Microsoft to Integrate Sysmon Directly into Windows 11 and Windows Server 2025

[johny899]

I recently heard some exciting news: Microsoft will place Sysmon directly into Windows 11 and Windows Server 2025. If you are like me and care about Windows security, this is an exciting development. I have used Sysmon before and it was always quite useful in identifying odd activity on my own computer. So, yes, I am pretty excited about the update.

What's changing?​

Sysmon will be included

Currently, Sysmon is a standalone tool that you must download separately from the internet. In future Windows 11 and Windows Server 2025 versions, Microsoft is taking it out of the internet and putting it directly inside Windows. No more separate download, no more separate install - turn it on from Windows settings itself!

What Sysmon does​

Sysmon is basically a monitoring tool that monitors your system. It can do several things, such as:

• Identify when applications start or stop running
• Identify network connections
• identify file creations or changes
• Identify, using custom rules, only the information you are concerned about

When I used it previously, I was able to use custom rules to expose odd programs running in the background of my machine.

Easier for all.

Because Sysmon will be integrated, in the future it will be updated as part of Windows Update. This is pretty great for your IT team because you won't have to worry about it being inconsistent across machines!

Why we care​

Have you ever had that awkward moment of confusion installing many third-party tools just to verify what's going on with your computer? This release takes care of that.

Here’s why it’s important:

• It simplifies it
• It makes it secure for everyone
• All Windows PCs can now utilize the same logging framework!
• You no longer have to worry about forgetting to install Sysmon on one machine

Trust me, I know how this goes, and it was very annoying when I needed to find logs and they have no longer existed.

What you can do now​

I suggest the following:

• Prepare for the new version of Windows
• Look at your existing Sysmon rules and save the ones you like
• Inform your team (if you are in IT) that Sysmon will be built-in
• Use this opportunity to enhance your monitoring

Since it will be integrated with Windows, this will be much more easier to use than before.

Final thoughts​

To sum it up: Microsoft adding Sysmon to Windows 11 and Server 2025 is a great move. It gives you better security without extra tools. I will definitely test it when it comes out and update my own rules.