Coordinated industry effort across the server ecosystem

Microsoft has worked closely with the server ecosystem partners to make this transition as smooth as possible:

• Many newer server hardware and virtual machine versions built since 2024, and almost all released in 2025 are already preconfigured with the 2023 Secure Boot certificates.
• Device manufacturer and firmware partners have collaborated with Microsoft to provide supported upgrade paths for existing deployments that currently use 2011 certificates.
• Microsoft and OEMs are working together to provide holistic guidance and help customers plan and execute the update safely across diverse environments.

This coordinated effort is designed to minimize operational risk while helping to preserve the high security standards expected of modern server platforms.

Please see the Windows Blog post, “Refreshing the root of trust: industry collaboration on Secure Boot certificate updates”, to understand how Microsoft collaborated with device manufacturers and firmware partners to support an efficient and safe deployment.

Because Windows Server instances do not receive the 2023 Secure Boot certificates through Controlled Feature Rollout (CFR)—unlike Windows PCs—IT administrators must take action on servers that are in scope. As part of standard maintenance, administrators should first ensure their servers are fully up to date by installing the latest cumulative updates. They must then manually initiate the Secure Boot certificate update on Windows Server systems that have Secure Boot enabled and did not ship from the manufacturer with the 2023 Secure Boot certificates or have not otherwise been updated to include them.

Windows Server administrators call to action

Review the available methods to update Secure Boot certificates on Windows Server and plan your environment refresh well before the June 2026 expiration. Start by reviewing the official step‑by‑step guidance designed specifically for IT professionals managing server environments, which can be found here.

Microsoft has also hosted Secure Boot Ask Microsoft Anything (AMA) sessions in December 2025 and February 2026, providing deep technical context and direct answers to common questions around certificate expiration and updates. If you missed these sessions, recordings are available on demand.

If you have questions, you can join our upcoming Secure Boot AMAs in March and April and follow Windows Events on the Microsoft Tech Community to be apprised of future events. The next event is the “Secure Boot certificate updates explained – Microsoft Technical Takeoff”.

For ongoing updates, resources, and centralized guidance, bookmark the Windows Secure Boot certificate updates page. This page serves as your one‑stop resource to help understand, prepare, plan, and execute Secure Boot certificate updates on your Windows Server environment.

The post Prepare your servers for Secure Boot certificate updates appeared first on Microsoft Windows Server Blog.

1. Unpatched vulnerabilities

Unpatched vulnerabilities are known security flaws in software that have not been remediated. Like any critical infrastructure, Active Directory Domain Services relies on the security of the system on which it runs. When vulnerabilities exist in the operating system or supporting components, attackers may exploit those gaps to gain initial access or escalate privileges.

According to the 2025 Verizon DBIR, exploitation of known vulnerabilities accounts for roughly 20% of breaches and is up around34% year over year. These attacks don’t target AD DS because it’s weak—they target environments that fail to apply available fixes. Timely patching is essential to protect against attackers who take advantage of systems left unpatched.

Detection:

• Use Microsoft Defender Vulnerability Management for real-time visibility.
• Defender for Endpoint validates risk reduction.
• Configuration Manager (SCCM) deploys updates and monitors compliance.

Recommendations:

• Automate and enforce timely patch deployment using Azure Update Manager or SCCM.
• Use Microsoft Defender Vulnerability management to prioritize patching based on exploitability and asset exposure.
• Apply Windows Server 2025 OSConfig security baselines to domain controllers.

Once attackers gain an initial foothold—often through unpatched systems—they look for ways to move laterally and escalate privileges. One common technique is authentication relay attack.

2. Authentication relay attacks

Authentication relay attacks (a form of man-in-the-middle) allow adversaries to impersonate users by forwarding legitimate login requests, often exploiting NTLM and sometimes Kerberos. These attacks exploit legitimate authentication flows, enabling lateral movement, data theft, and full domain compromise.

Detection:

• Defender for Identity alerts on suspicious authentication patterns, lateral movement, and NTLM relay attempts.
• Monitor Windows Event Logs for failed logons and unusual authentication attempts.

Recommendations:

• Deprecate and disable NTLM wherever possible.
• Enforce SMB signing and LDAP channel binding. In Windows Server 2025, this is enabled by default.
• Use Extended Protection for Authentication (EPA).
• Implement Just-In-Time (JIT) access and MFA for sensitive resources, and use Privileged Identity Management (PIM) to enforce JIT and MFA.

After establishing a presence, attackers often pivot to techniques that target service accounts, which contain service tickets. Kerberoasting is a prime example, leveraging legitimate Kerberos functionality to extract and crack service tickets.

3. Kerberoasting

Kerberoasting targets service accounts by requesting Kerberos service tickets and performing offline brute-force attacks to recover passwords. Because the attack uses legitimate Kerberos functionality, it often goes undetected. And since many service accounts use weak or non-expiring passwords, they are especially vulnerable. The attack does not require elevated privileges to initiate and leaves minimal traces in logs. If successful, it can serve as a stepping stone to full domain compromise.

