Skip to content
Published on

Modern PowerShell & Windows DevOps 2026 Deep Dive - PowerShell 7.5, WinGet, Sysinternals, DSC v3, Windows Terminal, WSL2

🇰🇷KO🇺🇸EN🇯🇵JA
Split View필사 모드
Authors

Goodbye to the "Windows DevOps is Dead" Myth

In 2026, the claim that "DevOps only happens on Linux" is simply no longer true. Since Windows Server 2025 shipped with hotpatching and OpenSSH on by default, Windows has firmly returned as a first-class citizen of enterprise automation. NHN Cloud's Windows VM workloads account for 22% of their IaaS revenue as of 2025. Most large SI projects at Samsung SDS and LG CNS still run on Active Directory and SCCM. Japan's NEC, IIJ, and Fujitsu keep Windows operations as a core service line. Microsoft Japan's Tokyo office directly contributed PSReadLine improvements for Japanese input in PowerShell 7.5.

This article is a deep practical guide, as of May 2026, to the tools that actually matter — PowerShell 7.5, WinGet, Sysinternals 2024.x, DSC v3, Windows Terminal 1.21 — going beyond a cmdlet listing to cover real operational patterns, gotchas, and concrete examples from Korea, Japan, and the wider industry. Whether you only know Linux or you have 30 years of Windows admin behind you, there is something here for you.

1. PowerShell 7.5 vs Windows PowerShell 5.1: What Actually Changed

The first thing to be clear about: there are two PowerShells.

  • Windows PowerShell 5.1: Shipped in 2016, built on .NET Framework 4.x, bundled with Windows 10/11. No new features (security patches only).
  • PowerShell 7.x: The open-source cross-platform successor that started in 2020. As of 2026, 7.4 LTS and 7.5 GA coexist. Built on .NET 8/9.

Why you should leave 5.1:

  1. Speed — 7.5 is 3 to 5 times faster than 5.1 on many workloads. ForEach-Object -Parallel does not exist in 5.1 at all.
  2. .NET 9 — Modern libraries like System.Text.Json and HttpClient are available.
  3. Native command integration — Output parsing for tools like kubectl, terraform, and az is far more natural.
  4. Cross-platform — The same scripts run on Linux and macOS.
  5. Predictive IntelliSense — Integrates with Az Predictor and GitHub Copilot for CLI.

That said, there are still cases where you cannot fully drop 5.1: some Active Directory (RSAT) cmdlets, the ConfigMgr (SCCM) module, and certain legacy Exchange Online modules remain 5.1-only. The standard workaround is the WindowsCompatibility module from 7.5, or invoking pwsh -WindowsPowerShell in compatibility mode.

2. The Core New Features of PowerShell 7.5

#Requires -Version 7.4

# ForEach-Object -Parallel: not in 5.1
1..100 | ForEach-Object -Parallel {
    "Processing $_"
    Start-Sleep -Seconds 1
} -ThrottleLimit 10

# Ternary operator (7.0+)
$status = (Test-Path C:\foo) ? "exists" : "missing"

# Pipeline chain operators
Get-Service Spooler && Restart-Service Spooler || Write-Warning "Service not found"

# Null-conditional operator
$user?.Profile?.Email

# Splatting + advanced functions
$params = @{
    Path = "C:\Logs"
    Recurse = $true
    Filter = "*.log"
}
Get-ChildItem @params

Notable 7.5 changes: ConvertTo-Json -EnumsAsStrings became the default, Test-Json got stronger schema validation, and PSResourceGet has effectively superseded PSGallery's older client.

