The Ultimate Guide to

Windows Server 2022

Windows Server 2022 for
today’s business challenges

Technical advances and innovation. Escalating customer expectations.

Attacks that exploit previously unknown security vulnerabilities.
Competitive pressures. Earth-shaking world events.

These are some of the factors that make the world of information
technology an exciting, challenging place to work. For more than
20 years, Windows Server has been right there, a server accessible to
all organisations, from small businesses to the largest enterprise and
government data centres. As a result, organisations benefited: They gained
continuous improvement in security and a robust application platform,
systems architecture and system administration tools. As cloud services grew
in importance, Windows Server was there too, providing hybrid capabilities
that brought together data centre investments and new cloud innovations.

Today, Windows Server 2022 continues this tradition with best-in-class

security, an end-to-end hybrid infrastructure and an application platform
that allows you to run existing and new applications with confidence
on Azure, on-premises or on the edge.

Read this guide to learn more about how the Windows Server 2022
operating system helps you deliver three critical business capabilities.

1 Advanced multi-layered security

Elevate the security posture of your organisation starting with the operating system.

2 Hybrid capabilities with Azure

Extend your data centre to Azure for greater IT efficiency.

3
Flexible application platform
Empower developers and IT pros with an application platform designed to build
and deploy diverse applications.

1
Windows Server and Azure – A complete solution

Windows Server 2022 builds on the success of Whether you run Windows Server instances
Windows Server 2019, which delivered tools and on physical servers, virtual machines, on-premises or
technologies to bridge the gap between the data in Azure, Microsoft’s end-to-end hybrid infrastructure
centre and the cloud. Windows Server 2022 delivers helps manage your servers and services. Azure
an end-to-end hybrid infrastructure and application Arc (discussed in detail later in this guide) extends
platform, along with multi-layered security features Azure management and security to Windows Server
that protect apps, data and IT workloads across Azure instances anywhere. Windows Admin Centre provides
and the data centre. a full suite of tools for managing backup, site recovery,
monitoring and more. Azure Active Directory
A Secured-core certification programme with
provides consistent and secure identity on-premises
hardware suppliers provides unprecedented
and in the cloud.
protection from malware targeting firmware and
device drivers. Secure connections are at the heart of Read this guide for an overview across all these
today’s interconnected systems, and new capabilities capabilities. When you’re ready for next steps,
such as DNS-over-HTTPS and SMB encryption further we’ll explain how to quickly start a no-cost evaluation
safeguard network traffic. New management tools of Windows Server 2022, Azure Arc and Windows
like Azure Arc and enhancements to Windows Admin Admin Centre. You can also find more in-depth
Center increase the efficiency and agility of hybrid information and resources, including for migration
computing. Windows containers have also been and upgrade efforts.
significantly improved, with greatly reduced image
size and faster start-up times, along with tools to
quickly containerise .NET applications.

2
1 Security

Organisations around the world are embracing digital transformation

using technologies across data centre, cloud and edge computing
to thrive in fast-paced environments. The trend toward remote work
continues to push the transformation. Meanwhile, cybercriminals and
other bad actors are also innovating, moving to new targets, including
the seams between hardware and software that are difficult to monitor
for breaches.

Stolen credentials compromise customer data. Servers may be hit with

ransomware attacks. To build a strong security strategy, organisations
need to track emerging risks and keep up with the latest technologies.
They need to understand complex security and privacy regulations
that vary from place to place.

Cybersecurity always comes down to people – good and bad.

Many companies lack expertise and familiarity with security
standards. And even the most security-conscious employees can
be susceptible to clever social engineering that tricks users and
introduces malware into an organisation’s networked computers.

3
Firmware attacks outpace investments targeted at stopping them

83 %
5× 21 %
Of enterprises have Increase in attacks Of enterprise security
experienced at least against firmware decision makers surveyed
one firmware attack in in the last four years. admit that their firmware
the past two years. data goes unmonitored
today.

Source: Microsoft-commissioned Source: National Institute of Standards Source: Microsoft-commissioned

research by Hypothesis Group, and Technology’s (NIST) National research by Hypothesis Group,
Vulnerability Database (NVD) Security Signals, 2021 and
Security Signals, 2021 Microsoft Security Team

Advanced multi-layered security for Windows Server

Microsoft builds advanced multi-layered security data and manage risk across your operation. The
into Windows Server. Security starts at the hardware following figure showcases five pivotal areas that
level, protects access and credentials and continues deliver on Microsoft’s commitment for advanced
to deepen as you add cloud services that safeguard multi-layered security.

