Windows Server 2025 reached general availability in November 2024. Fifteen months in, the upgrade math has shifted. Windows Server 2016 is now approaching the end of extended support. Windows Server 2022 is less than a year from the end of mainstream support. Hotpatching moved to a paid subscription model. And Microsoft's 2025 feature set is more coherent than it looked on launch day.
If you're still running Windows Server 2016, 2019, or 2022, here's how the three most-deployed versions compare in 2026, and what we tell our on-premises customers when they ask which one to land on.
The Support Lifecycle That's Driving Most Upgrade Conversations
Microsoft's lifecycle dates are the forcing function behind most Windows Server upgrade decisions. These are the dates that matter right now:
| Version | Mainstream Support End | Extended Support End |
|---|---|---|
| Windows Server 2016 | January 11, 2022 (passed) | January 12, 2027 |
| Windows Server 2019 | January 9, 2024 (passed) | January 9, 2029 |
| Windows Server 2022 | October 13, 2026 | October 14, 2031 |
| Windows Server 2025 | October 10, 2029 | October 10, 2034 |
Two dates stand out. Windows Server 2016 goes out of extended support in January 2027, which means any remaining 2016 deployments are on the clock. In February 2026, Microsoft announced Extended Security Updates (ESUs) for Server 2016 via Azure Arc, but ESUs are a temporary bridge, not a strategy. They include security patches only, up to three years, and they are explicitly positioned as runway for organizations that can't complete a migration by January 2027. (If you're still on Server 2012 or earlier, the situation is more urgent. See our 4 Proven Strategies to Move Beyond Windows Server 2012 End of Life.)
The second date catches people by surprise. Windows Server 2022 hits end of mainstream support in October 2026. Extended support runs through 2031, so there's no panic, but feature updates and non-security fixes stop at that point. If you're deploying new Server 2022 workloads in 2026, you're buying something that's about to go into maintenance mode.
Windows Server 2019: The Stable Middle Ground (with Limits)
Server 2019 is still a legitimate choice for organizations that want a long runway without the newest features. Extended support runs through January 2029, so there's roughly three years of security updates ahead.
What 2019 gave you that mattered then and still does:
- Windows Defender ATP (now Microsoft Defender for Endpoint) integration
- System Insights predictive analytics
- Azure hybrid integration (Azure File Sync, Azure Backup, Storage Migration Service)
- Server Core with the App Compatibility FOD
What 2019 doesn't have that later versions do: Secured-core Server (2022), SMB over QUIC (2022), hotpatching (2025), Azure Arc-native management (2025), and the deeper Storage Replica and GPU partitioning improvements.
Where 2019 still makes sense: stable on-premises workloads where the application stack has been validated on it and upgrading would require substantial retest work. Where it doesn't: any deployment that's going to live past 2029, or any workload where Secured-core, hotpatching, or modern identity features would materially help.
Windows Server 2022: Still a Solid Choice, with a Caveat
Server 2022 was the "security catch-up" release. It introduced Secured-core Server (TPM 2.0, System Guard, virtualization-based security as a default configuration), SMB over QUIC in the Azure Edition, TLS 1.3 by default, and DNS-over-HTTPS support. It was also the release where Azure Arc became a first-class management story for on-premises Windows Server.
For most organizations sitting on Server 2016 or 2019 today, Server 2022 is an entirely reasonable upgrade target. Extended support runs to October 2031. The application compatibility story is mature. Windows Admin Center, Azure Arc, and modern management workflows all land cleanly.
The caveat is the October 2026 mainstream support cutoff. After that date, Server 2022 stops getting feature updates and non-security fixes. You can keep running it safely through 2031 with security patches, but anyone buying new Server 2022 licenses in 2026 is buying a product that's about to stop evolving. That's sometimes fine. Often it's not.
Windows Server 2025: What's New
Server 2025 is the first release since Server 2012 to feel like a platform update rather than an incremental security pass. The features that matter in a real deployment:
Hotpatching as a paid subscription
This is the 2025 feature that changed how Microsoft talks about Windows Server updates. Hotpatching applies security patches to in-memory code without a reboot, dropping scheduled reboots from roughly 12 per year to 4 (quarterly baseline updates still require a restart).
The pricing matters. Since July 2025, hotpatching has been a subscription at $1.50 per CPU core per month for Standard and Datacenter customers connected through Azure Arc. A 16-core server runs $288 per year. A 32-core server runs $576 per year. A hundred 16-core servers runs $28,800 per year.
Hotpatching is free if you're running Windows Server Datacenter: Azure Edition inside Azure IaaS or Azure Local. Outside of Azure, you're paying by the core.
Whether it's worth it depends entirely on what reboots cost you. If your maintenance windows are expensive (healthcare, finance, 24/7 operations, manufacturing lines), hotpatching pays for itself fast. If you're patching a small fleet with flexible maintenance windows, regular monthly updates at no additional cost are still a valid choice.