3. PowerShell Gallery and PSResourceGet

PowerShell now has two package managers:

  • PowerShellGet 2.x (legacy) — Install-Module, Find-Module
  • Microsoft.PowerShell.PSResourceGet (new, included by default in 7.4+) — Install-PSResource, Find-PSResource
# New (recommended)
Install-PSResource -Name Az -Scope CurrentUser
Install-PSResource -Name Microsoft.Graph -Scope AllUsers

# Legacy (compatibility)
Install-Module -Name PSScriptAnalyzer -Scope CurrentUser -Force

# Register a private feed
Register-PSResourceRepository -Name "InternalNuGet" -Uri "https://nuget.internal/v3/index.json"

PSResourceGet speaks native NuGet v3, which means it integrates directly with Azure Artifacts, GitHub Packages, and JFrog Artifactory feeds. That was the biggest pain point of PowerShellGet 2.x.

4. Linting with PSScriptAnalyzer

Install-PSResource PSScriptAnalyzer -Scope CurrentUser

# Single file
Invoke-ScriptAnalyzer -Path .\Deploy.ps1 -Severity Warning,Error

# Recursive directory scan
Invoke-ScriptAnalyzer -Path .\scripts -Recurse -Settings PSGallery

# CI integration via exit code
$results = Invoke-ScriptAnalyzer -Path .\scripts -Recurse
if ($results) {
    $results | Format-Table
    throw "Linting failed with $($results.Count) issues"
}

Drop a PSScriptAnalyzerSettings.psd1 at the repo root and the whole team shares the same rules. Kakao Enterprise in Korea and CyberAgent in Japan standardize this as a CI gate.

5. Writing Tests with Pester 5

Pester is the de facto standard testing framework for PowerShell. The 4.x and 5.x syntaxes are notably different, so new projects should go straight to 5.x.

# Tests/Get-UserInfo.Tests.ps1
BeforeAll {
    . $PSScriptRoot/../src/Get-UserInfo.ps1
}

Describe "Get-UserInfo" {
    Context "Valid user" {
        It "returns the name" {
            $result = Get-UserInfo -UserId 1
            $result.Name | Should -Be "Alice"
        }

        It "calls the mocked API" {
            Mock Invoke-RestMethod { @{ name = "Test" } }
            Get-UserInfo -UserId 1
            Should -Invoke Invoke-RestMethod -Times 1
        }
    }

    Context "Error handling" {
        It "throws on a non-existent ID" {
            { Get-UserInfo -UserId -1 } | Should -Throw
        }
    }
}

# Run
Invoke-Pester -Path ./Tests -Output Detailed

The key mental model for Pester 5 is the discovery/run split. BeforeAll runs after discovery, and cmdlets like Should and Mock are only legal inside It. Carrying over 4.x intuition makes debugging extremely painful.

6. PSReadLine and Predictive IntelliSense

What made PowerShell genuinely powerful in Windows Terminal is PSReadLine.

# Predictions from history plus plugins
Set-PSReadLineOption -PredictionSource HistoryAndPlugin
Set-PSReadLineOption -PredictionViewStyle ListView

# Bash-style key bindings
Set-PSReadLineOption -EditMode Emacs
Set-PSReadLineKeyHandler -Key Tab -Function MenuComplete
Set-PSReadLineKeyHandler -Key UpArrow -Function HistorySearchBackward

# Install Az Predictor
Install-PSResource Az.Tools.Predictor
Enable-AzPredictor

# GitHub Copilot for CLI installs separately
# gh extension install github/gh-copilot

Put the above in your $PROFILE (typically ~/Documents/PowerShell/Microsoft.PowerShell_profile.ps1) and every session inherits it. Az Predictor uses ML to suggest the next parameter for Azure cmdlets; Copilot for CLI generates commands from natural language.

7. WinGet — Windows' Official Package Manager

WinGet is Microsoft's official package manager, released in 2021. As of 2026, 1.10 is the stable line, and it ships by default with Windows 11 and Windows 10 21H2 and later.