Detection:

• Check for ticket requests with unusual Kerberos encryption types in the events in Microsoft Defender XDR.
• Check for alerts from Microsoft Defender XDR, which will raise an alert with an external ID 2410 for suspected Kerberos SPN exposure.
• Use Defender for Identity to detect suspicious ticket requests.

For more information on how to detect Kerberoasting, see Microsoft Security Blog – Kerberoasting.

Recommendations:

• Migrate service accounts to Group Managed Service Accounts (gMSA).
• Disable RC4 encryption for Kerberos. Starting WS2025, RC4 will be disabled by default.
• Regularly audit and remove unused SPNs.
• Enforce security baselines for Windows Server 2025.

The success of Kerberoasting and similar attacks is amplified when accounts are over-permissioned or misconfigured. Excessive privileges can create shortcuts for attackers to escalate access and compromise critical assets.

4. Excessive privileges & account misconfigurations

Excessive privileges and misconfigurations occur when accounts have more permissions than necessary, often due to legacy setups or poor access control. Overprivileged accounts are prime targets for attackers. If compromised, they can be used to disable security tools, access sensitive data, or take control of the domain. These risks are amplified in hybrid environments where on-prem and cloud permissions intersect. A single misconfigured account can serve as a bridge between environments, expanding the blast radius of an attack.

Detection:

• Defender for Identity flags risky settings and maps lateral movement paths.
• Use Active Directory Administrative Center to review group memberships and delegated permissions using Active Directory tools.

Recommendations:

• Apply least privilege principles.
• Use JIT access and MFA for admin tasks.
• Implement Microsoft’s Tiered Administration model.
• Audit and clean up legacy permissions.

Beyond misconfigurations, legacy features like unconstrained delegation introduce additional risk. If left in place, they can allow attackers to impersonate users and access sensitive resources without detection.

5. Unconstrained delegation

Unconstrained delegation is a legacy Kerberos feature that lets services impersonate any user, posing serious risks if compromised. When enabled, a user’s TGT is stored in memory and reused, posing serious risks. Because the TGT is valid across the domain, if compromised, attackers can extract TGTs to impersonate users and access any Kerberos-protected service, including domain admins.

Detection:

• Use PowerShell to find systems with unconstrained delegation.
• Defender for Identity identifies risky configurations.

Recommendations:

• Deploy Credential Guard on endpoints.
• Add high-risk accounts to the “Protected Users” group.
• Mark privileged accounts as “sensitive and cannot be delegated.”
• Remove support for unconstrained delegation.

Once attackers achieve high privilege, they often seek persistence. Golden Ticket attacks represent the ultimate escalation—granting attackers the ability to forge Kerberos tickets and maintain control indefinitely.

6. Golden Ticket attack

Golden Ticket attacks use a stolen KRBTGT account key to forge Kerberos tickets, granting unrestricted domain access. If this key is compromised, the environment is already seriously breached. Prevention centers on blocking key theft and quickly detecting forged tickets.

This attack is especially dangerous because it bypasses standard authentication and enables persistent, stealthy domain access. Attackers often pair it with methods like DCSync or credential dumping to steal the KRBTGT hash.

Detection:

• Defender for Identity provides real-time alerts for Golden Ticket usage, DCSync/DCShadow attacks, and unusual Kerberos activity.
• Enable Kerberos audit logging on all domain controllers.

Recommendations:

• Rotate the KRBTGT password at least every 180 days (reset twice to fully invalidate tickets).
• Enable LSA Protection on domain controllers.
• Remove non-admin accounts with DCSync permissions.
• Implement tiered administration and least privilege to limit replication rights and administrative access.

Upgrade your cybersecurity with Microsoft

Active Directory Domain Services is central to enterprise identity and access management, making it a frequent focus for cyberattacks. Proactive detection and remediation are essential to reduce risk. If you suspect a compromise, rapid containment is critical. Microsoft Incident Response can help before, during, and after a cybersecurity incident. To learn more, visit Upgrade proactive and Reactive defenses with Microsoft Incident Response.

By applying the detection methods and remediation steps outlined above, organizations can significantly reduce their attack surface. Microsoft’s security tools—Defender for Identity, Defender Vulnerability Management, Sentinel, and Privileged Identity Management—provide the analytics and controls needed to help stay ahead of evolving threats.

The post Microsoft’s guidance to help mitigate critical threats to Active Directory Domain Services in 2025 appeared first on Microsoft Windows Server Blog.

Last November, our most innovative, secure, and performant release to date was made generally available: Windows Server 2025. Incorporating input and feedback from customers, our Windows Server engineering team delivered a release that can enable customers to safeguard their data and infrastructure, handle their most demanding workloads, and help enhance their operational flexibility and connectivity, all with advanced security, cloud agility, and improved performance. As we continue to build and innovate, our team looks forward to engaging and learning from you at every opportunity to help ensure Windows Server continues to enable customers to accelerate innovation in their businesses.

As we reflect on over 30 years of innovation and our most recent release, we are thrilled to invite you to the Windows Server Summit 2025, held on April 29th and 30th on Microsoft Tech Community. This is a premier event for Windows Server professionals eager to stay involved and ahead of the curve. This year’s summit features a lineup of sessions designed to provide deep insight into the latest innovations and best practices in Microsoft Windows Server and Azure.

