern, secure, and scalable containerized applications. Whether you’re a developer building the next big thing or a business optimizing legacy systems, this combo is worth the investment.

Integrating Azure Arc into the Windows Server 2025 Core + Docker Architecture for Adaptive Cloud

Overview

Microsoft Azure Arc extends Azure’s control plane to your on-premises Windows Server 2025 Core container hosts. By onboarding your Server Core machines as Azure Arc–enabled servers, you gain unified policy enforcement, monitoring, update management, and GitOps-driven configurations—all while keeping workloads close to the data and users.

Architecture Extension

• Azure Connected Machine Agent
  Installs on Windows Server 2025 Core as a Feature on Demand, creating an Azure resource that represents your physical or virtual machine in the Azure portal.
• Control Plane Integration
  Onboarded servers appear in Azure Resource Manager (ARM), letting you apply Azure Policy, role-based access control (RBAC), and tag-based cost tracking.
• Hybrid Monitoring & Telemetry
  Azure Monitor collects logs and metrics from Docker Engine, container workloads, and host-level performance counters—streamlined into your existing Log Analytics workspaces.
• Update Management & Hotpatching
  Leverage Azure Update Manager to schedule Windows and container image patches. Critical fixes can even be applied via hotpatching on Arc-enabled machines without a reboot.
• GitOps & Configuration as Code
  Use Azure Arc–enabled Kubernetes to deploy container workloads via Git repositories, or apply Desired State Configuration (DSC) policies to Server Core itself.

Adaptive Cloud Features Enabled

• Centralized Compliance
  Apply Azure Policies to enforce security baselines across every Docker host, ensuring drift-free configurations.
• Dynamic Scaling
  Trigger Azure Automation runbooks or Logic Apps when performance thresholds are breached, auto-provisioning new container hosts.
• Unified Security Posture
  Feed security alerts from Microsoft Defender for Cloud into Azure Sentinel, correlating threats across on-prem and cloud.
• Hybrid Kubernetes Orchestration
  Extend AKS clusters to run on Arc-connected servers, enabling consistent deployment pipelines whether containers live on Azure or in your datacenter.

More information about Innovate on an Adaptive Cloud here

Integration Walkthrough

1. Prepare your Server Core host (ensure Hyper-V, Containers, and Azure Arc Feature on Demand are installed).
2. Install Azure Arc agent via Azure PowerShell
3. In the Azure portal, navigate to Azure Arc > Servers, and verify your machine is onboarded.
4. Enable Azure Policy assignments, connect to a Log Analytics workspace, and turn on Update Management.
5. (Optional) Deploy the Azure Arc GitOps operator for containerized workloads across hybrid clusters.

Visualizing Azure Arc in Your Diagram

Above your existing isometric architecture, add a floating “Azure Cloud Control Plane” layer that includes:

• ARM with Policy assignments
• Azure Monitor / Log Analytics
• Update Manager + Hotpatch service
• GitOps repo integrations

Draw data and policy-enforcement arrows from this Azure layer down to your Windows Server Core “building,” Docker cube, container workloads, and Hyper-V racks—demonstrating end-to-end adaptive management.

Why It Matters

Integrating Azure Arc transforms your static container host into an adaptive cloud-ready node. You’ll achieve:

• Consistent governance across on-prem and cloud
• Automated maintenance with zero-downtime patching
• Policy-driven security at scale
• Simplified hybrid Kubernetes and container lifecycle management

With Azure Arc, your Windows Server 2025 Core and Docker container hosts become full citizens of the Azure ecosystem—securing, monitoring, and scaling your workloads wherever they run.

Better Together

 

Updating Windows Server Insider Preview Build to version 26461.1001

On August 7, 2025, Microsoft dropped a fresh Insider Preview build for Windows Server vNext—Build 26461—and it’s packed with innovations aimed at enterprise resilience, storage performance, and hybrid cloud readiness. Whether you’re a datacenter architect or a curious sysadmin, this build offers a glimpse into the future of Windows Server 2025.

Rack Level Nested Mirror (RLNM) for S2D Campus Cluster

One of the headline features is Rack Level Nested Mirror (RLNM) for Storage Spaces Direct (S2D) Campus Clusters. This enhancement is designed to meet NIS2 compliance for multi-room data redundancy in industrial environments.