# Search
winget search "vs code"

# Install (silent, per user)
winget install Microsoft.VisualStudioCode --scope user --silent

# Upgrade everything
winget upgrade --all

# Export and import — the key to new-machine setup
winget export -o C:\my-apps.json
winget import -i C:\my-apps.json

# Configuration file (integrates with DSC)
winget configure --file workstation-setup.winget

WinGet's real win is unifying the Microsoft Store and community repos. It fixes the weaknesses of Chocolatey and Scoop (no Store-app support, no license verification) and lets enterprises register private sources internally.

8. Where Chocolatey and Scoop Still Fit

WinGet is now the standard, but Chocolatey and Scoop remain valid choices.

  • Chocolatey — Released in 2011, with strong enterprise features (Chocolatey for Business). The largest community package pool for Windows (10,000+).
  • Scoop — Developer-friendly, installable without admin, automatic PATH/env-var management, "one tool, one folder" philosophy.
# Chocolatey
choco install -y git nodejs python3
choco upgrade all -y

# Scoop
scoop install git nodejs python
scoop update *

# Quick comparison:
# - Admin required? choco (yes) vs scoop (no)
# - Package isolation: choco (global) vs scoop (~/scoop/apps)
# - Enterprise features: choco wins

A solid default: Scoop for developer workstations, WinGet or Chocolatey for servers.

9. Sysinternals 2024.x — Mark Russinovich's Toolbox

Sysinternals is a toolkit created by Mark Russinovich and Bryce Cogswell in 1996, acquired by Microsoft in 2006. Mark is currently CTO of Azure. The 2024.x build is the current line as of May 2026.

Core tools:

  • Process Explorer (procexp) — A superset of Task Manager. Parent-child trees, handle/DLL search, digital signature verification.
  • Process Monitor (procmon) — Real-time tracing of file/registry/network/process activity. The ultimate debugging tool.
  • Autoruns — One screen for every startup item, service, driver, and scheduled task. Essential for malware hunting.
  • TCPView — A live-updating GUI for netstat.
  • RAMMap — Memory usage analysis with visualization of cache and page pool.
  • Strings — Extracts ASCII and Unicode strings from binaries.
  • SDelete — DoD 5220.22-M secure deletion.
  • BgInfo — Renders host info on the desktop wallpaper for server identification.
  • ZoomIt — Screen zoom and annotation. Famous because Mark himself uses it in presentations.
# Sysinternals Live — run without installing
# Map the network location or invoke from \\live.sysinternals.com\tools
Start-Process "\\live.sysinternals.com\tools\procexp64.exe"

# Or install the whole suite via WinGet
winget install 9P7KNL5RWT25  # Sysinternals Suite

live.sysinternals.com\tools always hosts the latest builds. The fact that you can run any tool immediately, without a USB stick or installer, makes it a standard part of incident-response playbooks.

10. Windows Terminal 1.21 — A Modern Terminal Experience

It is time to leave the old console host for cmd.exe and PowerShell.exe. Windows Terminal started as open source in 2019 and has reached 1.21 by 2026.

Core features:

  • Tabs and split panes — Alt+Shift+D to split, Alt+Shift+- / + for horizontal/vertical
  • Profiles — pwsh, cmd, WSL2 Ubuntu, Azure Cloud Shell, SSH all in one window
  • GPU rendering — Tens of thousands of lines flow smoothly via DirectWrite
  • Quake mode — Win+` slides the terminal down from the top of the screen
  • Settings UI — Both direct JSON editing and a GUI
  • Color schemes — Campbell, One Half Dark, Solarized built in

Example settings.json:

{
    "defaultProfile": "{574e775e-4f2a-5b96-ac1e-a2962a402336}",
    "profiles": {
        "list": [
            {
                "guid": "{574e775e-4f2a-5b96-ac1e-a2962a402336}",
                "name": "PowerShell 7.5",
                "commandline": "pwsh.exe -NoLogo",
                "colorScheme": "One Half Dark",
                "font": { "face": "CaskaydiaCove Nerd Font", "size": 11 }
            }
        ]
    },
    "keybindings": [
        { "command": { "action": "splitPane", "split": "auto" }, "keys": "alt+shift+d" }
    ]
}

Pair this with a Nerd Font (such as CaskaydiaCove) and prompt frameworks like oh-my-posh and starship render their icons correctly.