How to sign up

This event does not require registration, but you should be a member of Microsoft Tech Community to join us live and ask questions via chat during the sessions. We have tons of great content spanning two days, April 29—30th, each day starting at 7 AM PST. Visit this page for details on how to join and add the event to your calendar

Microsoft Tech Community

Meet the experts

You will have the opportunity to meet Windows Server engineering leaders, including Ian LeGrow, CVP PM. Ian leads the Operating Systems Division product management team, responsible for Windows Server and all Windows-based OS at Microsoft. Throughout the event, product managers will share how they have taken your feedback to deliver improved features and one of our most innovative and secure releases of Windows Server yet. They will also provide an exclusive look behind the scenes at what’s coming next in Windows Server, Azure, and hybrid cloud innovations.

Session highlights

After the keynote, you can listen or watch all the way through or pick and choose from mostly 30-minute sessions according to your interests. Here is a small sample of the sessions we have planned:

• Upgrades made easy with Windows Server 2025: Discover why Windows Server 2025 is the easiest version to upgrade ever. Join Rob Hindman and Jeff Woolsey as they delve into media upgrades and feature updates.
• Securing Active Directory: Join Active Directory Program Manager Cliff Fisher for a deep dive into new security features, policies, and defaults for Windows Server 2025. Learn about the new Windows Local Administrator Password Solution (LAPS) features, Delegated Managed Service Accounts, and more.
• Windows Server Hyper-V Architecture, features, GPUs, and more! Explore the new GPU partitioning innovation in Windows Server 2025 Hyper-V. This session will cover use cases and hardware considerations.
• Modernize server management and connectivity with Azure Arc: Connect Windows Servers across hybrid, multicloud, and edge environments to Azure. This session will showcase connectivity options and highlight Azure capabilities focused on SCCM modernization.
• What’s next for advanced storage: Discover the major improvements to storage in Windows Server 2025 and get a sneak peek at innovations like Native NVMe (nonvolatile memory express) and rack-aware clustering.
• Fine-tuned host networking for Windows Server 2025: Transform your network setup and management for Windows Server 2025 clusters with Network ATC and Network HUD. Learn how to achieve peak network performance for your workloads with AccelNet.
• SDN magic—Windows Server 2025 innovations: Uncover the power of software-defined networking on Windows Server 2025, including effortless deployments with native SDN (Software-defined networking) and enhanced security posture for your applications.
• Harden security and build resiliency with Windows Server 2025: Stay up-to-date with the latest security features and best practices for securing Windows Server. Learn about Microsoft Defender for Cloud and more.
• Hotpatching and update management for Windows Server with Azure Arc: Learn about the popular new hotpatching feature in Windows Server 2025 and watch demos on managing updates with Azure Arc.
• The Support Case Files—Windows Server troubleshooting tips: Join our Windows Server support engineers as they break down your most requested support cases.
• From on-premises to cloud with Azure File Sync: Learn how to use Azure File Sync to employ hybrid topologies and migrate seamlessly from on-premises to cloud.

Don’t miss out!

Windows Server Summit is a special virtual event with a community-driven, educational focus, and Microsoft engineers as featured speakers. While most of the sessions are advanced and assume good Windows Server experience, you will get something out of this event, whether you are a seasoned IT professional or just starting your journey. We hope you will join us live so you can participate in the Q&A, but if you cannot, sessions will be available on demand a few days after the event. Sign up now and join us for two days of learning together.

Microsoft Windows Server

Protect, adapt, and innovate with Windows Server

Try today

The post Join us at Windows Server Summit 2025 and learn more about our latest innovations! appeared first on Microsoft Windows Server Blog.

System Center 2025 and Windows Server 2025 are releasing concurrently, enabling you to start leveraging the latest Windows Server, along with the tools to manage the servers.

About System Center

Managing datacenters is complicated, requiring coordination between multiple teams and tools. System Center provides a unified, simplified solution. System Center is a comprehensive suite of management tools designed to help IT administrators oversee their data centers and IT environments. With tools for orchestrating workflows, managing configurations, and monitoring infrastructure, System Center simplifies the deployment, configuration, operation, and monitoring of infrastructure and virtualized software-defined data centers with a single license. System Center supports a wide range of platforms and environments, making it a versatile solution for organizations with diverse IT landscapes.  

As your datacenter evolves, so do our solutions. Building on the foundation of System Center 2022, this release introduces exciting new capabilities that significantly enhance IT infrastructure management agility and performance.  

System Center 2025 and Windows Server 2025 are releasing concurrently, enabling you to begin leveraging the latest Windows Server features, along with the tools to manage the servers, immediately.  

Let’s dive into what’s new in System Center 2025 and the impact of these updates on users.

Secure by design

With the threat of sophisticated cyberattacks on the rise, investing in security is paramount for all organizations. Powerful security in the datacenter is crucial to protect sensitive data, maintain operational integrity, and defend against bad actors. Microsoft is dedicated to both setting and upholding the highest standards in data privacy and security for our customers, and System Center 2025 delivers on this continued commitment to comprehensive security. 