Key capabilities:

• Enables fast and resilient storage across multiple racks or rooms.
• Supports all-flash storage (SSD/NVMe) with RDMA NICs (iWARP, RoCE, InfiniBand).
• Requires defining rack fault domains during cluster setup.
• Supports four-copy volumes with both fixed and thin provisioning.

This is a game-changer for factories and enterprises needing high availability across physical fault domains.

Under the Hood: Germanium Codebase

Build 26461 is based on the Germanium codebase, aligning with the broader Windows 11 ecosystem. It supports both AMD64 and ARM64 architectures and was compiled on July 31, 2025.

Final Thoughts

Windows Server vNext Build 26461 is more than just a preview—it’s a blueprint for the next generation of enterprise-grade infrastructure. With RLNM, expanded deployment options, and tighter integration with Azure, Microsoft is clearly doubling down on hybrid cloud and high-availability scenarios.

You can explore the full announcement on Microsoft’s Community Hub. Enjoy your testing

Windows Server 2025 Insider Preview Build 26433 Datacenter Edition

In a digital era where agility, security, and resilience define success, enterprises are constantly seeking ways to future-proof their IT infrastructure. Enter the Windows Server Insider Program — a gateway into the future of Windows Server, offering IT professionals and enterprise architects a unique head-start in shaping and testing tomorrow’s server technologies.

What Is the Windows Server Insider Program?

At its core, the Windows Server Insider Program is Microsoft’s early-access platform for organizations and individuals eager to test pre-release versions of Windows Server. It allows IT departments to explore upcoming features, evaluate improvements, and provide feedback well before general availability — all while aligning their roadmap with Microsoft’s evolving ecosystem.

Strategic Benefits for Enterprise Businesses

1. Early Access to Innovation

Being the first to test new builds offers a strategic advantage. Enterprises can evaluate enhancements such as improved virtualization support, deeper integration with Azure services, and security updates, giving them ample lead time to plan deployments and migrations.

2. Security Readiness

With constantly evolving cybersecurity threats, security must be proactive, not reactive. Insider builds often preview cutting-edge security features, like Just-in-Time administration and advanced auditing, enabling security teams to assess and incorporate them into enterprise policies early on.

3. Operational Efficiency through Feedback

Insiders are encouraged to report issues, suggest enhancements, and contribute to the design process. Enterprises that participate become co-creators in shaping Windows Server — turning feedback into business-aligned features that improve workflows and infrastructure performance.

4. Skills Development and Training

IT professionals gain first-hand experience with upcoming technologies, enhancing team expertise and preparing staff for smoother transitions during official releases. This becomes a valuable part of enterprise L&D strategies, minimizing learning curves and avoiding costly deployment surprises.

5. Better Long-Term Planning

Access to Insider builds allows enterprises to assess hardware compatibility, benchmark performance, and refine internal tools or scripts, reducing friction during upgrades or cloud migrations.

Real-World Scenario: Testing Hybrid Flexibility

Imagine an enterprise planning a hybrid infrastructure strategy using Azure Arc and on-prem Windows Server. By experimenting with preview builds, they can test hybrid management policies, refine group configurations, and validate security baselines — all without impacting production environments.

How to Get Started

Enrollment is straightforward. Enterprises can sign up using their Microsoft account and download the latest Insider builds from the Windows Server Insider Preview portal.

Final Thoughts

In enterprise tech, innovation waits for no one. The Windows Server Insider Program offers more than just access — it’s a strategic lever for proactive IT leadership. By embracing this program, organizations gain the insight, influence, and preparedness to lead in the evolving digital landscape.

If your enterprise hasn’t joined yet, now might be the best time to get ahead of the curve — because the future of infrastructure isn’t just about adopting change. It’s about helping build it.

 

Unleashing the Future: Windows Server 2025’s Hyper‑V Virtualization & Advanced Security

Microsoft Windows Server 2025 is rewriting the playbook on enterprise virtualization. With its Hyper‑V solution at the core, it delivers not only powerful computing and storage capabilities but also a resilient security foundation that addresses today’s rapidly evolving threat landscape. In this post, we’ll explore the architectural advances, enhanced virtualization features, and robust security mechanisms baked into this release.

