Windows Server 2022 represents Microsoft’s most security-focused server release to date. With Secured-core capabilities, Azure Arc integration, and significant networking improvements, it’s a compelling upgrade for enterprises running hybrid infrastructure.

Security: The Headline Feature

Security improvements dominate Windows Server 2022. Microsoft positioned this release as the most secure Windows Server ever—and the features back up that claim.

Secured-Core Server

Secured-core technology, previously available only for specialized devices, now comes to Windows Server. This hardware-rooted security approach creates multiple layers of protection:

Hardware-Based Security

  • TPM 2.0 requirement: Trusted Platform Module provides hardware-based cryptographic operations
  • Secure Boot: Ensures only signed, trusted code runs during startup
  • UEFI firmware protection: Guards against firmware-level attacks

Virtualization-Based Security (VBS)

  • Hypervisor-protected Code Integrity (HVCI): Prevents unsigned kernel-mode code execution
  • Credential Guard: Isolates credentials in a secure virtualized container
  • System Guard: Protects boot process integrity

To enable Secured-core features:

# Check VBS status
Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard

# Enable HVCI
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" -Name "Enabled" -Value 1

DNS over HTTPS (DoH)

Windows Server 2022 brings encrypted DNS queries to the server platform:

# Configure DoH
Add-DnsClientDohServerAddress -ServerAddress "1.1.1.1" -DohTemplate "https://cloudflare-dns.com/dns-query" -AllowFallbackToUdp $False -AutoUpgrade $True

# Verify configuration
Get-DnsClientDohServerAddress

This prevents DNS query interception—a significant security improvement for organizations concerned about network-level surveillance or manipulation.

TLS 1.3 Support

TLS 1.3, the latest transport security protocol, is enabled by default:

  • Faster handshakes (1-RTT vs 2-RTT)
  • Removed obsolete cryptographic algorithms
  • Forward secrecy by default
  • Protection against downgrade attacks

Azure Hybrid: The Strategic Play

Microsoft’s hybrid cloud strategy is central to Windows Server 2022. Azure Arc integration enables Azure management capabilities for on-premises servers.

Azure Arc Integration

Azure Arc extends Azure management and services to on-premises infrastructure:

Unified Management

  • Manage on-premises servers from Azure portal
  • Apply Azure policies across hybrid infrastructure
  • Use Azure Resource Graph for inventory queries
  • Single-pane-of-glass visibility

Azure Services On-Premises

  • Azure Defender for cloud security
  • Azure Monitor for observability
  • Azure Automation for operations
  • Update Management without WSUS
# Install Azure Arc agent
$env:SUBSCRIPTION_ID = "your-subscription-id"
$env:RESOURCE_GROUP = "your-resource-group"
$env:TENANT_ID = "your-tenant-id"
$env:LOCATION = "eastus"
$env:AUTH_TYPE = "token"

& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect `
  --subscription-id $env:SUBSCRIPTION_ID `
  --resource-group $env:RESOURCE_GROUP `
  --tenant-id $env:TENANT_ID `
  --location $env:LOCATION `
  --cloud "AzureCloud"

Azure Automanage

For organizations wanting hands-off management, Azure Automanage automates:

  • Onboarding to Azure services
  • Configuration of best practices
  • Drift detection and remediation
  • Automated patching

Networking Improvements

SMB Compression

One of the most practical improvements for file server workloads: SMB compression reduces network bandwidth for file transfers.

# Enable SMB compression on a share
Set-SmbShare -Name "Data" -CompressData $True

# Configure compression algorithm
Set-SmbServerConfiguration -RequestCompression $True

# For specific file patterns
New-SmbServerCompression -Pattern "*.docx" -EnableCompression $True

Compression is automatic for compressible files and transparent to clients. Benefits are most noticeable for:

  • WAN connections with limited bandwidth
  • Large file transfers (databases, VHDs, backups)
  • Branch office file access

SMB over QUIC

SMB over QUIC enables secure file access without VPN:

Key Benefits

  • Encrypted by default (TLS 1.3)
  • Works through firewalls (UDP 443)
  • Eliminates VPN complexity for file access
  • Maintains security without network-level tunneling
# Configure SMB over QUIC
New-SmbServerCertificateMapping -Name "fs01.contoso.com" -Thumbprint "YOUR_CERT_THUMBPRINT" -StoreName My -StoreLocation LocalMachine

# Enable on server
Set-SmbServerConfiguration -EnableSMBQUIC $True

Requirements:

  • Windows 11 clients (or Windows 10 with updates)
  • Valid TLS certificate
  • Windows Server 2022 Datacenter: Azure Edition

UDP Performance Improvements

Windows Server 2022 includes significant UDP stack improvements:

  • UDP Segmentation Offload (USO): Hardware offloading for UDP
  • UDP Receive Side Coalescing (UDP RSC): Reduces CPU overhead
  • Improved QUIC performance: Benefits any QUIC-based application

Storage Enhancements

Storage Migration Service Improvements

Migrating file servers is easier with enhanced Storage Migration Service:

  • Transfer from more source platforms (Linux, NetApp, EMC)
  • Improved error handling and retry logic
  • Better large-scale migration support
  • Migration of share permissions and properties

