Microsoft has introduced the discharge of the June 2025 revision of its safety baseline package deal for Home windows Server 2025 (v2506), it’s now out there to obtain from the Microsoft Safety Compliance Toolkit. After downloading it, you possibly can take a look at the advisable configurations in your setting and customise or implement them as you see match.

To take care of the evolving risk panorama, new Home windows options, and group suggestions, Microsoft is planning to revise the Home windows Server baseline extra incessantly sooner or later. Home windows Server safety baselines are a group of Microsoft-recommended configuration settings that assist directors set up safe and constant Home windows Server environments.

That is the primary safety baseline replace for Home windows Server 2025 since January, a abstract of the adjustments is introduced on this desk:

Of those adjustments, the elimination of WDigest Authentication and the addition of Embrace command line in course of creation occasions are vital.

Microsoft mentioned it eliminated WDigest Authentication from the safety baseline as a result of it’s not mandatory for Home windows Server 2025. The coverage was initially enforced in order that WDigest couldn’t retailer plaintext passwords in reminiscence, which was a major theft danger. Because the 24H2 replace in Home windows Server 2022, the coverage has been deprecated, so there’s no must implement this setting.

The replace additionally provides Embrace command line in course of creation occasions to enhance the visibility of how processes are executed throughout the system. By capturing the command-line arguments, it makes it simpler to detect and examine malicious exercise that will in any other case appear legit.

If you wish to study extra in regards to the different adjustments in a bit extra depth, confer with Microsoft’s announcement of this safety baseline replace.