Hyper‑V in Windows Server 2025: A New Paradigm in Virtualization

A Strategic and Integrated Platform

Hyper‑V remains Microsoft’s flagship hardware virtualization technology—now scaled to meet modern data center demands. In Windows Server 2025, Hyper‑V serves as the backbone for a wide array of Microsoft solutions, from on‑premises infrastructures to cloud integrations via Azure and Azure Arc. This unified approach ensures seamless orchestration across hybrid environments, providing flexibility and cost efficiencies to businesses switching between workloads on Windows Server Standard and Datacenter editions. Notably, while the Standard edition grants licensing rights to run two Windows Server guest operating systems, the Datacenter edition offers unlimited virtualization rights, empowering enterprises with a dramatic boost in scalability.

Virtual Machines Optimized for Modern Workloads

Hyper‑V’s modern enhancements are not just about quantity but also quality. The solution supports a diverse catalog of guest operating systems—including not only Windows but also leading Linux distributions such as Red Hat Enterprise Linux, CentOS, Debian, Oracle Linux, SUSE, and Ubuntu, with integration services natively updated within the Linux kernel. Even FreeBSD gets its own integration enhancements for improved performance. By offering this extensive compatibility, Microsoft ensures that organizations can integrate heterogeneous environments without sacrificing performance or support.

Innovative Tools and Performance Enhancements

Windows Server 2025 embraces innovative management and performance tools:

• DTrace Integration: A native tool for dynamic system instrumentation, DTrace’s inclusion allows administrators to conduct real‑time performance monitoring and troubleshooting at both the kernel and user levels without modifying source code.
• Storage and Networking Virtualization: Integrated with technologies like Software‑Defined Storage (Storage Spaces Direct) and Software‑Defined Networking (SDN), Hyper‑V enables efficient resource utilization across modern storage infrastructures—whether local, SAN, or hyperconverged solutions. SDN Multisite allows you to expand the capabilities of traditional SDN deployed at different physical locations. SDN Multisite enables native Layer 2 and Layer 3 connectivity across different physical locations for virtualized workloads
• Enhanced Desktop Integration and Hybrid Cloud Capabilities: The new desktop shell and advanced upgrade paths from previous Windows Server versions ensure a smooth transition, bolstering both administrative efficiency and user experience.

Together, these capabilities position Hyper‑V as a strategic tool in the IT arsenal of enterprises worldwide.

Fortifying Infrastructure with Advanced Security

Multilayered Security Architecture

On the security front, Windows Server 2025 represents a major leap forward. At a time when cyber threats are increasingly sophisticated, Microsoft has embedded multiple security layers directly into the operating system. Hyper‑V plays a central role in virtualization‑based security (VBS), where hardware virtualization creates isolations that serve as roots of trust—from the hypervisor to the kernel. This design reduces the attack surface significantly, even if core components are compromised.

Active Directory and SMB Improvements

Primary security staples such as Active Directory have seen significant security enhancements. New protocols, improved encryption standards, and hardened configurations offer a resilient defense against credential-based attacks. In addition, file sharing services in Windows Server 2025 benefit from SMB hardening techniques, including support for SMB over QUIC. This ensures that file sharing remains secure against man‑in‑the‑middle attacks, brute force attempts, and spoofing threats while providing seamless access over the internet.

Delegate Managed Service Accounts (dMSA)

Microsoft has also overhauled the approach to service identity management. By introducing delegate Managed Service Accounts (dMSA), Windows Server 2025 eliminates the need for manual password management on service accounts. This automated process not only simplifies administrative overhead but also tightens security by ensuring that every account has the minimal privileges required—and every access is logged for better accountability.

Hotpatching: Zero‑Downtime Security Updates

Among the innovations, hot patching stands out as a “game changer.” In traditional systems, applying security patches often necessitated reboots—a disruptive process in today’s always‑on environments. Windows Server 2025 now supports hot patching, enabling administrators to apply updates to live systems without interruption. By leveraging Azure Arc, Windows Server 2025 brings a level of agility to on‑premises deployments similar to that found in cloud environments. It’s important to note, however, that for on‑premises solutions, hot patching is currently offered under a paid subscription model, while Azure customers get this capability as part of standard service offerings.

