Windows News
Introduction
Microsoft has recently released Windows Server 2025 Insider Preview Build 26304, marking a significant advancement in server security and management. This build introduces Windows Defender Application Control for Business (WDAC) and a comprehensive Security Baseline Preview, both aimed at fortifying server environments against evolving threats.
Windows Defender Application Control for Business (WDAC)
WDAC serves as a software-based security layer that minimizes the attack surface by enforcing a predefined list of permitted software. This approach ensures that only authorized applications run on the server, effectively mitigating risks associated with unverified or malicious software.
Key Features of WDAC:- Explicit Software Allowance: Administrators can define and enforce policies specifying which applications are permitted to execute, thereby preventing unauthorized software from running.
- Default Policies: Microsoft provides a default policy that can be applied via PowerShell cmdlets, leveraging the OSconfig security configuration platform. This facilitates straightforward implementation of security measures.
For more details, refer to the official announcement: Announcing App Control for Business (aka WDAC) with OsConfig.
Windows Server 2025 Security Baseline Preview
Accompanying the WDAC, Microsoft has introduced the Security Baseline Preview, offering over 350 preconfigured security settings. These settings are designed to help organizations apply and enforce granular security measures that align with best practices recommended by Microsoft and industry standards.
Highlights of the Security Baseline Preview:- Role-Based Configurations: The baseline is organized into three categories based on server roles:
- Domain Controller (DC)
- Member Server
- Workgroup Member
- Comprehensive Security Settings: The baseline includes settings that cover various aspects of server security, ensuring a robust security posture from the outset.
Administrators are advised to test these configurations on non-production systems first, as some settings may not be reversible. More information is available here: Announcing Windows Server 2025 Security Baseline Preview.
Additional Enhancements
Feedback Hub Application:To facilitate user engagement and feedback, Microsoft has introduced the Feedback Hub app for Windows Server Desktop users. This tool allows users to report issues and provide suggestions directly to Microsoft, aiding in the continuous improvement of Windows Server.
Known Issues:As with any preview build, there are known issues that users should be aware of:
- Flighting Label Misidentification: Some users may notice the flight label incorrectly referencing Windows 11. Despite this, selecting the update will install the correct Windows Server build.
- PowerShell in WinPE: The installation of the WinPE-PowerShell optional component may not install PowerShell correctly, leading to cmdlet failures. Users relying on PowerShell in WinPE should avoid using this build.
- Upgrade Recommendations: Microsoft advises against using this build for validating upgrades from Windows Server 2019 or 2022 due to identified intermittent upgrade failures.
For a comprehensive list of known issues, refer to the official release notes: Windows Server Insider Preview Build 26304 Release Notes.
Conclusion
Windows Server 2025 Insider Preview Build 26304 represents a significant step forward in enhancing server security and management. The introduction of WDAC and the Security Baseline Preview provides administrators with powerful tools to enforce strict security policies and maintain a robust security posture. As always, users are encouraged to test new features in a controlled environment and provide feedback to Microsoft to aid in the refinement of these tools.
Reference Links
- Windows Server 2025 Insider Preview Build 26304 Release Notes
- Announcing App Control for Business (aka WDAC) with OsConfig
- Announcing Windows Server 2025 Security Baseline Preview
- Windows Server 2025 Insider Preview Build 26304 Adds Windows Defender Application Control - Neowin
- Windows Server 2025 Insider Preview Build 26304: Enhanced Security Features | Windows Forum
Tags
- Windows Server 2025
- Insider Preview
- Windows Defender Application Control
- Security Baseline
- Server Security
- Microsoft Updates
- PowerShell
- OSconfig
- Feedback Hub
- Server Management
Summary
Microsoft's release of Windows Server 2025 Insider Preview Build 26304 introduces significant security enhancements, including Windows Defender Application Control for Business and a comprehensive Security Baseline Preview. These features aim to strengthen server security by enforcing strict application controls and providing preconfigured security settings aligned with industry best practices. Administrators are encouraged to test these features in non-production environments and provide feedback to aid in their refinement.
Meta Description
Explore the new security features in Windows Server 2025 Insider Preview Build 26304, including Windows Defender Application Control and the Security Baseline Preview, designed to enhance server security and management.