11. WSL2 — A Real Linux Kernel Inside Windows

WSL2 is a lightweight Linux kernel that Microsoft runs on Hyper-V. Unlike WSL1's syscall translation, WSL2 runs an actual Linux kernel.

# Installation
wsl --install
wsl --install -d Ubuntu-24.04

# Distro management
wsl --list --verbose
wsl --set-default Ubuntu-24.04
wsl --shutdown   # stop all instances
wsl --export Ubuntu-24.04 C:\backup.tar
wsl --import Ubuntu-prod C:\WSL\prod C:\backup.tar

Where WSL2 actually gets used:

  1. Docker Desktop / Podman Desktop / Rancher Desktop — All default to the WSL2 backend.
  2. Development environments — Linux toolchains, native, on Windows.
  3. systemd support (since 2022) — Add systemd=true to /etc/wsl.conf.
  4. GUI apps (WSLg) — Wayland-based, X11 and Wayland both work.

Resource limits via .wslconfig in your user home:

[wsl2]
memory=8GB
processors=4
swap=2GB
networkingMode=mirrored
firewall=true

The mirrored networking mode (Windows 11 22H2+) shares WSL2's IP with Windows, so localhost becomes bidirectional.

12. Windows Containers — A Path That Is Not Docker

Separate from Linux containers running on WSL2, Windows Containers are their own thing. Supported since Windows Server 2016, they are used to containerize IIS, MSSQL, and legacy .NET Framework workloads.

Two isolation modes:

  • Process isolation — Shares the host kernel, fast, requires matching Windows build
  • Hyper-V isolation — Each container is a lightweight VM, safer, allows different Windows versions
# Enable the Windows feature
Enable-WindowsOptionalFeature -Online -FeatureName containers -All

# Docker Engine for Windows containers
# 1) "Switch to Windows containers" in Docker Desktop (dev use)
# 2) Or Mirantis Container Runtime (production)

docker run -it --isolation=hyperv mcr.microsoft.com/windows/servercore:ltsc2025 powershell

NHN Cloud has reported reducing host machine counts by 60% when migrating legacy ASP.NET workloads to containerized IIS.

13. DSC v3 — Desired State Configuration Reborn

DSC is PowerShell's declarative configuration management tool. It was released in 2014, stagnated for years, and then came back with DSC v3 (GA in 2024, cross-platform). v3 uses a Rust-rewritten engine and accepts JSON or YAML input.

# example.dsc.config.yaml
$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
resources:
- name: Web server packages
  type: Microsoft.WinGet/Package
  properties:
    id: Microsoft.IIS.Express
    source: winget
- name: Service state
  type: Microsoft.Windows/Service
  properties:
    name: W3SVC
    startupType: Automatic
    state: Running

# Apply
dsc config set --file example.dsc.config.yaml

# Inspect current state
dsc config get --file example.dsc.config.yaml

# Drift detection
dsc config test --file example.dsc.config.yaml

DSC v3's strength is a unified interface across PowerShell, WinGet, registry, services, and files, and the fact that it treats Linux resources (systemd, apt, etc.) with the same syntax. Think of it as Ansible-style idempotency with PowerShell-level expressiveness.

14. Ansible for Windows

Ansible manages Windows via WinRM or SSH (the latter is default on Windows Server 2019+) instead of plain SSH.