Critical layers of security

1 Secured operation
of workloads
Microsoft Defender workloads

Simplified
2 operational
hardening
Privileged Access Network Security

3 Trusted system and

data security
Encryption and Data Protection System Security & Zero Trust

4 Silicon-assisted
security
Hardware Root-of-Trust Secured-core

5 Enabling regulated
customers
Security Assurance Certification Secure Supply Chain

Microsoft’s commitment to Windows Server security spans data centre

to Azure, starting with protections built into the hardware.

4
 1 Secured operation of workloads

Whether your servers run in the cloud or on- multicloud and hybrid environments. It provides
premises, it’s critical to have a comprehensive security continuous vulnerability assessments and security
strategy in place that enables you to secure your recommendations, can help you meet compliance
servers and protect them against the evolving threat standards and it includes leading endpoint detection
landscape. Microsoft Defender for Cloud is a Cloud and response capabilities to effectively detect and
Security Posture Management and Cloud Workload respond to threats. It integrates with Microsoft
Protection solution that helps you securely configure Sentinel and the tools of your choice to enable easy
and protect servers against advanced threats across investigation and remediation workflows.

2 Simplified operational hardening

Benefit from the expertise Microsoft earned building Firewall protects east-west and north-south traffic
and running a hyperscale cloud. New features bring flows across the network layer of virtual networks
the same fundamental capabilities that harden Azure and traditional VLAN networks.
operations to your Windows Server environments.
• TLS security. Protect data of clients connecting
Privileged Access Management to the server. Windows Server 2022 enables TLS
Restrict privileged access with Just-in-time and (Transport Security Layer) 1.3 by default and
Just-enough administration capabilities, integrated supports HTTP over QUIC (HTTP/3) for faster
with the Microsoft and partner ecosystem, within an and more secure HTTPS connections. The Quick
existing and isolated Active Directory environment. UDP connection enables the creation of a TLS 1.3
Enhanced network security encrypted tunnel over the internet-friendly UDP
Gain enhanced network security with improved port 443.
performance and stability. Network security • Secure DNS. Improve DNS security with support
innovations in Windows Server 2022 include these: for DNS-over-HTTPS (DoH). When DoH is enabled,
• Data Centre Firewall. Offer this highly scalable, DNS queries between Windows Server’s DNS client
manageable and diagnosable software-based and the DNS server pass across a secure HTTPS
firewall solution to tenants. The Data Centre connection rather than in plain text.

3 Trusted system and data security

To help protect confidential data, Windows Encryption and data protection capabilities
Server 2022 delivers hardware-based isolation. The cryptography stack spans Window servers,
This new version includes several key encryption applications and services:
and system security features to protect against
• BitLocker Drive Encryption provides data protection
unauthorised access.
integrated with the OS. BitLocker mitigates the
threat of data exposure from lost, stolen or
inappropriately decommissioned devices.

5
• Encrypted Hard Drive uses the rapid encryption Device Health Attestation service, for example, helps
provided by BitLocker Drive Encryption to verify boot configuration and attributes. When
enhance security and management. combined with device management, you can create
zero-trust policies that ensure only devices that
• SMB Encryption is worth considering for any
meet a specified posture will be able to connect to
scenario in which sensitive data needs to be
protected resources.
protected from man-in-the-middle attacks.
SMB security and performance enhancements Windows Server 2022 enhances other security features
in Windows Server include these: first introduced in Windows Server 2016 or 2019.

• SMB AES-256 encryption for the most • Windows Defender Application Control (WDAC),
security conscious. which ensures only verified executables run on
the server, has significant improvements to policy
• East-West SMB encryption controls for internal
configuration and path-based rules.
cluster communications.
• Group Managed Service Accounts (gMSAs) now
• Industry-standard encryption that minimises
work with Windows containers without having
performance issues using SMB encryption with
to domain-join the host. Windows Server 2022
remote direct memory access (RDMA).
introduces a new model where an Active Directory
System Security & Zero Trust identity protected in a secret store can be used by
Windows Server 2022 delivers zero-trust capability the un-joined host to retrieve the gMSA password.
with hardware-based isolation security. Removing the need to domain-join the host will
make using gMSA in Kubernetes environments
more manageable and scalable.