Hotpatch process

Bridging Cloud and On‑Premises with Seamless Integration

Hybrid Cloud Flexibility

Windows Server 2025’s hybrid cloud capabilities offer the best of both worlds. When integrated with Microsoft Azure Arc, Hyper‑V not only extends its virtualization benefits but also ensures that on‑premises deployments continuously receive cutting‑edge cloud agility. This seamless integration paves the way for dynamic scaling, improved disaster recovery, and unified management across multi‑cloud environments.

Cost Efficiency and Licensing Strategies

The licensing approach is designed with flexibility in mind. Whether you opt for the Standard edition or embrace the unlimited potential of the Datacenter edition, you receive enterprise‑grade virtualization at no additional cost for Hyper‑V. This cost model proves particularly attractive for organizations extending their operations to include Linux guests or multiple virtualized servers, streamlining operational costs without compromising security or performance.
Here you find more about Comparison of Windows Server editions.

Conclusion

Microsoft Windows Server 2025, with its powerhouse Hyper‑V virtualization solution, redefines how enterprises approach infrastructure management in an era of constant digital transformation. By combining advanced virtualization techniques with multilayered security features—ranging from VBS to hot patching—this release is a testament to Microsoft’s commitment to high performance and resilient, adaptive security.

For IT professionals eager to modernize their data centers and streamline hybrid cloud deployments, exploring the latest improvements in Hyper‑V and the overarching security framework in Windows Server 2025 is not just recommended—it’s imperative.

If you’re looking to experiment with these features and integrate them into your infrastructure, consider diving deeper into hot patching subscription details, exploring Linux guest integrations, or even benchmarking Hyper‑V performance against legacy virtualization systems. Each step uncovers further opportunities to optimize and secure your IT environment for the future.

JOIN the Microsoft Windows Server Insider Program

Test and Innovate with the New Windows Server Insider features!
It’s Awesome and Hyper-V Rocks

Try Now!

Windows Server 2025 Insider Preview Build 26360

Exploring the Latest Features in Microsoft Windows Server Insider Preview Builds

Microsoft’s Windows Server Insider Preview Builds are a treasure trove of innovation and advanced features designed to enhance performance, security, and flexibility for IT professionals. Today, we’re diving into the latest updates and new features introduced in the Windows Server 2025 Insider Preview Build.
Here you find more on What’s New in Microsoft Windows Server 2025

Here are some Highlights of new Windows Server 2025 Insider Preview features:

1. Enhanced Security with Delegated Managed Service Accounts (dMSA)

One of the standout features in this build is the introduction of Delegated Managed Service Accounts (dMSA). This new account type allows for migration from traditional service accounts to machine accounts with managed and fully randomized keys. By linking authentication to the device identity, dMSA helps prevent credential harvesting through compromised accounts, a common issue with traditional service accounts.

2. Windows Admin Center (WAC) Integration

Starting with this build, users can now download and install the Windows Admin Center (WAC) directly from the Windows Server Desktop. This in-OS app simplifies the installation process and provides a seamless experience for managing your server infrastructure.

3. Bluetooth Connectivity

Windows Server 2025 now supports Bluetooth connectivity, allowing users to connect mice, keyboards, headsets, and other peripherals directly to the server. This feature enhances flexibility and convenience for server management.

4. DTrace for Real-Time Performance Monitoring

The new build includes DTrace, a powerful command-line utility that enables real-time performance monitoring and troubleshooting. DTrace allows users to dynamically instrument both kernel and user-space code without modifying the code itself, supporting a range of data collection and analysis techniques.

5. Improved Upgrade Experience

Upgrading to Windows Server 2025 has never been easier. The build supports in-place upgrades from Windows Server 2012 R2 and later versions, allowing you to upgrade up to four versions at a time. This streamlined upgrade process ensures a smooth transition to the latest server version.

6. Feedback Hub for User Input

The new Feedback Hub app is now available for Server Desktop users. This app allows users to submit feedback or report issues directly to Microsoft, helping the development team understand user experiences and improve future builds.

