Table of Contents
Introduction to Windows Server Summit 2026 Day 3
The final day of the Windows Server Summit 2026 shifted the spotlight from overarching hybrid control planes toward core infrastructure, protocol modernization, and active collaboration with the product group. Following the roadmapping focus of Day 1 and the automation frameworks of Day 2, Day 3 targeted the foundational pillars of every enterprise architecture: identity, core networking, high-performance storage, and deep virtualization pathways.
For adaptive cloud architects, this day provided the technical blueprints required to design resilient, future-proof environments. It emphasized how foundational workloads like Active Directory, PKI, and clustering are not merely surviving in a cloud-first world but are actively evolving into leaner, more secure services that natively interlock with Azure governance models.
To learn about all the free content and what happened on Day 1 and Day 2, please check the respective reviews. Now, let’s unpack the architectural essentials from Day 3.
Day 3 – Windows Server Summit 13.05.2026
Feedback time! Windows Server 2025 and vNext
You have to watch this video. It has the most important announcement. Windows Server 2025 Azure Arc with hotpatching will be free of charge for all customer under a subscription / maintenance.
Also listen to Rob Hindman at 15:30 talking about “really thinking about on premise Customers” and on premise patching with WSUS being supported with Windows Server 2025.
Watch the full session from Windows Server Summit 2026 Day 3 on YouTube here and read the details on the Tech Community here.
Azure Virtual Desktop deep dive for Windows Server admins
If your architecture still maintains a massive on-premises RDS footprint, this is a vital watch. Shifting the brokering layer to the cloud while keeping compute workloads local presents a massive efficiency gain for hybrid operations.
This video from Windows Server Summit 2026 Day 3 is a good summary about all products available and when to use which incl vGPU for Hyper-V, AVD, AVD for Azure Local and Azure Virtual Desktops for hybrid environments with basically the broker in the cloud and your session hosts on premise.
If your architecture still maintains a massive on-premises RDS footprint, this is a vital watch. Shifting the brokering layer to the cloud while keeping compute workloads local presents a massive efficiency gain for hybrid operations.
Watch the full session on YouTube here and read the details on the Tech Community here.
Networking in Windows Server 2025
They call it Windows Server 2028 at Windows Server Summit 2026 Day 3 for the first time by accident. Check the screenshot below on the right side.
3:40 to 11:56 Native configuration patterns for encrypted DNS-over-HTTPS (DoH) inside the Windows Server internal client resolver to isolate internal queries. There is a lot coming to secure DNS on premise. This will be the future and starting testing it now, will reduce your challenges later.
11:56 to 21:23 is presenting the current and future state of the Windows Firewall for Windows Server. This includes demonstrating real-time packet parsing steps inside the new Firewall Audit Mode to diagnose and unblock misconfigured application traffic loops.
Excellent practical guidance from the Windows Server Summit 2026 Day 3. The native inclusion of DoH client-side processing adds a critical security layer to zero-trust networks without requiring third-party interception tools. The new firewall audit mode looks promising. If you were hoping for a new Firewall GUI, this was not part of the presentation.
Watch the full session from Windows Server Summit 2026 Day 3 on YouTube here and read the details on the Tech Community here.
Future-proofing PKI with AD CS in Windows Server 2025
- 3:12 to 8:55 Structural overview of the cryptographic agility changes introduced into Active Directory Certificate Services (AD CS) to provide long-term support for post-quantum cryptographic (PQC) algorithms.
- 17:54 to 19:17 understand your path to the post quantum journey to secure your environment now. Architectural design paths for managing automated certificate enrollment securely across fragmented multi-forest environments.
PKI architectures are often neglected until a root certificate expires or an algorithm is deprecated. This session acts as a wake-up call and a guide to starting your post-quantum planning now.
Watch the full session on YouTube here and read the details on the Tech Community here.
Modernize AD for hybrid identity in Windows Server 2025
This session gives an overview about the Active Directory improvements with Windows Server 2025.
- 01:11 to 02:07 All that was improved with Windows Server 2025 presented by Tanya Jha. Do
- 02:08 to 6:08 explains all the news on one of the first things to every Active Directory, that you should active. See my blog posting on that topic here. You also get a nice demo on the new LAPS recovery function for DR scenarios.
- 17:20 to 20:00 learn about Delegated Manage Service Accounts and how that is more secure like GSMA with an information that we can migrate from a legacy service account without involving the application owners (which is always good).
- 20:00 to 21.25 NTLMLess!!!! Learn how we will get help to get rid of it. I can recommend to read this guide “Active Directory Hardening Series – Part 8 – Disabling NTLM” by Jerry Devore.
Active Directory updates in 2025 are not just minor patches; they fundamentally alter the baseline security posture of your identity environment. Essential viewing for directory architects. These feature also do not come without your work. Lifecycle management of your GPOs, PKI and Active Directory is a mandatory effort to avoid technical debt.
Watch the full session from Windows Server Summit 2026 Day 3 on YouTube here and read the details on the Tech Community here.
Let’s talk storage: NVMe, ReFS, and what’s coming next
This is a summary of the announcement of the past. Native NVMe being the most important announcement. If you missed these 3 stories below, watch this session.
Below you can see the presentations shared on NVMe in the session.
Watch the full session from Windows Server Summit 2026 Day 3 on YouTube here and read the details on the Tech Community here.
Failover clustering: heart of the private cloud and datacenter
A new learning for me was in the beginning to learn that Windows Failover Cluster is used in Azure Local and Windows Server based on the same technology stack.
This session is, like the Azure Arc session earlier, a good starting point if you want to learn the foundation of Failover Clustering. Rob Hindman gives a guide from the fundamentals to the newest features.
At 21:22 we get a sneak peak into Admission Control to help with cluster failover and making sure you have enough resources running.
Summary: Failover Clustering remains the indispensable foundation of the private cloud. Seeing how smoothly vTPM-enabled VMs can now live-migrate across hosts without a complex topology setup is a massive win for virtualization engineers.
Watch the full session on YouTube here and read the details on the Tech Community here.
Summary and Conclusion
These Windows Server Summit 2026 sessions from Windows Server Summit 2026 Day 3 felt like completing my journey after the release of Windows Server 2025. All the stories told about the single control plane and adaptive cloud now come together. I am very excited to see that our on premise world will continue to develop and now gets access to the modern Azure Management stack.
If you have any questions on the topic of Windows Server 2025 and the Adaptive Cloud please don’t hesitate to reach out to me on LinkedIn, Bluesky or check my newly created Adaptive Cloud community on Reddit.
LinkedIn: https://www.linkedin.com/in/andreas-hartig/ Bluesky: https://bsky.app/profile/hartiga.de Adaptive Cloud community on Reddit: https://www.reddit.com/r/AdaptiveCloud/
For all German speakers I recommend joining our new “Meetup Azure Infra & Entra ID Süddeutschland” group and the Kickoff Event Tuesday, Jun 16 · 4:00 PM to 6:00 PM MESZ.