4 Silicon-assisted security

Successfully protecting systems requires a holistic Hardware root of trust

approach that builds security from the chip to the Trusted Platform Module 2.0 (TPM 2.0) comes standard
cloud across hardware, firmware and the operating with Secured-core servers, providing a protected
system. Using expertise built in its Azure data centres store for sensitive keys and data, such as information
and with its Secured-core PC initiative, Microsoft has verifying components loaded during boot.
collaborated with OEM and silicon partners to expand
Firmware protection
Secured-core certification to Windows Server 2022.
In the last few years, there has been a significant
Secured-core uptick in firmware vulnerabilities, in large part due
The Secured-core certification programme makes it to the higher level of privileges associated with
simpler to identify the most secure hardware platforms firmware combined with limited visibility into firmware
available for running Windows Server 2022. Certified by traditional anti-virus solutions. Windows Server
servers use industry-standard hardware-based root 2022 supports Unified Extensible Firmware Interface
of trust and firmware protections to ensure that only (UEFI) secure boot. When the server is started,
trusted components load in the boot path. Certified the firmware checks the signature of each boot
devices are suitable for industries that handle component including firmware drivers and the OS.
intellectual property, customer or personal data. Secured-core servers go a step further than secure
Functionality spans three key areas. boot. Secured-core servers use advanced processor
capabilities to ensure that even if there is a boot

6
firmware vulnerability, the sensitive contents held in Virtualisation-based security (VBS)
virtualisation-based security are not exposed. If the Secured-core servers support VBS and hypervisor-
Hyper-V hypervisor loads in its expected configuration based code integrity (HVCI). VBS and HVCI isolate
and the signatures are valid, the server boots and the privileged parts of the OS, like the kernel, from the rest
firmware passes control to the OS. of the system. This helps to ensure that servers can
securely run critical workloads and helps protect related
applications and data from attack and exfiltration.

5 Enabling regulated customers

Organisations in regulated industries require tight • Certification and adherence to international

control over security. Microsoft builds the Windows standards and certification programs such
Server operating system in compliance with the as FIPS 140 and Common Criteria.
industry’s most rigorous policies and procedures, • Secure Supply Chain best practices.
which helps protect devices and users before the
device is even turned on. Microsoft uses a combination • Security Assurance with the support of the
of red-team, green-team practices along with the Microsoft Security Response Centre, part
Secure development lifecycle to design and develop of the defender community and on the front
products with solid security fundamentals: line of security response evolution.

Balancing tighter security and operational simplicity

Simply by upgrading to Windows Server 2022, organisations gain significant protection

because the operating system enables robust security by default. Upgrading to Windows
Server 2022 means your servers include all the latest security updates as well as the
assurance you’ll receive additional updates for years to come when new exploits are
uncovered. As discussed in this section, Windows Server 2022 also provides a large
suite of additional multi-layer security features worth activating. Each organisation
needs to prioritise which security issues to address and balance tightening security
and operational simplicity. Windows Server 2022 helps advance both objectives.

Azure is the only cloud platform built by a security vendor

8,500 25B+ More than

Security experts at Microsoft Brute force authentication 24 trillion

and USD 1B annual attacks blocked in 2021 signals analysed by
investment in security Microsoft every 24 days

7
2 Hybrid

Across every industry and around the world, companies are

working hard to keep pace with evolving business needs by
building on existing digital investments. According to a 2021
survey sponsored by Microsoft, organisations are increasing
investments in hybrid and multicloud to solve complex
business needs.

The hybrid approach, which combines on-premises and cloud

environments working together, can improve business agility.
Yet IT teams can struggle to ensure compliance and manage
resources at scale across diverse environments.

• Operating costs typically increase without a unified approach

to managing hybrid, multicloud and edge deployments.

• Organisations find themselves with duplicated cloud platform

utilities for network, identity, governance, security and
operations.