7. SMB over QUIC and Alternative Ports

The build introduces SMB over QUIC with support for alternative ports. This feature enhances security and performance by allowing SMB traffic to use custom-defined ports instead of the default UDP/443 port.

8. Enhanced Desktop Experience

When you sign in for the first time, the desktop shell experience now conforms to the style and appearance of Windows 11. This visual update provides a familiar and modern interface for server administrators.

These new features and enhancements in the Windows Server 2025 Insider Preview Build demonstrate Microsoft’s commitment to providing cutting-edge solutions for IT professionals. Whether you’re looking to improve security, streamline management, or enhance performance, the latest Windows Server Insider Preview Build has something to offer.

Stay tuned for more updates and features as Microsoft continues to innovate and improve its server offerings.

Conclusion:

Become a Microsoft Windows Server Insider and get all the newest features first to play with it in your test environment.

Get started here and register for free

Install-Module -Name Microsoft.OSConfig -Scope AllUsers -Repository PSGallery -Force

The security baselines can be configured through PowerShell, Windows Admin Center, and Azure Policy. The OSConfig tool is a security configuration stack that uses a scenario-based approach to deliver and apply the desired security measures for your environment. The security baselines throughout the device life cycle can be applied using OSConfig starting from the initial deployment process.

To verify that the OSConfig module is installed, run the following command:
Get-Module -ListAvailable -Name Microsoft.OSConfig

Here we check the Baseline Security Compliance:
Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer | ft Name, @{ Name = “Status”; Expression={$_.Compliance.Status} }, @{ Name = “Reason”; Expression={$_.Compliance.Reason} } -AutoSize -Wrap

You will see that the Security Baseline is not Complaint.

Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer -Default

Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer

Now we do the Security Baseline Compliance Check again:

Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer | ft Name, @{ Name = “Status”; Expression={$_.Compliance.Status} }, @{ Name = “Reason”; Expression={$_.Compliance.Reason} } -AutoSize -Wrap

Conclusion

With OSConfig you can set the default of Microsoft Security Baseline in a quick way. It’s important to test everything first in a test environment before you set these settings in production. Here you find more information on GitHub

You can make also your own custom Security Baselines with OSConfig.

Keep your Microsoft Security Baseline up-to-date

OSConfig Overview

 

Photo of the Day Rick Claus at the Microsoft MVP – RD Wall at MS Ignite 2024

Keynote by CEO Satya Nadella

Love this Windows 365 Link Device (Preview)

The world’s Computer

Microsoft Azure Local announcement

Microsoft Azure Integrated HSM

for Security first

Microsoft Azure Boost DPU Chip

Microsoft adopts NVIDIA Blackwell to power the next frontier of AI supercomputing

Security is a Team Effort

Microsoft Security Exposure Management

Scott Guthrie on Stage with the Most Developer Tools

Microsoft Azure AI Foundry Announcement 

Microsoft SQL Server 2025 Preview Announcement by Scott

Microsoft SQL Overview Slide with Fabric

Jeremy Winter about Azure and staying ahead of evolving threats at every layer

Microsoft Windows Server 2025 Hyper-V

This was my first day impression of Microsoft Ignite 2024 Event, It was Awesome to see and hear all the News!

Here you find the Microsoft Ignite 2024 Book of News

Let’s go for Day 2 of Microsoft Ignite 2024

 

Windows Server 2025 is here! Discover the latest features including hotpatching, next-generation Active Directory, easier onboarding to Azure Arc for hybrid and multi-cloud management, and a simplified upgrade process.

What’s New in Microsoft Windows Server 2025

Go to Microsoft evaluation center and try Windows Server 2025 yourself

Windows Server 2025 and SystemCenter 2025 available!

Windows Server 2025 and System Center 2025: A New Era of IT Management

Microsoft has officially launched Windows Server 2025 and System Center 2025, marking a significant milestone in the evolution of IT infrastructure management. These releases bring a host of new features and enhancements designed to improve security, performance, and manageability for both on-premises and hybrid cloud environments.

