Microsoft released version 2602 of the Security Baseline for Windows Server 2025, approximately eight months after the previous version 2506. The update adds 10 new Group Policy settings and removes one, focusing on NTLM auditing, printer security, and authentication hardening. Most of the new policies were already included in the Windows 11 Security Baselines since 2022 and are now being backported to the server edition. The baseline is available as part of the Microsoft Security Compliance Toolkit 1.0.

Source

Windows 11 version 25H2 introduces 42 new Group Policy settings for administrators to manage system behavior, security features, and user interface customization. The update includes options for controlling AI features like Copilot and Recall, removing preinstalled Store apps, and configuring enhanced security protocols for printing and network communications.

Source

Windows 11 25H2, now generally available, introduces a native policy for uninstalling pre-installed Microsoft Store apps on Enterprise and Education devices. Initially released in Insider preview in June, this feature eliminates the need for custom scripts, enabling administrators to delete inbox packages through Group Policy or mobile device management solutions. Several months after the June Insider preview, user feedback confirms these limitations remain unaddressed in the general availability release. Users criticize Microsoft's new bloatware removal policy as insufficient and arriving too late, since it excludes the most controversial apps like Edge and OneDrive, while community-created tools have already provided superior removal capabilities for years.

Source