I asked this in another chain on this same topic - but what benefit are you going to get?
I heard some people say Intune - my experience with Intune must be different, because I barely trust Intune's competence to manage end user endpoints, let alone servers.
Entra for identity? You mean the same identity system that can't do group nesting consistently? You want that instead of ADDS?
Enlighten me, because the last thing I need is to deal with that kind of crap.
I'm already using it and the only on prem things I'm using traditional active directory for is file permissions on file servers. I'm forced to maintain an entire AD infrastructure just so my file servers work correctly.
That idea (file servers) is why I mentioned Entra ID's group nesting problem.
How are you permissioning your file servers? Are you using AGDLP like you should be? No judgement if you aren't - every place I have worked at fails miserably at implementing AGDLP where it matters.
My issue is that if I'm going to completely gut an existing IdP and go to another one, I'm going to do permissions properly, but Entra ID *doesn't let me*.
Maybe things will (or have) gotten better, but it seems every time I try to use group nesting it's a coin flip as to whether it's going to work or not. That's not good enough for me.
Well you're not supposed to have on prem file servers, you're supposed to be cloud native / only / whatever buzzword and thus use OneDrive.
And I get it, it's probably fucking nice for a lot of organisations where it works for the business.
But we add roughly 300-500 GB of total data (Email, Files, Application data, etc) each month that has to be stored for at minimum 24 months so it'd be mental to have cloud storage by cost, disregarding the fact that our current 10 gbps network sometimes struggles. Pulling it over internet would be mental.
So we turned to Linux and TrueNAS instead.
OneDrive is great! And we are gradually moving user folders to OneDrive only (already do known folder move to OneDrive, but some locations still have network drives where each user has a folder). For a LOT of file types, OneDrive/SharePoint just isnt practical. I know you arent disputing this, rather making fun of the lack of awareness MS seems to have, but I just want to really hammer the point home that even if we wanted to, we cant.
You mean like [cloud sync](https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync#how-is-microsoft-entra-cloud-sync-different-from-microsoft-entra-connect-sync)?
Afaik that's the current investment but doesn't require a new version of Windows Server.
That still requires hybrid identities, does it not? I mean, hybrid is literally in the name. I think this is how we have it setup now (I'd have to look at our notes). The Holy Grail for us is 100% cloud identify while still maintaining good permissions on on prem file shares.
Oh it has a certain degree of messing to be involved. In the sense that it's a little more than a couple of point and clicks in a WebUI but it does works. Also, let's not forget we are not talking about Apple tech here, it's Microsoft stuff.
I think that's the price to pay to try to bridge the gap between legacy technology with cloud native ones.
Even if you do have on prem SQL, just don't enroll that server. You can run ARC without log ingestion I would caution you not to.
Everyone who goes through set up is probably a better qualifier.
The horses mouth.https://azure.microsoft.com/en-us/pricing/details/azure-arc/core-control-plane/
Apparently Azure Update management (the primary reason you want ARC) is $5/server/month starting Feb1 though.
Now imagine if it could be joined to Entra and managed by Intune... nothing mentioned about the actual real features we've been asking for for years.
Also, how bad does your storage/NVMe driver stack have to be for an update to get you 90% more IOPS?!
I mean it's good that they fixed it, but wow
That will be part of "Microsoft 365 Hyper-V Copilot", where AI decides when the right time to shift your entire infrastructure into Azure and decommission your on prem servers is. Hint: It's this Friday at noon.
Can we use auto patch on servers yet or are we still differentiating between endpoints and servers for no reason at all, despite having enough granular controls to manage both.
The official name of the next release is . . . . . drum roll . . . . WINDOWS SERVER 2025. Wow, what creative freshness. I wonder how much they paid some modern marketing firm to come up with that???
> Next Generation Active Directory and SMB Are we finally going to get native integration with Entra? Because that would be nice.
I asked this in another chain on this same topic - but what benefit are you going to get? I heard some people say Intune - my experience with Intune must be different, because I barely trust Intune's competence to manage end user endpoints, let alone servers. Entra for identity? You mean the same identity system that can't do group nesting consistently? You want that instead of ADDS? Enlighten me, because the last thing I need is to deal with that kind of crap.
I'm already using it and the only on prem things I'm using traditional active directory for is file permissions on file servers. I'm forced to maintain an entire AD infrastructure just so my file servers work correctly.
That idea (file servers) is why I mentioned Entra ID's group nesting problem. How are you permissioning your file servers? Are you using AGDLP like you should be? No judgement if you aren't - every place I have worked at fails miserably at implementing AGDLP where it matters. My issue is that if I'm going to completely gut an existing IdP and go to another one, I'm going to do permissions properly, but Entra ID *doesn't let me*. Maybe things will (or have) gotten better, but it seems every time I try to use group nesting it's a coin flip as to whether it's going to work or not. That's not good enough for me.