Windows Server 2025: Key Features and Enhancements

• Advanced Security Features: Windows Server 2025 introduces several security enhancements, including Credential Guard, which is now enabled by default to protect against credential theft attacks. The new Active Directory functionalities offer improved security for confidential attributes and default machine account passwords.
• Hybrid Cloud Capabilities: With hotpatching enabled by Azure Arc, Windows Server 2025 allows for seamless updates without requiring reboots, minimizing downtime and enhancing operational efficiency. This feature is particularly beneficial for organizations operating in hybrid cloud environments.
• Performance Improvements: Windows Server 2025 delivers up to 60% more storage IOPs performance compared to its predecessor, thanks to NVMe storage performance enhancements. Additionally, the introduction of block cloning support provides significant performance benefits when copying files.
• User Experience Enhancements: The new Desktop shell in Windows Server 2025 adopts the Windows 11 look and feel, supporting features like Bluetooth mice and keyboards, 7z and TAR compression formats, and the new Task Manager.

System Center 2025: Streamlined Management

• Infrastructure Modernization: System Center 2025 supports the latest Windows Server version from Day 0, providing management and monitoring capabilities for Azure Stack HCI 23H2 clusters. This ensures that organizations can manage heterogeneous infrastructure with a single management plane.
• Enhanced Security: System Center 2025 includes support for Transport Layer Security (TLS) version 1.3, ensuring that all data transmissions are protected by the latest encryption standards. Additionally, Data Protection Manager (DPM) 2025 introduces the capability to securely store passphrases in Azure Key Vault.
• Improved Automation and Monitoring: System Center Orchestrator allows for efficient creation and execution of runbooks using native PowerShell scripts, while System Center Operations Manager provides comprehensive monitoring of health, capacity, and usage across applications and infrastructure.
• Backup and Disaster Recovery: DPM 2025 offers flexible and efficient data protection strategies, including the ability to exclude specific disks from backups in Hyper-V environments. This ensures that organizations can tailor their backup solutions to meet their specific needs.

Conclusion

The release of Windows Server 2025 and System Center 2025 represents a significant advancement in IT infrastructure management. With enhanced security, improved performance, and robust hybrid cloud capabilities, these new versions are set to empower organizations to achieve greater efficiency and agility in their operations. Whether you’re managing on-premises servers or hybrid cloud environments, Windows Server 2025 and System Center 2025 provide the tools and features needed to stay ahead in the ever-evolving world of IT.

For more detailed information, you can visit the official Microsoft blog.

Don’t forget Microsoft Ignite Global Event

Downloading Windows Server 2025 Insider Preview Build 26311

Microsoft has recently rolled out the latest Windows Server 2025 Insider Preview Build 26311, and it’s packed with enhancements that promise to elevate your server management experience. Let’s dive into the key features and security improvements that make this build a must-try for IT professionals and enthusiasts alike. Use this in test environment only until Windows Server 2025 is GA

Enhanced Security with Windows Defender Application Control (WDAC)

One of the standout features in this build is the Windows Defender Application Control for Business (WDAC). This software-based security layer significantly reduces the attack surface by enforcing a strict list of permitted software.

• With WDAC, administrators can apply a Microsoft-defined default policy via PowerShell cmdlets, ensuring only trusted applications run on their servers.
• This feature is powered by the OSconfig security configuration platform, which streamlines the process of maintaining a secure server environment.

Windows Server 2025 Security Baseline Preview

Security is further bolstered with the Windows Server 2025 Security Baseline Preview. This feature allows administrators to configure their servers with a recommended security posture right from the start

• With over 350 preconfigured Windows security settings, the Security Baseline Preview helps enforce best practices and industry standards
• This tailored security baseline can be applied to various server roles, including Domain Controllers, Member Servers, and Workgroup Members

Modern Identity Management and SMB Improvements

Windows Server 2025 also introduces modern, scalable identity management capabilities within Active Directory

These enhancements ensure robust security and streamlined management of user identities across the network. Additionally, Server Message Block (SMB) improvements, including SMB over QUIC, provide better protection against brute force attacks, spoofing, and relay attacks.

Feedback and Future Updates

Microsoft encourages users to provide feedback on this build through the new Feedback Hub app, which is now available for Server Desktop users
This app ensures that your insights and experiences help shape future updates and improvements.
You can join the Windows Server Insider Program here 

In conclusion, Windows Server 2025 Insider Preview Build 26311 brings a host of security enhancements and new features designed to provide a secure, efficient, and modern server management experience. Whether you’re an IT professional or a tech enthusiast, this build is worth exploring to stay ahead in the ever-evolving world of server technology.