New capabilities introduced in this release further enhance System Center’s security offerings, including:

• A reduction in the number of scenarios that use Credential Security Support Provider protocol (CredSSP) and NTLM as authentication mechanisms, enhancing the security posture for Windows Servers. 
• TLS 1.3 support to ensure that data transmissions are protected by the most advanced security standards available. 
• Enhanced data security developments on Microsoft Azure to securely store passphrases and apply them to your on-premises environments. 
• Flexibility and efficiency in data protection strategies with features like virtual TPM (vTPM) support and the ability to exclude specific disks from backups in Hyper-V environments. This optimizes the backup process and improves overall system performance. 

With the introduction of these security-focused features, System Center 2025 takes significant steps to further safeguard IT environments. 

Seamless heterogenous infrastructure and workload management

System Center 2025 offers a range of enhancements to streamline the management of heterogeneous infrastructure, ensuring seamless control and improved efficiency. Like a Swiss Army Knife for IT management, System Center consists of a suite of components—System Center Operations Manager, System Center Virtual Machine Manager, System Center Data Protection Manager, and System Center Orchestrator—that work together to provide IT professionals with a unified operational experience.

Newly included in this release are:

• Support for managing Azure Stack HCI 23H2 clusters with Virtual Machine Manager 2025, providing unified control of heterogeneous infrastructure through a single management plane. Monitoring to be added soon with updated management pack for Operations Manager.
• Support for the latest versions of Linux distributions, enabling comprehensive handling of both Windows and Linux environments.
• Data Protection Manager 2025 integrates seamlessly with SharePoint Subscription Edition, providing comprehensive backup solutions for enterprise applications and systems.  

System Center 2025 further improves the management of diverse infrastructures, offering IT professionals a simplified and optimized operational experience.

Tame IT sprawl and modernize complex environments

IT sprawl is a common challenge encountered by many organizations, leading to disorganization, hidden costs, and reduced competency. System Center provides a comprehensive solution to these pain points, allowing IT teams to combat these issues by enhancing operational efficiency and reducing infrastructure complexity so they can focus on optimizing, securing, and innovating.

Features available in System Center 2025 that enable infrastructure modernization include:

• System Center 2025 supports the latest Arc-enabled capabilities of Windows Server 2025, including Hotpatching for Arc-enabled Virtual Machine Manager managed VMs, and provides lifecycle operations for Virtual Machine Manager managed VMs hosted in customers’ datacenters. 
• With Azure Arc-enabled management, System Center 2025 users have the flexibility to simplify their experience, allowing them to migrate to the cloud at their own pace while ensuring optimal resource utilization.

System Center 2025 modernizes the datacenter by enhancing operational efficiency, reducing infrastructure complexity, and streamlining processes.

Get started with Microsoft System Center 2025

System Center 2025 is more than just an upgrade; it’s a comprehensive solution that addresses the evolving needs of modern IT environments. With elevated security, advanced cloud capabilities, and user-centric innovations, System Center 2025 delivers a seamless deployment experience, enabling organizations to efficiently and securely manage their infrastructure and virtualized software-defined datacenters.

With System Center 2025, you can stay in control of your IT estate, whether on-premises, in the cloud, or across platforms.

Ready to upgrade or to get started with System Center? Explore the resources below to learn more about this release. 

• Visit the System Center product site to learn more.
• Go to the Evaluation Center for a free trial of System Center 2025.
• Learn about Windows Server 2025, now generally available.

The post Microsoft System Center 2025 is now generally available appeared first on Microsoft Windows Server Blog.

Would you like to avoid spending your weekends patching servers? The new Hotpatch feature in Windows Server 2022 Datacenter: Azure Edition addresses this pain point—it can reduce many IT teams’ headaches including reboot failures and coordinating multitier workloads. It increases productivity and end-user uptime and can reduce the vulnerability window that would result if an update is delayed.

To demonstrate how Hotpatching works, we’ve brought in an example from our very own Xbox team. In this article you’ll learn how Microsoft has been using Hotpatch with Windows Server 2022 Azure Edition to substantially reduce downtime for SQL Server databases running on Windows Server Azure virtual machines on an important set of backend services for the Xbox network.

Windows Server 2022

Run business critical workloads in Azure, on-premises and at the edge.

Discover more

What is Hotpatch?

Hotpatch for Windows Server 2022 Datacenter: Azure Edition allows you to apply every month’s “patch Tuesday” security updates, but does not require the server operating system to restart two out of three months.

While Hotpatch has been available on the Server Core option of Windows Server 2022 Azure Edition for some time, it has just become available in summer 2023 for the more widely used Desktop Experience option. You can see a demo of it in this on-demand session from Ignite.

Here’s what’s great about it:

• Higher availability and fewer restarts.
• Faster deployment of updates because the packages are smaller, install faster, and have easier patch orchestration using Azure Update Management.
• Better protection because the Hotpatch update packages are scoped to Windows security updates that install faster without restarting.