8
Moving toward unified operations with hybrid
security, management

Microsoft has built capabilities in Windows Server you manage and secure identities across environments.
2022 and Azure to expand and strengthen the But you can do a lot more to streamline hybrid
connections between the customer data centre, operations:
Azure and other clouds. As a result, customers can
• Extend Azure services such as Microsoft Defender
unify operations with an intentional approach that
for Cloud, Microsoft Sentinel and Storage Migration
includes maintaining one set of tools and processes
to Windows Server on-premises by using Azure Arc.
to consistently manage each cloud provider. By
using a common set of governance and operations • Quickly and easily enable services such as Azure
management practices, organisations draw closer Backup, Azure Site Recovery and Azure Monitor
to operating seamlessly across on-premises, data using Windows Admin Centre.
centre, edge environments, other clouds and Azure. • Simplify IT management and enhance security with
Azure is the only cloud with end-to-end hybrid Azure Automanage, and take advantage of Azure
infrastructure and consistent security, identity and best practices, such as patching Windows Server
management features. If you use Active Directory, VMs running on Azure without requiring a reboot.
for example, adding Azure Active Directory helps

Customers build on existing investments with strategic

use of cloud

A 2021 survey found 86% of all respondents plan to increase

investment in hybrid or multicloud environments. And 95%
say those technologies have already been critical to their
success. The survey, conducted by The Harris Poll and sponsored
by Microsoft, targeted business decisions makers, IT professionals
and IT decision makers in medium to large U.S. companies.

The survey defines hybrid as a mix of on-premises and one

or multiple public clouds. Nearly all survey respondents agreed
they need to be able to adopt cloud in some areas of business
while retaining other data, workloads and apps on-premises,
primarily for regulatory reasons.

Companies surveyed report they are using clouds strategically,

often for specific purposes such as data backup or access
to sophisticated services such as security monitoring
or artificial intelligence.

9
As hybrid computing has evolved, Windows Server business needs, IT pros benefit from powerful tools to
and Azure have become more tightly integrated. design, configure, manage and troubleshoot complex
Systems like Azure Arc enable management tools hybrid cloud environments. Microsoft offers several
to span the data centre, cloud and edge devices. foundational tools for IT admins working with hybrid
As Windows Server continues to evolve to meet computing, which this section will discuss.

1 Ensure compliance and manage

resources at scale

Unify operations with Azure Arc, a set of technologies Here’s a look at each:
that bring Azure security and cloud-native services
Harden hybrid cloud resources
to hybrid and multicloud environments. Use Azure
Microsoft Defender for Cloud helps you track your
Arc to enrol Windows Servers, Linux servers and
security posture, protect against cyberattacks
other resources as Azure resources. Once they are
and streamline security management. Configure
Azure resources, you can organise, govern and secure
customised threat intelligence and prioritised alerts
on-premises machines the same way as Azure-hosted
according to your environment, which includes your
virtual machines.
Arc-enabled Windows Server machines.
With Azure Arc, you can control infrastructure
To provide an even higher level of security, consider
running outside of Azure using Microsoft Defender
using Microsoft Sentinel to automate the analysis and
for Cloud, Microsoft Sentinel, Hotpatch as part of
response to alerts generated by Defender for Cloud
Azure Automanage for Windows Server and Storage
and other security monitoring systems.
Migration Services to help make servers secure and
reliable.

Unify operations with Azure Arc

Single control plane with Azure Arc

Azure Arc-enabled Azure Arc-enabled

infrastructure services

Multicloud Datacentre Edge

Bring Azure security and cloud-native services to hybrid environments with Azure Arc. Connect
and operate hybrid resources, including Windows servers and Kubernetes clusters, as native
Azure resources. Run Azure services anywhere, including data services and machine learning.

10
Detect and respond to security events virtual machines or upgrading from one operating
As an enterprise grows, the increasingly sophisticated system to another. How can you be sure that you’ve
attacks and volumes of alerts can overwhelm IT transferred all the data and that all links or file paths
resources. Microsoft Sentinel brings together the still work? Storage Migration Service makes it easier
value of two types of solutions: a security information to migrate storage, including NetApp FAS storage
and event management (SIEM) system and a security systems, to Windows Server machines or to Azure.
orchestration, automation and response (SOAR) The service provides a graphical tool that inventories
system. Sentinel uses information from Microsoft data and then transfers the data to newer servers
Defender for Cloud and many other sources to or to Azure virtual machines.
consolidate, analyse and respond to security-related …
situations. Identify real threats to your Windows Lastly, no overview of Microsoft management tools
Server machines and other resources. Reduce noise would be complete without Windows Admin Centre,
from legitimate events with built-in machine learning which replaces numerous management tools such as
and knowledge based on analysing trillions of Server Manager and Microsoft Management Console
signals daily. (MMC) and can be used alongside Azure Arc and
Simplify data migration Microsoft System Centre. Windows Admin Centre
Migrating data can be a headache when upgrading helps customers take advantage of cloud innovation
to new hardware, moving servers to the cloud or onto to streamline management of on-premises servers.