Here you find what’s New in Microsoft Windows Server 2025 (Preview)

Windows Server 2025 Insider Preview Azure Arc enabled Server

The Azure Connected Machine agent receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:

• The latest releases
• Known issues
• Bug fixes

Here you find more information about each new release of the Azure Connected Machine Agent

Further more, keep also your Azure Arc enabled Extensions up-to-date for your Azure Hybrid Services.

Automatic extension upgrade supports the following extensions at this moment:

• Azure Monitor agent – Linux and Windows
• Log Analytics agent (OMS agent) – Linux only
• Dependency agent – Linux and Windows
• Azure Security agent – Linux and Windows
• Key Vault Extension – Linux only
• Azure Update Manager – Linux and Windows
• Azure Automation Hybrid Runbook Worker – Linux and Windows
• Azure extension for SQL Server – Linux and Windows

More extensions will be added over time. Extensions that do not support automatic extension upgrade today are still configured to enable automatic upgrades by default. This setting will have no effect until the extension publisher chooses to support automatic upgrades. So have a look at your manual upgrade extensions too!

Here you find more information about Azure Arc extensions for your Servers.

Update your Azure Arc enabled Server Extensions.

Some are not Automatic Upgraded by Default!

Updating the Azure Arc enabled Server Extensions.
Important Message:

Don’t forget Migrate to Azure Monitor Agent from Log Analytics agent

Updating the Azure Arc enabled Server Extensions Succeeded.

Keep your Azure components Up-to-date

CBL-Mariner Linux is a lightweight operating system, containing only the packages needed for a cloud environment. CBL-Mariner can be customized through custom packages and tools, to fit the requirements of your application. CBL-Mariner undergoes Azure validation tests, is compatible with Azure agents, and is built and tested by the Azure Edge & Platform to power various use cases, ranging from Azure services to powering IoT infrastructure. CBL-Mariner is the internally recommended Linux distribution for use with Microsoft cloud services and related products.

In the following steps we are going to install CBL-Mariner 2.0 on Hyper-V as a virtual Docker Container Host.
First you have to download CBL-Mariner 2.0 (Azure Linux) ISO here

Enable Secure Boot Template: Microsoft UEFI Certificate Authority

When you have made your Virtual Machine on Microsoft Hyper-V, you have to change the Security Boot Template from Microsoft Windows to Microsoft UEFI Certificate Authority and then you can boot from the ISO.

Select the Installation Experience
I used the Graphical Installer,
Select Next.

Default is the installation type: CBL-Mariner Core

I selected Installation type: CBL-Mariner Full

Read and Accept the CBL-Mariner Eula.

Here you can Partition your Storage.

 

Enter the Computer hostname and Create a User account.

Install Now.

Installing CBL-Mariner 2.0 on the VM.

And yes It’s fast

Login with your new created user account.

It’s a habbit of my to update always the OS before doing other installations, so in the next steps we are going to upgrade to the latest updates since the ISO is released. Then we are going to install Azure-CLI and Docker Host for Containers.

Type the Command: Sudo dnf upgrade

The OS is now asking a couple of times if it’s OK to install.

Installing of Packages to update the System.

Upgrade of CBL-Mariner 2.0 is Completed.

Installing Microsoft Azure-CLI on CBL-Mariner 2.0

The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script. Here you can find more about Microsoft Azure-CLI

 

First, we install the ca-certificates
then
we install Microsoft Azure-CLI 

       type Y if this is OK.

Azure-CLI is installed.

The Latest Microsoft Azure-CLI is running on your up-to-date CBL-Mariner VM.

Type command: cat /etc/os-release
and you can see the exact version of CBL-Mariner 2.0

Installing Docker Container host on CBL-Mariner 2.0

Docker provides the ability to package and run an application in a loosely isolated environment called a container. The isolation and security lets you run many containers simultaneously on a given host. Containers are lightweight and contain everything needed to run the application, so you don’t need to rely on what’s installed on the host. You can share containers while you work, and be sure that everyone you share with gets the same container that works in the same way.