Secured-core Server improvements
Server 2025 extends the Secured-core foundation from 2022 with hypervisor-protected code integrity (HVCI) enabled by default on eligible hardware, Credential Guard improvements, and stronger protections against pre-boot attacks. If you're deploying on current-generation server hardware, you get materially better baseline security without configuration work.
Identity modernization
Server 2025 introduces delegated Managed Service Accounts (dMSAs) as a replacement for legacy service accounts. This is a real security improvement for anyone still running services under human-managed password accounts, which is most organizations. Microsoft is also deprecating RC4 in Kerberos and retiring WINS (Windows Internet Name Service). If your environment still depends on either, plan the remediation now rather than during the upgrade.
SMB over QUIC in Standard edition
In Server 2022, SMB over QUIC was Azure Edition only. In Server 2025, it's in Standard. SMB over QUIC gives you encrypted file-share access over port 443 without a VPN, which is a legitimately useful feature for remote workforces and branch offices. Moving it to Standard edition is a material licensing cost difference.
Azure Arc as a first-class citizen
You can install and manage Server 2025 through Azure Arc from day one, including hotpatching enrollment, Extended Security Updates, Azure Update Manager, Defender for Cloud, and inventory. If your on-premises environment is heading toward Azure management anyway, Server 2025 is the version designed for it.
Other 2025 improvements worth flagging
- GPU partitioning for AI workloads on Hyper-V, letting a single physical GPU be split across multiple VMs
- Storage Replica now supports compression (materially faster replication over slow links)
- Block cloning in ReFS for much faster large-file copies
- Hyper-V VMs now support up to 2,048 vCPUs and 240 TB of memory per VM
- Live migration of VMs between clusters with fewer constraints
Side-by-Side: What to Compare
| Capability | Server 2019 | Server 2022 | Server 2025 |
|---|---|---|---|
| Extended support ends | Jan 2029 | Oct 2031 | Oct 2034 |
| Secured-core Server | No | Yes | Yes (enhanced) |
| SMB over QUIC | No | Azure Edition only | Standard and Datacenter |
| Hotpatching (non-Azure) | No | No | Yes (paid subscription) |
| dMSA service accounts | No | No | Yes |
| Azure Arc-native | Add-on | Supported | First-class |
| TLS 1.3 | No | Yes | Yes |
| GPU partitioning on Hyper-V | No | Limited | Yes |
| Max vCPUs per VM | 240 | 240 | 2,048 |
| ReFS block cloning | No | No | Yes |
For licensing cost modeling specific to your core count and edition choice, our Windows Server licensing calculator runs the numbers against current 2026 pricing. For the wider cost-optimization picture, including virtualization rights and Software Assurance decisions, see our 2026 Guide to Optimizing Windows Server Licensing Costs.
Who Should Do What
The honest upgrade guidance depends entirely on what you're running today.
If you're on Server 2016: you need to be planning now. Extended support ends January 12, 2027. Azure Arc-enabled ESUs exist as a bridge, but they're a short-term risk mitigator, not a migration plan. Most of the customers we work with are going directly to Server 2025 rather than stopping at 2022, because the support lifecycle is longer and the retest cost of a two-step upgrade rarely pays off.
If you're on Server 2019: you have until January 2029, which sounds like time, but most enterprise upgrade projects take longer than anyone plans. Server 2019 will work fine through 2027 and 2028 if your applications are stable. If you're already planning a hardware refresh or a significant workload move in that window, bundle the OS upgrade into that project rather than treating it as a separate effort.
If you're on Server 2022: you're in the best starting position. Extended support runs through 2031. You have Secured-core. You have TLS 1.3. Moving to Server 2025 makes sense if you want hotpatching, dMSA, SMB over QUIC in Standard, or the larger VM scale targets. It's not urgent.
If you're starting a new deployment in 2026: Server 2025 is the correct default. The only reason to choose 2022 for a new deployment today is a hard application compatibility constraint or a specific vendor support requirement.
If you're evaluating hotpatching: map your current reboot-caused downtime against the $1.50/core/month subscription. The math usually works out for organizations with strict maintenance windows, 24/7 operations, or regulatory uptime requirements. It often doesn't for small fleets with flexible windows.
What We Tell Our Customers
Three things we bring up in every Windows Server upgrade conversation in 2026:
- Do the lifecycle math first, before the feature comparison. The upgrade decision is usually driven by support end dates, not by which new feature is most interesting.
- Factor hotpatching into TCO properly, not as a feature. It's a recurring subscription that scales with cores, and the Azure Arc requirement means it's also a statement about your cloud management direction.
- Don't forget the quiet changes. WINS retirement, RC4 Kerberos deprecation, and dMSA migration are the 2025 changes most likely to break something during a direct upgrade. Catch them during planning, not during cutover.
For the full 2025 pricing picture, see our breakdown of the Microsoft 2025 server licensing price changes.
Ready to plan your upgrade?
If you want help running the numbers for your specific environment, including licensing costs, hotpatching subscription modeling, and ESU coverage for any remaining 2016 workloads, that's a conversation we have every week. Our Seamless Migrations team handles the project end-to-end.