 When you enable Hotpatch, a baseline Cumulative Update is applied to the server. This update does require a reboot. After this point, your team can update easily, with fewer restarts, which can greatly reduce any vulnerability window. Check out this release documentation for details on the Hotpatch calendar.

How the Xbox network team uses Hotpatch

The Xbox network relies on several critical backend services hosted in SQL Server databases running on Windows Server Azure virtual machines. There are 18 different services hosted in this manner, with some services handled by two SQL Servers and others up to 120 SQL Servers. Some of these workloads have been in production for 15 years.

Of course, when you’re running backend services for a group of passionate gamers like Xbox network customers, it’s imperative to patch and restore services with as little downtime as possible.

Approximately 1,000 servers hosting these services started their journey on physical hardware when the services were first deployed, and more than 15 years later, through a process of rolling upgrades and migration, are now running in Azure hosted as infrastructure as a service (IaaS) Virtual Machines (VMs). According to senior service engineer Tim Dreyling, the team has found it “magnitudes easier to manage Windows Server on Azure VMs, over relying on data center support to address ‘machine’ issues.”

After migrating the backend Xbox network services from the earlier version of Windows Server 2022 Azure Edition to the version that supported Hotpatch, the team that supported these specific backend services went from an update cycle every month that could take weeks of careful orchestration to being able to apply Hotpatch updates across a fleet of nearly 1,000 servers in less than 48 hours two months out of every three.

“As a database administrator (DBA) this is the biggest thing to increase our service reliability and uptime since SQL Server Availability Groups were introduced with SQL Server 2012,” says Tim.

Hotpatch with Windows Server 2022 Datacenter Azure Edition isn’t just used with SQL Server with Xbox network backend services, but is also used on IaaS VMs running Active Directory DS Domain Controllers and VMs hosting web services roles.

While your services might not have the complexity and scale of the Xbox network, we think you’ll quickly see the Hotpatch advantage of minimizing reboot downtimes while ensuring the services you host are reliable, protected, and available.

Hotpatch is currently available on Azure Edition (see below for details), but the team has more innovations in the works, and many ways to access cloud innovation in your hybrid cloud environment by connecting your servers to Azure Arc.

In case you weren’t able to join us at Ignite, you can watch two Windows Server-focused sessions on-demand. These talks cover Hotpatching and the Xbox example discussed above, along with a number of new and upcoming features for our Windows Server and SQL Server customers:

1. Do More with Windows Server and SQL Server on Azure—Bob Ward, Principal Architect in the Azure Data team, and Jeff Woolsey Principal PM Manager in Windows Server, do a quick-fire session with descriptions of the latest innovations across these technologies.
2. What’s New in Windows Server v.Next—Elden Christensen, Principal Group PM Manager, joins Jeff Woolsey to explain and demo the features that our engineering team is working on for the next Windows Server.

If you’re interested in being hands-on and trying what’s coming next for Windows Server, you can get early access to the latest features in the works by joining the Windows Insider program.

Learn more about Windows Server and Hotpatch

• Try the latest versions of SQL Server and Windows Server 2022 on Azure.
• You can find out more about Hotpatch for Windows Server 2022 Datacenter: Azure Edition in the documentation and in this blog post.
• Download the image here to get the new edition with Hotpatch (Azure account required).

The post How Hotpatching on Windows Server is changing the game for Xbox appeared first on Microsoft Windows Server Blog.

However, as many organizations like yours are eager to innovate with AI for various use cases, it is also very important, if not more, to have a solid IT foundation that can support that ambitious AI vision—from a cost, performance, and security perspective. The last thing companies want is to make a big investment in AI and machine learning initiatives too soon, without the bandwidth, guardrails, or necessary performance in place to support it.

At the heart of your IT estate lies strategic investments you have in business-critical workloads like Windows Server and SQL Server that are and have been the foundation of many organizations for more than 30 years now. The question then becomes—how do you modernize these foundational technologies to make you ready to leverage the full power of AI, that will allow you to adopt AI in a secure, responsible way and gain an edge over the competition?

Catch up on sessions from Microsoft Ignite

Whether you missed some of the sessions at Ignite or just want a recap of all things Windows Server and SQL Server, we’ve got you covered. In this blog, we’re going to showcase the main Ignite sessions for Windows Server and SQL Server, where we had various announcements, demos, and customer testimonials.

Windows Server

What’s New in Windows Server v.Next: In this session, we provide a preview of what’s coming next for Windows Server, a platform that enables IT professionals and developers to modernize their applications and enable hybrid use cases. The topics covered were Active Directory, File Server, Storage, Hyper-V, Security, and more.

Do more with Windows Server and SQL Server on Azure: This session highlights how you can reap more technical and business benefits by running Windows Server and SQL Server on Microsoft Azure. You’ll learn how Azure provides optimal cost benefits, performance, and security for these workloads. Get tips and demos on how to extend Azure innovations to your hybrid and multi-cloud environments with Azure Arc.