2 Quickly and easily enable

hybrid services
Many customers use it to streamline time-consuming,
Remotely manage Windows Server machines running single-machine management tasks. Perhaps more
anywhere – physical, virtual, on-premises, in Azure, importantly, built-in integration with Azure helps
or in a hosted environment – with Windows Admin you connect on-premises servers to useful cloud
Centre. The browser-based tool is available as a free services that can solve business problems and
download or can be accessed from the Azure portal. streamline hybrid operations.

Tools to help you manage and govern Windows servers

Windows Admin Centre and Azure Arc work together – there’s no reason
to choose one or the other. Use Windows Admin Centre for deep server
administration of Windows Server, Azure Stack HCI and Azure Kubernetes
Service (AKS) on Azure Stack HCI.

Windows Admin Centre is free to download and ready to use in coordination with
Azure Arc. It combines common server management tools in a single interface,
including Remote Desktop Connection, PowerShell and purpose-built interfaces
for managing roles and features. OEMs and ISVs also offer extensions that allow
Windows Admin Centre to manage hardware and third-party software.

Azure Arc complements Windows Admin Centre. Arc is a single control plane
for IT estate management – allowing you to ensure security, governance, and
compliance for servers, Kubernetes clusters, data services and more.

11
 Here are some services that streamline hybrid • Azure Files centralises file shares in the cloud while
operations: leaving on-premises file servers in place

• Azure Site Recovery replicates workloads running And if Azure Arc and Windows Admin Centre help
on physical and virtual machines from a primary you govern and manage servers, Azure Automanage
site to a secondary location in Azure. makes it easy to automate operations and apply
consistent best practices across your Windows
• Azure Backup Service backs up on-premises
Server and Linux virtual machines in Azure.
or Azure virtual machines and servers.

• Azure Monitor collects monitoring telemetry

from a variety of on-premises and Azure sources,
storing it in a log data store optimised for cost
and performance.

3 Reduce the pain of updates for cloud-

based servers

Systems with unpatched security holes are Hotpatch as part of Azure Automanage for Windows
a dirty secret in IT organisations. Organisations Server is currently available exclusively on Windows
are sometimes reluctant to install security patches Server 2022 Data Centre: Azure Edition. Keep your
because they often require lengthy reboots and Windows Server virtual machines on Azure up to date
sometimes disrupt the stability of previously without rebooting, enabling higher availability with
smooth-running systems. faster and more secure delivery of updates.

Spanish company boosts security, eases management We have the flexibility in Azure Arc to manage
of servers at scale with Azure Arc on-premises infrastructure similarly to the cloud
in terms of updating security, performance and
Prosegur, a Spanish security company, acquired a variety
log analytics in our web-based console... We were
of IT practices from other companies after it grew rapidly
always challenged with consistent management
and expanded globally. Prosegur adopted Microsoft
before. Now with Azure Arc and our ecosystem
Azure Arc and other security solutions to easily manage
of Microsoft security solutions, we have a common
its hybrid, multicloud environment. Since then the
layer to manage our infrastructure globally without
company has onboarded 700 on-premises data centre
thinking about which tool to use for a specific task
servers to Azure Arc and plans to ultimately move
in a specific data centre.”
5,000 servers: 3,500 Windows servers and 1,500 Linux
servers. Iñigo Martinez Lasala
Director of Technology and Systems
Azure Arc helped Prosegur improve scalability and
Prosegur
security. The company’s IT team is now able to monitor
infrastructure from one place, saving time and effort.
12
3 Application
Platform

A flexible application platform empowers developers and

IT pros to build and deploy diverse applications. Windows Server
2022 delivers. Microsoft continues to improve the operating
system’s container-focused capabilities, which gives organisations
the flexibility to scale both up and down and modernise fast.
Windows Server 2022 simplifies and speeds container application
deployment, accelerates modernisation of .NET applications with
a new containerisation tool and improves container orchestration
with Kubernetes enhancements.

