Windows Server 2025 is Microsoft's most significant server release in several years. It builds on the foundation of Windows Server 2022 while introducing hotpatching, enhanced security defaults, Azure Arc integration improvements, and meaningful changes to Active Directory and Storage Spaces Direct. If you are planning upgrades or managing new deployments, understanding what is actually new helps you justify the upgrade and take advantage of the improvements.
Hotpatching
Hotpatching is the headline feature of Windows Server 2025. It allows security patches to be applied to running processes without requiring a server reboot. Microsoft delivers hotpatch-eligible updates in a quarterly cycle: January, April, July, and October are baseline months that require a reboot; the two months following each baseline are hotpatch months that update code in memory without rebooting.
Hotpatching is available on Windows Server 2025 Datacenter: Azure Edition (cloud) and — new in 2025 — also on on-premises installations when managed through Azure Arc. For workloads where reboots cause service interruption, this significantly reduces planned maintenance windows.
# Check if hotpatching is enabled on Azure Arc-managed server
Get-HotpatchStateEnhanced Security Defaults
Windows Server 2025 ships with significantly tighter security defaults out of the box:
- SMB signing required by default: All SMB connections must be signed, blocking relay attacks. This was optional in Server 2022 but is now enforced. Applications relying on unsigned SMB connections will need updating.
- SMB over QUIC: Now available on Standard edition (previously Datacenter only). SMB over QUIC tunnels file shares over UDP port 443, enabling secure SMB access without VPN — particularly useful for remote workers.
- TLS 1.3 by default: TLS 1.0 and 1.1 are disabled by default. Applications still requiring these protocols will need remediation.
- Credential Guard enabled by default: On domain-joined machines, Credential Guard is active without manual configuration, protecting NTLM hashes and Kerberos tickets from extraction.
Active Directory Changes
Windows Server 2025 introduces a new Active Directory functional level. New capabilities at this level include:
- Support for 32,000 members in LDAP queries (up from 1,500 in previous levels — a long-standing pain point for large group management)
- Improved Kerberos support including channel binding enabled by default
- New Distinguished Name (DN) attributes for finer-grained delegation
Raise the domain and forest functional level after all domain controllers are running Server 2025:
Set-ADDomainMode -Identity corp.local -DomainMode Windows2025Domain
Set-ADForestMode -Identity corp.local -ForestMode Windows2025ForestStorage Spaces Direct Improvements
Storage Spaces Direct (S2D) in Server 2025 adds support for NVMe-oF (NVMe over Fabrics) as a storage transport, significantly improving throughput for high-performance hyper-converged workloads. Deduplication and compression are now supported simultaneously on the same volume — previously only one could be active — reducing storage requirements for mixed workloads.
GPU Partitioning
GPU Partitioning (GPU-P) allows a single physical GPU to be divided across multiple Hyper-V virtual machines. This is valuable for VDI (Virtual Desktop Infrastructure) workloads where users need hardware-accelerated graphics — previously requiring whole-GPU passthrough or expensive vGPU licensing from GPU vendors. GPU-P is built into the hypervisor at no additional licensing cost.
# List GPU partition adapters
Get-VMHostPartitionableGpu
# Assign a GPU partition to a VM
Add-VMGpuPartitionAdapter -VMName "VDI-Template"Improved Windows Admin Center Integration
Server 2025 ships with tighter native Windows Admin Center integration, including the ability to manage the server through WAC without a separate WAC installation in some scenarios. The Azure Arc integration improvements mean that servers enrolled in Arc get cloud-based monitoring, update management, and security recommendations without additional agent installation beyond the Arc agent itself.
Wi-Fi Adapter Support in Server Core
A small but useful addition: Windows Server 2025 Server Core now includes Wi-Fi adapter drivers and the wpa_supplicant-equivalent tooling for wireless network configuration. This matters for edge computing scenarios where servers are deployed in locations without wired infrastructure.
Should You Upgrade?
For new deployments, Windows Server 2025 is the obvious choice — start with the current release. For existing Server 2019 and 2022 environments, the upgrade case is strongest for environments that would benefit from hotpatching (high-uptime services), organisations already in the Azure Arc ecosystem, and hyperconverged S2D clusters where the new storage features provide measurable benefit. SMB signing enforcement is the compatibility concern most likely to cause short-term friction — audit your environment for unsigned SMB connections before upgrading.