Migrate to Innovate: Be AI-ready, secure, and optimize operations: This is an immersive session for IT practitioners on how to migrate to Azure. We highlighted practical steps, demos, and guidance on how migrating to Azure can accelerate the impact of AI in your organization. We then highlighted how you can enhance security and optimize operations once in the cloud and take the first step into Azure with Azure Migrate.

Learn Live: Upgrade and migrate Windows Server IaaS virtual machines: In this online session, you can learn to migrate a workload running in Windows Server to an infrastructure as a service (IaaS) virtual machine and to Windows Server 2022 by using Windows Server migration tools or the Storage Migration Service.

SQL Server

Get superior price and performance with Azure cloud-scale databases: In this session, you can learn how to improve performance with the latest capabilities for Azure SQL Databases, Azure Database for PostgreSQL, and SQL Server enabled by Azure Arc for hybrid and multi-cloud. You’ll learn how customers enabled ongoing innovation by migrating to Azure Database for MySQL. This session will cover tactical ways to get the most from your applications with the databases that are easy to use, deliver unmatched price and performance, support open-source, and enable transformative AI technologies.

Accelerate your SQL migration with Azure Data Migration Service: In this demo, you’ll see how the new Azure Data Migration Service along with Azure Migrate can accelerate your SQL modernization journey. We will showcase Azure Data Migration Service streamlined capabilities for readiness assessment, SKU recommendations based on workload rightsizing, and online and offline data migration across Portal, Azure Data Studio, PowerShell, and command-line interface (CLI) experiences that you need for your SQL Server migration journey to Azure from on-premises.

Migrate to innovate: Modernize your data on Azure SQL Managed Instance: In this session, you can watch new performance enhancements in action and experience the ease of online migration to Azure SQL Managed Instance using the link feature. See how you can continue to modernize on Azure through Microsoft Fabric integration and connections to other Azure services.

Bring enhanced manageability to SQL Server anywhere with Azure Arc: Join this discussion to discover how connecting your SQL Servers to Azure can enhance your management, security, and governance capabilities with live demos. SQL Server enabled by Azure Arc is a hybrid cloud solution that allows you to manage, secure, and govern your SQL Server estate running anywhere from Azure. Our experts will also explore different options for deploying Azure Arc to your SQL Servers at scale.

Next steps to modernize Windows Server and SQL Server

Ready to take the next step in modernizing your Windows Server and SQL Server? Here are some quick resources to get started:

1. Upgrade to the latest versions of Windows Server to take advantage of the latest capabilities. Learn more about Windows Server 2022 and SQL Server 2022.
2. Looking to migrate to Azure? Take the first step with Azure Migrate and Modernize, our offering that has programs, offers, support, free tooling, and expert guidance to confidently migrate to Azure.
3. Join the discussion on our Windows Server Tech Community and SQL Server Tech Community.

¹ ITProToday, Microsoft Ignite 2023 Envisions AI as an Everyday Reality, November 16, 2023.

The post Windows Server and SQL Server at Microsoft Ignite 2023 appeared first on Microsoft Windows Server Blog.

Modernize with PaaS or upgrade to a newer version in Azure

Modernization provides organizations with a more future-proof solution by using a cloud-first approach or updating to a newer version. One modernization option is moving to platform-as-a-service (PaaS) solutions such as Azure SQL Managed Instance or Azure App Service. By modernizing workloads to a PaaS solution, customers can fully offload management and patching tasks in the cloud. This helps teams stay up-to-date, avoid future end-of-support dates, and focus on delivering innovative apps and experiences for their businesses.

Alternatively, customers can migrate and upgrade their Windows Server 2012/R2 with Azure Migrate, our free tool for discovery, assessment, and migration of workloads to Azure. With this feature, organizations can now elect to move their legacy applications and databases to a fully supported, compatible, and compliant operating system. This includes our latest release in Windows Server 2022, which provides organizations with advanced multi-layer security, hybrid capabilities with Azure, and a flexible platform to modernize applications. Learn more about this feature of Azure Migrate.

Migrate to Azure for free Extended Security Updates

If organizations are not able to modernize Windows Server 2012/R2 in time, they can use Extended Security Updates (ESUs), which provide security patches for up to three years past the end of support date.

When organizations migrate end-of-support workloads to Azure, they get free Extended Security Updates. This includes options such as Azure Virtual Machines, Azure Dedicated Host, Azure VMware Solution, and Azure Stack HCI. Combining this with Azure Hybrid Benefit and consumption models such as reserved instances or savings plan for compute allows even more savings in Azure for Windows Server and SQL Server.  

Organizations can get in-depth resources to help them start their cloud journey on Azure with Azure Migrate and Modernize & Azure Innovate—our new offerings that provide end-to-end support from migration and modernization to infusing the latest innovation in analytics and AI. 

