Mar 13 2024 03:28 PM
There are many cloud features, which are activated by default. This includes copilot, prominently visible in the lower right corner, prominently placed in Edge. In other places it includes OneDrive. Or Azure Arc (which has been rolled out and activated on Server 2019 and 2022 too without consent). Probably countless other places which I just have not yet stumbled upon. Luckily the Weather, Widgets and some other cloud AppxPackages are not there, so I have to give credit in that regard.
But all those cloud-components should NOT be active by default on a sever OS. This is, from my point of view, a very serious security concern. For companies it is already difficult to trust Windows 11, and enterprises invest a huge amount of time and money to disable as many of those features as possible. Now they have to fight the same data protection and security concerns for the Server OS as well, which is not good for Microsoft.
A suggestion would be a "cloud-features" collection on the "Add Features" pane within the GUI, similar to "Message Queuing" or "Remote Server Administration tools". And none of them installed. They can be listed as "available" in the Get-WindowsFeature list, but not "Installed".
Pushing that responsibility to the Admins, which then will create "Server 2025 cleanup for improved security" scripts. Which pose a problem themselves. Instead Microsoft should act responsible to make the Server secure by default, which includes having all those cloud-connected tools not installed by default.
The only exception where such a connection to a cloud backend, by default on, if fine is the virus protection.
Thank you for reading.