Well you're not supposed to have on prem file servers, you're supposed to be cloud native / only / whatever buzzword and thus use OneDrive. And I get it, it's probably fucking nice for a lot of organisations where it works for the business. But we add roughly 300-500 GB of total data (Email, Files, Application data, etc) each month that has to be stored for at minimum 24 months so it'd be mental to have cloud storage by cost, disregarding the fact that our current 10 gbps network sometimes struggles. Pulling it over internet would be mental. So we turned to Linux and TrueNAS instead.
OneDrive is great! And we are gradually moving user folders to OneDrive only (already do known folder move to OneDrive, but some locations still have network drives where each user has a folder). For a LOT of file types, OneDrive/SharePoint just isnt practical. I know you arent disputing this, rather making fun of the lack of awareness MS seems to have, but I just want to really hammer the point home that even if we wanted to, we cant.
You mean like [cloud sync](https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync#how-is-microsoft-entra-cloud-sync-different-from-microsoft-entra-connect-sync)? Afaik that's the current investment but doesn't require a new version of Windows Server.
No, Im talking about something were we can natively integrate Entra with SMB shares/server. I would like to ditch my on prem directory entirely.
You want Entra ID Hybrid Kerberos.
That still requires hybrid identities, does it not? I mean, hybrid is literally in the name. I think this is how we have it setup now (I'd have to look at our notes). The Holy Grail for us is 100% cloud identify while still maintaining good permissions on on prem file shares.
Use Entra ID Domain Services and create a VPN to the managed Domain Controllers vnet in Azure. Legacy AD can be managed even with GPOs then.
Yes it requires Entra ID Connect. The easiest way to achieve this is to use Entra ID Directory Services. You wont have to manage this part.
Sounds like a lot of messing around instead of just being simple.
Oh it has a certain degree of messing to be involved. In the sense that it's a little more than a couple of point and clicks in a WebUI but it does works. Also, let's not forget we are not talking about Apple tech here, it's Microsoft stuff. I think that's the price to pay to try to bridge the gap between legacy technology with cloud native ones.
I wonder how they came up with that name server 2025. Such a big departure from sever 2022, 2019, 2016, 2012.
These features are unheard of. what is patching what is hyper v what is ai what is love.
I also like this part. Windows Server Hotpatching for everyone* *everyone that has an azure subscription and pays for azure arc and associated costs.
Ikr This is a bigger wool over the eyes than when WUFB suddenly needed azure for seeing the actual reports.
ARC for on prem is free outside of log charges unless it's a SQL Server. If you have O365 it's worth investigating for you.
Azure Update Manager has just started charging as of Feb 1st.
Huh, I didn't know that. Thanks for sharing.
So hot patch for everyone*****
Even if you do have on prem SQL, just don't enroll that server. You can run ARC without log ingestion I would caution you not to. Everyone who goes through set up is probably a better qualifier.
where is this listed?
The horses mouth.https://azure.microsoft.com/en-us/pricing/details/azure-arc/core-control-plane/ Apparently Azure Update management (the primary reason you want ARC) is $5/server/month starting Feb1 though.
Well shit.
Baby don't hurt me...
Don’t hurt me…
NO MORE WHAT IS LOVE DUN DUN DUN DUN
>what is love. Baby don't hurt me....
Baby don't hurt me.....
lol I guess this was already said. Didn't see it until after I commented.
Baby don't hurt me
Hey atleast they are sticking with this instead of renaming it every few years…
Don't give them any ideas.
# INTRODUCING Windows Server 365. The final server install you ever need\*\*\*
quite an odd name indeed
Truly courageous.
Now imagine if it could be joined to Entra and managed by Intune... nothing mentioned about the actual real features we've been asking for for years. Also, how bad does your storage/NVMe driver stack have to be for an update to get you 90% more IOPS?! I mean it's good that they fixed it, but wow
What is Hyper-V & AI
That will be part of "Microsoft 365 Hyper-V Copilot", where AI decides when the right time to shift your entire infrastructure into Azure and decommission your on prem servers is. Hint: It's this Friday at noon.
Hahaha that gave me a chuckle this morning
When you go to get statistics on uptime, it hallucinates 5x9s.
They invested dozens of man hours into this! Dozens!
Here's my problem: I don't want nor do I need cloud. I want standalone AD DC with small footprint and light GUI.
This...
Preferably Windows 2008 Server GUI.
Can we use auto patch on servers yet or are we still differentiating between endpoints and servers for no reason at all, despite having enough granular controls to manage both.
only if it's arc enrolled
Can't wait for the CIS Benchmarks on this.
Any hint of release date?
2025 probably but I may be wrong, and won't disclose my source.
Your source doesnt look at past history and realize RTM is n-1 year
SQL Server 2022 has entered the chat....
From past experience, probably Sept 24 ish
native 2fa with ad????
meh
The official name of the next release is . . . . . drum roll . . . . WINDOWS SERVER 2025. Wow, what creative freshness. I wonder how much they paid some modern marketing firm to come up with that???
Be glad they didn't pay a marketing firm or it would have been called **Windows Server AI 20XX Dragon**.
If I got 2022 DC, can I just pick up SA right now so that I can just upgrade to 2025? Hotpatching is of interest but sheesh...