Windows Server 2022 Standard from Microsoft is the platform for building an infrastructure of connected applications, networks, and web services, from the workgroup to the data center. It bridges on-premises environments with Azure, adding additional layers of security while helping you modernize your applications and infrastructure.
Please note that this license does not come with any CALs.
- Harden server communications – industry standard SMB AES -256 encryption and better controls
- Get preventative defense for sensitive assets like credentials with Credential Guard and Secure Boot enabled using TPM 2.0
- Protect system integrity from firmware attack with Windows Defender System Guard and isolate critical parts of the system with Virtualization-based security
- Extend Azure management and governance services to Windows Server on-premises using Azure Arc
- Perform virtual machine (VM) lifecycle management for your Azure Stack HCI and VMware environments from a centralized location
- Bring the first cloud native SIEM to all your resources by using Microsoft Sentinel through Azure Arc
- Improve container application deployment with smaller image size for faster download and simplified authentication
- Scale containerized applications with Kubernetes using improvements in network policy implementation and integration with industry standard containers
- Accelerate modernization of .NET applications
Secured-core servers support virtualization-based security (VBS) and hypervisor-based code integrity (HVCI). VBS uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system, protecting against an entire class of vulnerabilities used in cryptocurrency mining attacks. VBS also allows for the use of Credential Guard, where user credentials and secrets are stored in a virtual container that the operating system can’t access directly.
HVCI uses VBS to significantly strengthen code integrity policy enforcement. Kernel mode integrity prevents unsigned kernel mode drivers or system files from being loaded into system memory.
Kernel Data Protection (KDP) provides read-only memory protection of kernel memory containing non-executable data where memory pages are protected by Hypervisor. KDP protects key structures in the Windows Defender System Guard runtime from being tampered.
Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a secure communication channel between two endpoints. HTTPS and TLS 1.3 are now enabled by default on Windows Server 2022, protecting the data of clients connecting to the server. It eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Learn more about supported TLS versions and about supported cipher suites.
Although TLS 1.3 in the protocol layer is now enabled by default, applications and services also need to actively support it. The Microsoft Security blog has more detail in the post Taking Transport Layer Security (TLS) to the next level with TLS 1.3.
There are several platform improvements for Windows Containers, including application compatibility and the Windows Container experience with Kubernetes.
Some of the new features are:
- Reduced Windows Container image size by up to 40%, which leads to a 30% faster startup time and better performance.
- Applications can now use Azure Active Directory with group Managed Services Accounts (gMSA) without domain joining the container host. Windows Containers now also support Microsoft Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ).
- Simple buses can now be assigned to process-isolated Windows Server containers. Applications running in containers that need to talk over SPI, I2C, GPIO, and UART/COM are now able to do so.
- Microsoft has enabled support for hardware acceleration of DirectX APIs in Windows containers to support scenarios such as Machine Learning (ML) inference using local graphical processing unit (GPU) hardware. For more information, see the Bringing GPU acceleration to Windows containers blog post.
- There are several other enhancements that simplify the Windows Container experience with Kubernetes. These enhancements include support for host-process containers for node configuration, IPv6, and consistent network policy implementation with Calico.
- Windows Admin Center has been updated to make it easy to containerize .NET applications. Once the application is in a container, you can host it on Azure Container Registry to then deploy it to other Azure services, including Azure Kubernetes Service.
- With support for Intel Ice Lake processors, Windows Server 2022 supports business-critical and large-scale applications that require up to 48TB of memory and 2048 logical cores running on 64 physical sockets. Confidential computing with Intel Secured Guard Extension (SGX) on Intel Ice Lake improves application security by isolating applications from each other with protected memory.
System Insights has another capability via Windows Admin Center, disk anomaly detection.
Disk anomaly detection is a new capability that highlights when disks are behaving differently than usual. While different isn’t necessarily a bad thing, seeing these anomalous moments can be helpful when troubleshooting issues on your systems. This capability is also available for servers running Windows Server 2019.
Servers can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality Windows Updates. When a device is unable to start up properly after the recent installation of quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
This functionality requires the server to be using the Server Core installation option with a Windows Recovery Environment partition.
Enhancements to Storage Migration Service in Windows Server 2022 makes it easier to migrate storage to Windows Server or to Azure from more source locations. Here are the features that are available when running the Storage Migration Server orchestrator on Windows Server 2022:
- Migrate local users and groups to the new server.
- Migrate storage from failover clusters, migrate to failover clusters, and migrate between standalone servers and failover clusters.
- Migrate storage from a Linux server that uses Samba.
- More easily synchronize migrated shares into Azure by using Azure File Sync.
- Migrate to new networks such as Azure.
- Migrate NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.