Speed up app modernisation with container enhancements

Containers enable you to package apps with versions, because Windows Server 2022 significantly
everything they need to run so that your apps reduces the image size.
work the same way in the cloud and on-premises.
Longer support cycle
All containers are created from container images.
Window Server 2022 container images now
A container image is a bundle of files organised into
come with five years of mainstream support and
a stack of layers that reside on your local machine
an offering of an additional five years of extended
or in a remote container registry. Larger images
support, which provides a long-term, stable base
typically support more system features and native
for containers dependent on these images. The
APIs, but typically have longer start-up times than
longer support cycle helps ensure you have time
smaller images.
to implement, use and upgrade or migrate when
Windows Server 2022 includes improvements that appropriate for your organisation.
reduce image sizes and add support for additional
Improved authentication
Windows capabilities.
Facilitate Active Directory (AD) authentication using
Reduced Server Core image size Group Managed Service Accounts (gMSAs) with
Containers running on Server Core start faster and Windows containers. In Windows Server 2022, use
run faster in Windows Server 2022 than in previous gMSA for containers with a non-domain-joined host

13
 Improve performance Speed app Migrate .NET Simplify orchestration
with reduced modernisation applications with with Azure
image size with multiple Azure Migrate: App Kubernetes Service
enhancements in Containerisation
Windows Server 2022

to authenticate via a portable user identity instead More compatibility

of a host identity. Container integration with gMSA Windows containers now support Microsoft
helps eliminate the overhead required to manually Distributed Transaction Control (MSDTC) and
join Windows worker nodes to a domain and manually Microsoft Message Queuing (MSMQ), allowing
manage passwords. more compatibility with existing applications
and operating environments.

1 Accelerate modernisation of
.NET applications

Many existing Windows Server customers run legacy Migrate hub, provides an end-to-end solution to
ASP.NET applications written before the broad containerise and migrate existing web applications
adoption of containers. Windows Admin Centre, to Azure Kubernetes Service (AKS). Containerising
discussed in the Hybrid section, and Azure provide ASP.NET applications and migrating them to AKS
tools to efficiently containerise existing ASP.NET apps doesn’t require access to the codebase. The tool
so they can be used and managed just like apps works by using the running state of the applications
written natively for containers. on a server to determine the application components
and helps package them as a container image.
Local container administration
Administer containers locally and integrate them with
the Azure Container Registry with Windows Admin
Centre. Use the container extension in Windows
Admin Centre to simplify the containerisation
of existing web applications based on ASP.Net
from the .NET Framework.

Azure-native solution for containerisation

Distribute

Move containers to Azure with Windows Admin Watch a demo that walks through the process to
Centre or Azure Migrate: App Containerisation. move legacy apps to Azure with Azure Migrate.
App Containerisation, available from the Azure

14
 2 Leverage Kubernetes enhancements

Orchestrators like AKS help you grow and manage Kubernetes dual-stack support
containerised apps at scale. Use the service to deploy As more networking environments switch from IPv4 to
large numbers of containers, schedule workloads, IPv6, organisations need dual-stack support. Windows
monitor health, perform failover and handle Server now includes IPv4/IPv6 dual stack support.
networking. The growing popularity of Kubernetes Kubernetes assigns a unique network address (IP) to
has spurred a vast amount of innovation, and each workload instance (Pod) running on it. With IPv4/
Windows Server 2022 delivers several in-demand IPv6 dual stack support, each workload will get both
Kubernetes features to ease configuration headaches an IPv4 and IPv6 address, reducing connection issues
and improve overall reliability. and configuration headaches in a mixed environment.