Stay protected in hybrid and multicloud environments with ESUs enabled by Azure Arc

For organizations who aren’t able to modernize or migrate prior to the Windows Server 2012/R2 end of support date this October, they can protect their hybrid and multicloud workloads with ESUs enabled by Azure Arc. Here are the key benefits:

• Monthly pay-as-you-go: Activate and enroll from Azure to pay for security updates on a monthly basis, giving organizations more flexibility to migrate and modernize to Azure on their terms.  
• Seamless delivery: The enrollment of Extended Security Updates on Azure Arc-enabled machines does not require the acquisition or activation of keys. Moreover, customers have the flexibility to use Azure Update Manager or another patching solution of their choice to receive the actual patches.
• Organize and inventory your assets: Gain visibility and reporting across servers spanning your hybrid, multicloud, and edge infrastructure. 
• Security and compliance: Extend Azure security and governance services such as Microsoft Defender for Cloud and Microsoft Sentinel to further secure their infrastructure from cloud to edge and stay compliant with supported software. ESUs enabled by Azure Arc also gives free access to Azure Update Manager, Machine Configuration, and Change Tracking and Inventory for further automation and easier delivery of patches.

Connect to Azure Arc today to get started with ESUs enabled by Azure Arc or learn more here.

Prepare for other end of support dates

As organizations continually modernize their estate, there are several other end of support dates to keep in mind for Windows Server and SQL Server customers:

• Upgrade Windows Server 2008 virtual machines (VMs) in Azure. If you are running Windows Server 2008 virtual machines in Azure, the fourth and final year of ESUs end on Jan 9^th, 2024. After this date, no more security patches will be provided to virtual machines running this version. Organizations should plan to upgrade to the latest version to run these workloads securely and compliantly. Learn more about how to perform in-place upgrades for Windows Server.

• Prepare for SQL Server 2014 end of support. Many Windows Server customers often run SQL Server for their databases, which also has some end of support dates to be aware of. SQL Server 2012 reached end of support on July 12^th, 2022, and the upcoming end of support deadline is for SQL Server 2014, which reaches end of support on July 9^th, 2024. Organizations have the same three options outlined above to protect SQL Server 2014 workloads.

See the lifecycle of products supported with Extended Security Updates here.

Start modernizing for end of support

Here are a few key resources to learn more so you can be prepared for current and future end of support scenarios: 

• Learn more about your options for Windows Server and SQL Server end of support. 
• Learn more about Extended Security Updates on our Frequently Asked Questions (FAQ) page and the documentation.
• Learn more about running Windows Server on Azure.
• Watch our latest webinar to learn more about how you can secure your IT foundation to be AI-ready.
• Protect beyond Extended Security Updates by enhancing security with Microsoft Defender for Cloud—a comprehensive and unified cloud-native security solution to protect hybrid and multicloud environments from code to cloud.   

The post Secure Windows Server 2012/R2 workloads with options from Azure appeared first on Microsoft Windows Server Blog.

Options to stay protected for Windows Server 2012/R2 end of support 

As new features and functionality light up the latest versions of our server offerings such as Windows Server 2022 and SQL Server 2022, we want to remind organizations that support for Windows Server 2012/R2 is coming to an end on October 10, 2023. After the end of support date, Windows Server 2012/R2 workloads will be vulnerable as they will no longer receive regular security updates. Organizations can remain protected by:

1. Modernizing to a PaaS platform such as Azure SQL Managed Instance or Azure App Service to always stay up-to-date, or upgrading to the latest version in Azure. With a PaaS platform, customers can fully offload management tasks in the cloud, so teams can focus on delivering innovative apps and experiences for their businesses.   
2. Migrating to Azure  for free Extended Security Updates. This includes options such as Azure Virtual Machines, Azure Dedicated Host, Azure VMware Solution, and Azure Stack HCI. Combining this with Azure Hybrid Benefit and consumption models such as reserved instances or savings plan for compute allows even more savings in Azure for Windows Server and SQL Server.  
3. Purchasing Extended Security Updates to remain protected on premises and in multi cloud environments.

We know that organizations often heavily weigh the best path to modernization, with many factors to consider. In this post, we’ll explore two new options from Azure Migrate and Azure Arc to protect end of support workloads.

Migrate and upgrade Windows Server 2012/R2 with Azure Migrate

If an organization is considering modernizing and migrating to Azure, the first step should be to assess their environment and build a migration business case with Azure Migrate. This free tool provides technical insights into workloads and cost estimates for moving to Azure. 

We’re excited to announce that Azure Migrate now supports in-place upgrades of Windows Server 2012 and later versions, during the move to Azure. Organizations can now elect to move their legacy applications and databases to a fully supported, compatible, and compliant operating system such as Windows Server 2016, 2019, or 2022. Organizations can also avoid downtime by first upgrading to a test environment in Azure and running production workloads in parallel to confirm functionality and compatibility, before fully moving to Azure.

With this new feature, organizations can avoid Windows Server 2012/R2 end of support and accomplish their modernization and migration goals in one motion. Learn more about this feature in Azure Migrate here.  

Stay protected in on-premises and multicloud environments with Extended Security Updates enabled by Azure Arc 

For organizations who aren’t able to modernize or migrate prior to the Windows Server 2012/R2 end of support date this October, Microsoft is announcing Extended Security Updates enabled by Azure Arc. With Azure Arc, organizations will be able to purchase and seamlessly deploy Extended Security Updates in on-premises or multicloud environments, right from the Azure portal. Extended Security Updates enabled by Azure Arc also gives more flexibility with a pay-as-you-go subscription model. 