Adjustable Storage Repair Speed

Control storage pool repair priority:

# Check current repair speed
Get-StoragePool -FriendlyName "Pool1" | Get-StorageHealthSetting -Name "StorageSpaceRebalanceJobSpeed"

# Set repair speed (Fast, Medium, Low)
Set-StoragePool -FriendlyName "Pool1" -RepairPolicy "Fast"

Nested Resiliency for Storage Spaces Direct

New resiliency options protect against simultaneous failures:

# Create nested mirror volume
New-Volume -FriendlyName "NestedMirror" -FileSystem CSVFS_ReFS -StoragePoolFriendlyName "S2D*" -Size 1TB -ResiliencySettingName "NestedMirror"

Container Improvements

Smaller Container Images

Windows Server 2022 container images are significantly smaller:

ImageServer 2019Server 2022Reduction
Server Core1.86 GB1.5 GB~20%
Nano Server256 MB236 MB~8%

Process Isolation Improvements

Better process isolation for containers running on Kubernetes:

  • Windows containers on Linux nodes via virtualization
  • Improved job object handling
  • Better resource accounting
  • Enhanced networking for Kubernetes

Container Networking

New container networking capabilities:

# Host-local IPAM support
# Dual-stack (IPv4 + IPv6) support
# Improved Calico and Flannel integration

Hyper-V Improvements

Nested Virtualization Enhancements

Improved nested virtualization for AMD processors:

  • Better performance for nested VMs
  • Enhanced compatibility with AMD EPYC processors
  • Improved DevTest scenarios

Virtual Machine Configuration Updates

# Update VM configuration version
Update-VMVersion -VMName "Server1" -Force

# Check available configuration versions
Get-VMHostSupportedVersion

Processor Compatibility Mode

Run VMs across hosts with different processor generations:

# Enable processor compatibility
Set-VMProcessor -VMName "Server1" -CompatibilityForMigrationEnabled $True

Windows Admin Center Integration

Windows Admin Center (WAC) has deeper integration with Server 2022:

  • Direct Azure Arc onboarding from WAC
  • Event log forwarding configuration
  • Enhanced security configuration
  • Storage migration wizards

Licensing Considerations

Core-Based Licensing

Windows Server 2022 continues core-based licensing:

EditionMinimum CoresVM RightsKey Features
Standard16 cores2 VMsBasic virtualization
Datacenter16 coresUnlimitedFull feature set, SDN, HCI
Azure Edition16 coresUnlimitedSMB over QUIC, Hotpatching

Azure Edition Exclusives

Datacenter: Azure Edition includes features not available in standard Datacenter:

  • Hotpatching: Install updates without rebooting
  • SMB over QUIC: VPN-less file access
  • Extended network for Azure: Stretch layer 2 networks to Azure

Upgrade Path

In-Place Upgrade Support

Source VersionDirect Upgrade
Server 2019Yes
Server 2016Yes
Server 2012 R2Two-step required
Server 2012Two-step required

Upgrade Best Practices

# Verify upgrade compatibility
DISM /Online /Get-TargetEditions

# Pre-upgrade checklist
# 1. Verify hardware meets requirements
# 2. Backup system state and data
# 3. Document current configuration
# 4. Test in non-production first
# 5. Plan rollback procedure

Recommended Approach: Fresh installation with workload migration for production environments. In-place upgrades are suitable for development/test.

Hardware Requirements

Minimum Requirements

ComponentMinimumRecommended
Processor1.4 GHz 64-bit3.0 GHz+
RAM512 MB2 GB+ (varies by role)
Storage32 GBSSD, 100 GB+
NetworkGigabit10 Gigabit

Secured-Core Requirements

For full Secured-core functionality:

  • TPM 2.0
  • UEFI with Secure Boot
  • DEP/NX support
  • SLAT-capable processor

Should You Upgrade?

Strong Candidates for Server 2022

  • Security-focused organizations: Secured-core provides hardware-backed security
  • Hybrid cloud environments: Azure Arc integration is compelling
  • File server workloads: SMB compression and SMB over QUIC are significant
  • Container deployments: Smaller images and better Kubernetes support
  • New deployments: No reason to deploy 2019 for new infrastructure

Wait If

  • Stable production workloads: Server 2019 remains fully supported
  • Third-party application dependencies: Verify vendor support first
  • Limited testing capacity: Upgrades require thorough validation
  • Considering Server 2025: Evaluate whether to skip 2022 entirely

Conclusion

Windows Server 2022 delivers meaningful improvements in security, hybrid management, and networking. The Secured-core capabilities address increasingly sophisticated threats, while Azure Arc integration positions organizations for hybrid cloud operations.

For enterprises already invested in Microsoft infrastructure, Server 2022 represents a worthwhile upgrade. The security improvements alone justify migration planning—though as always, thorough testing in non-production environments should precede any production deployment.

The real question for many organizations isn’t whether to upgrade, but whether to upgrade to 2022 or wait for Server 2025 (released November 2024). For new deployments, evaluate both options. For existing infrastructure, plan a deliberate migration that aligns with your hardware refresh and application validation cycles.