Run Azure Kubernetes Service on Windows Server Multi-subnet support

2019 Data Centre, Windows Server 2022 Data Centre Gain more flexibility with network addresses with
and Azure Stack HCI and get started hosting Windows multi-subnet support for Windows worker nodes via
containers in your data centre. improvements to the Host Network Service (HNS).
More restrictive subnets, such as subnets with a longer
Azure Kubernetes Service simplifies the process
prefix length, are now allowed, and multiple subnets
of setting up Kubernetes on Azure Stack HCI and
can now be assigned to each Windows worker node.
Windows Server 2019 or 2022 Data Centre, and
Previously, HNS restricted the Kubernetes container
includes the following features:
endpoint configurations to using the prefix length of
• A Windows Admin Centre wizard to help set up the underlying subnet. The first Container Networking
Azure Kubernetes Service and its dependencies. Interface (CNI) that can use this functionality is Calico
• A Windows Admin Centre wizard to help create for Windows. Calico Network Policies is an open-source
Kubernetes clusters to run your containerised network and network security solution founded by Tigera.
applications. Expanded cluster management scenarios
• PowerShell cmdlets to help set up Kubernetes and A new container type extends the Windows container
create Kubernetes clusters, in case you’d rather script model and enables a wider range of Kubernetes
the host set-up and Kubernetes cluster creation. cluster management scenarios. With HostProcess
containers, users can package and distribute

Introduction to containers

Containers are a technology for packaging and running Windows and Linux
applications across diverse environments on-premises and in the cloud.

Containers start and stop quickly, making them ideal for apps that need to rapidly
adapt to changing demand. The lightweight nature of containers also makes them
a useful tool for increasing the density and utilisation of your infrastructure.

Containers run application code and run on top of server images. The type of server
image can change depending on the container’s requirements.

15
management operations that require host access storage and networking management scenarios
while retaining versioning and deployment methods in Kubernetes.
provided by containers. This allows you to use
Windows containers for a variety of device plug-in,

3 Support massive applications

and databases

Deploy business-critical, large-scale applications Confidential computing capabilities enabled by Intel

and implementations of SQL Server with Windows Secured Guard Extension (SGX) improve application
Server 2022 running on Ice Lake-based servers. security by isolating applications from each other
Take advantage of up to 48 TB of memory and with protected memory.
2,048 logical cores running on 64 physical sockets.

Introduction to orchestrators

While you can manage a few containers manually using Docker

and Windows, apps often make use of five, ten or even hundreds
of containers, which is where orchestrators come in. Container
orchestrators were built to help manage containers at scale
and in production. Microsoft offers the poplular Kubernetes
orchestrator on two platforms:

Azure Kubernetes Service (AKS) – a managed Azure

Kubernetes service.

Azure Kubernetes Service (AKS) on Azure Stack HCI – for Azure

Kubernetes Service on-premises, running on hyperconverged
infrastructure or a Windows Server Data Centre edition host.

16
Get started

Whether you’re experimenting with hybrid computing or you want

to extend your capabilities to the next level, Windows Server 2022
delivers a high level of flexibility, innovation, performance and
security. Here’s how to get started.

Download Windows Server 2022 Remotely manage Windows Server

Try the latest version of Windows Server for anywhere with Windows Admin
yourself – in Azure or in your data centre. Learn how Windows Admin Centre,
available with your Windows Server licence
Try Windows Server 2022 in the cloud
at no additional charge, consolidates and
with an Azure free account
reimagines Windows Server utilities and tools
Set up a Windows Server virtual machine
in a single, browser-based, graphical user
in the cloud. Choose between Standard,
interface.
Data Centre and Data Centre: Azure Edition
installation options. Prepare for Windows Server 2012 and
2012 R2 end of support in October 2023
Plan your migration to Windows Server 2022
Understand your options to keep workloads
Visit the Azure migration and modernisation
protected when regular security updates end
centre for guidance and access to Azure
for Windows Server 2012 and 2012 R2.
engineers, tools and partner services.

Learn more about Azure Arc for servers

and Kubernetes
Azure Arc is offered at no additional cost
when managing Azure Arc-enabled servers
and Azure Arc-enabled Kubernetes. See the
Azure Arc pricing page for details.

17
Windows Server
resources

Learn about Windows Server 2022 Windows Admin Centre overview

What’s new in Windows Server 2022 Windows Server security documentation

Compare Windows Server 2022 Windows Server management

with earlier version documentation

Compare Windows Server 2022 editions Windows Server Extended Security Updates

Windows Server 2022 pricing and licensing Introduction to the hybrid and
multicloud scenario
News and best practices from
Windows Server team Windows containers in Windows Server 2022

Azure Arc overview

© 2022 Microsoft Corporation. All rights reserved. This document is provided ‘as-is’. Information and views expressed in this
document, including URL and other Internet website references, may change without notice. You bear the risk of using it.
Some examples are for illustration only and are fictitious. No real association is intended or inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product.

18