Here are the key benefits: 

• Flexible billing and savings: Activate and enroll from Azure to pay for security updates on a monthly basis, giving organizations more flexibility to migrate and modernize to Azure on their terms.  

• Centralized cost management: Analyze costs using Azure Cost Management and see all Azure consumption in one place.  

• Greater visibility: Surface enrollment status of Extended Security Updates to highlight gaps and status changes  

• Organize and inventory your assets: Gain visibility and reporting across servers spanning your hybrid, multicloud, and edge infrastructure. 

• Keyless delivery: The enrollment of Extended Security Updates on Azure Arc-enabled machines does not require the acquisition or activation of keys. 

• Security and compliance: Seamlessly extend Azure security and governance from cloud to edge and stay compliant with supported software. 

To get started today, connect your servers to Azure Arc for free by installing Azure Arc using familiar deployment tools like Configuration Manager, Group Policy, Windows Admin Center, or MSI. In September 2023, Extended Security Updates enabled by Azure Arc will be available natively in Azure to point and click to activate your Extended Security Updates. This capability will also be available for SQL Server 2012.

Start modernizing for end of support

With all the new options available, there’s no better time to start modernizing for end of support with Azure. Here are a few key resources to get started: 

• Learn more about your options for Windows Server and SQL Server end of support. 
• Learn more about Extended Security Updates on our Frequently Asked Questions (FAQ) page and the documentation.
• Protect beyond Extended Security Updates by enhancing security with Microsoft Defender for Cloud – a comprehensive and unified cloud-native security solution to protect hybrid and multicloud environments from code to cloud.   
• Learn more about running Windows Server on Azure.
• Get in-depth resources for every stage of your cloud journey with Azure Migrate and Modernize & Azure Innovate—our new offerings from Azure that provide end-to-end support from migration and modernization to infusing the latest innovation in analytics and AI. 

The post New options for Windows Server 2012/R2 end of support from Azure appeared first on Microsoft Windows Server Blog.

We want to continue to invest in your organizations’ success and enable you to get the most out of Windows Server by keeping you informed of the latest product announcements, news, and overall best practices. Here are the top five to-do’s for you to make the most out of Windows Server:

1. Patch and install security updates without rebooting with Hotpatch

Hotpatch is now generally available. As part of Azure Automanage for Windows Server, this capability allows you to keep your Windows Server virtual machines on Azure up-to-date without rebooting, enabling higher availability with faster and more secure delivery of updates. Other capabilities that are part of Azure Automanage for Windows Server include SMB over QUIC, as well as extended network for Azure, which lets you keep your on-premises IP addresses when you migrate to Azure. Learn more about why Azure is the best destination for Windows Server.

2. Take the recently available Windows Server Hybrid Administrator Certification

Invest in your career and skills with this brand-new Windows Server certification. With this certification, you can keep the Windows Server knowledge you have built your career on and learn how to apply it in the current state of hybrid cloud computing. Earn this certification for managing, monitoring, and securing applications on-premises, in Azure, and at the edge. Learn more about Windows Server Hybrid Administrator Associate certification today.

3. Upgrade to Windows Server 2022

With Windows Server 2022, get the latest innovation for you to continue running your workloads securely, enable new hybrid cloud scenarios, and modernize applications to meet your ever-evolving business requirements. Learn more about investing in your success with Windows Server.

4. Protect your workloads by taking advantage of free extended security updates (ESUs) in Azure

While many customers have adopted Windows Server 2022, we also understand that some need more time to modernize as support for older versions of Windows Server will eventually end.

• For Windows Server 2012/2012 R2 customers, the end of support date is October 10, 2023. 
• For Windows Server 2008/2008 R2 customers, the third year of extended security updates are coming to an end on January 10, 2023. Customers can get an additional fourth year of free extended security updates (ESUs-only) on Azure (including Azure Stack HCI, Azure Stack Hub, and other Azure products). With this, customers will have until January 9, 2024 for Windows Server 2008/2008 R2 to upgrade to a supported release.

We are committed to supporting you as you start planning for end of support if you are running workloads on older versions of Windows Server. Learn more about end of support deadlines for Windows Server 2008/R2 and 2012/R2 and your options.

5. Combine extended security updates with Azure Hybrid Benefit to save even more

In addition to all the innovative Windows Server capabilities available only on Azure, it also has offers for you to start migrating your workloads with Azure Hybrid Benefit. It is a licensing benefit that allows you to save even more by using existing Windows Server licenses on Azure. Learn more about how much you can save with Azure Hybrid Benefit.

Ask questions and engage in our community

Get started implementing these Windows Server best practices today! Join the conversation by sharing stories or questions you have here:  

• Windows Server Tech Community.
• @windowsserver on Twitter.

¹_{Note: In alignment with the servicing model for Windows 7 and Windows 8.1 (link to blog), the Windows Server 2012 and 2012 R2 ESU program will only include Monthly Rollup packages; Security Only update packages will not be provided.}

The post Get the most out of Windows Server with these 5 best practices appeared first on Microsoft Windows Server Blog.