Docker provides tooling and a platform to manage the lifecycle of your containers:

• Develop your application and its supporting components using containers.
• The container becomes the unit for distributing and testing your application.
• When you’re ready, deploy your application into your production environment, as a container or an orchestrated service. This works the same whether your production environment is a local data center, a cloud provider, or a hybrid of the two.

Now we are going to install the Docker Container host software on Microsoft CBL-Mariner 2.0 (Azure Linux):

Type Command: sudo tdnf install moby-engine moby-cli ca-certificates -y

Type command: sudo systemctl enable docker.service

Type command: sudo systemctl start docker.service
and then
type command: sudo systemctl status docker.service

Now you can pull or create your containers from here for example:
Type Command: docker run -it -d –name my_container ubuntu bash

Here I’m inside the Ubuntu Linux Container running on CBL-Mariner 2.0 with Docker Container Host.

Docker Container Ubuntu image.

More information about Microsoft CBL-Mariner 2.0 you can find here:

Microsoft CBL-Mariner 2.0 (Azure Linux) on Github

Microsoft CBL-Mariner 2.0 (Azure Linux) Security

Microsoft CBL-Mariner 2.0 (Azure Linux) Toolkit docs

Conclusion

Running Microsoft CBL-Mariner 2.0 (Azure Linux) on Azure Stack HCI Hyper-V Cluster or in Microsoft Azure Cloud can be very powerfull as a lightweight Linux operating system at the Edge. Now we did running Docker Container Host on CBL-Mariner 2.0 (AzureLinux) but you can also install Microsoft Azure Arc agent to use this Operating System in a Adaptive Cloud way for Azure Hybrid Management and security. Try it yourself first in your test lab and when you have build a great security by design solution, use it in production for your business.

Join Containers in the Cloud LinkedIn Community Group for Free

All the recordings of the Microsoft Windows Server Summit 2024 event sessions are available on YouTube.
You can watch them on demand here

Here are some highlights of the Windows Server Summit 2024 event which I picked out:

Full Stack Native NVMe Support

Container Flexibility

SMB in Windows and Windows Server 2025

The Intel Xeon Processor Designed for AI

You can Upgrade to Windows Server 2025 via Windows Update.

Windows Server 2025 Security.

Delegated Managed Service Account.

Hotpatching for Windows Server 2025

Watch The evolution of Windows Authentication by Ned Pyle

Don’t miss this Awesome Microsoft Windows Server Summit 2024 virtual event to get the latest and Greatest information powered by the Engineering team!

When: March 26-28, 2024. Mark your Calendar

Topic wise: it will be wide ranging covering all the new goodness of Windows Server 2025, on-prem and Hybrid scenarios, Azure Arc, Identity, Virtualization, SMB updates and more! 
Here you can find more information: Windows Server Summit 2024

Get started Today with Windows Server 2025 Insider Preview Build in your test environment!

Microsoft Windows Server 2025 Datacenter Insider Preview Build 26040

Microsoft released a new Windows Server Insider preview Build 26040 on January 26th and changed Windows Server vNext name into Microsoft Windows Server 2025!

So time to update my MVPLAB domain stack.local.

I’m updating my domain controller from build 26010 to 26040.

Before we can move further, we have to run adprep.

Run adprep from the new ISO on the Domain controller.
by Typing C and enter it will run.

Schema upgrade from 90 to 91

adprep /domainprep.

Adprep successfully updated.

After this click on refresh in the Windows Server Setup if you have this still open.

 

I want to keep my files, settings and apps on my domain controller.
Click on Install

Installing Windows Server 2025 Insider Preview Build 26040

Don’t turn off your machine.

Microsoft Windows Server 2025 Datacenter Insider Preview Build 26040
is running as my Domain Controller.

Don’t forget the last updates.

Running Schema object version 91.

Here you can find more information about Windows Server 2025 Insider Preview Build 26040

Follow Jeff Woolsey on X (Twitter) here

Follow Ned Pyle on X (Twitter) here

Get started by joining Windows Server Insider program

Make your Windows Servers Hybrid with Microsoft Azure Arc
for more Hybrid IT management Benefits