# playbooks/iis.yml
- hosts: windows
  tasks:
    - name: Install IIS
      ansible.windows.win_feature:
        name: Web-Server
        state: present
        include_management_tools: yes

    - name: Deploy site files
      ansible.windows.win_copy:
        src: ./dist/
        dest: C:\inetpub\wwwroot\

inventory.ini:

[windows]
win-01 ansible_host=10.0.0.5

[windows:vars]
ansible_user=Administrator
ansible_password={{ vault_admin_pw }}
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_port=5985

Ansible's advantages are push-based execution, agentless operation, and YAML friendliness. The downsides are the security complexity of WinRM (Kerberos vs NTLM vs CredSSP) and the fact that some cmdlets are not wrapped at all.

15. SCCM, Intune, and Microsoft Endpoint Manager

The two pillars of enterprise desktop and server management:

  • SCCM (System Center Configuration Manager) — On-premises. Windows patching, software deployment, OS image deployment. The de facto standard at large Korean SI firms.
  • Intune (Microsoft Endpoint Manager) — Cloud-based. Covers BYOD and mobile devices too.

The 2026 trend is co-management (SCCM and Intune in parallel) or cloud-attach (gradually moving SCCM infrastructure to Intune). Many Samsung SDS and LG CNS projects sit at this stage.

PowerShell integration:

# ConfigMgr cmdlets (5.1 only)
Import-Module ConfigurationManager
Set-Location "PRI:"  # site code
Get-CMDevice -Name "PC-001"

# Intune management via Microsoft Graph (7.x friendly)
Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All"
Get-MgDeviceManagementManagedDevice -Top 10

Since the ConfigMgr module still requires PowerShell 5.1, the common hybrid is to manage Intune from 7.x via Microsoft Graph while keeping SCCM tasks on 5.1.

16. Azure CLI 2 vs Az PowerShell

Two ways to automate Azure:

  • Azure CLI 2 (az) — Python-based, behaves identically in bash, zsh, and pwsh, JSON output by default.
  • Az PowerShell — Native PowerShell, object pipeline, splatting, PSCustomObject.
# Az PowerShell
Install-PSResource Az
Connect-AzAccount
Get-AzVM -ResourceGroupName "prod-rg" |
    Where-Object { $_.PowerState -eq "VM running" } |
    Select-Object Name, Location, HardwareProfile

# Azure CLI (called from inside pwsh)
az vm list --resource-group prod-rg --query "[?powerState=='VM running'].{name:name,location:location}" -o table

When to choose what:

  • CI/CD pipelines: Azure CLI (cross-platform, easy JSON parsing)
  • Operational automation / PowerShell-first teams: Az PowerShell (object pipeline wins)
  • Bicep/ARM deployments: Either works equally well

17. AWS Tools for PowerShell, GCP PowerShell, GitHub CLI

# AWS
Install-PSResource AWS.Tools.Common
Install-PSResource AWS.Tools.EC2
Set-AWSCredential -AccessKey AKIA... -SecretKey ... -StoreAs prod
Get-EC2Instance -ProfileName prod

# GCP
Install-PSResource GoogleCloud
Get-GceInstance -Project my-project

# GitHub CLI (gh)
winget install GitHub.cli
gh auth login
gh pr list --json number,title,author | ConvertFrom-Json | Format-Table

In particular, gh produces clean JSON, which makes it a great pairing with PowerShell's ConvertFrom-Json. It is heavily used for PR and issue automation.

18. Try/Catch, Common Parameters, and Splatting

The three pillars of production-grade PowerShell:

function Invoke-SafeRestApi {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory)][string]$Uri,
        [int]$Retries = 3,
        [int]$DelaySeconds = 2
    )

    for ($i = 1; $i -le $Retries; $i++) {
        try {
            $params = @{
                Uri                = $Uri
                Method             = 'Get'
                TimeoutSec         = 30
                MaximumRetryCount  = 0
                ErrorAction        = 'Stop'
            }
            return Invoke-RestMethod @params
        }
        catch [System.Net.Http.HttpRequestException] {
            Write-Warning "Attempt $i failed: $($_.Exception.Message)"
            if ($i -eq $Retries) { throw }
            Start-Sleep -Seconds $DelaySeconds
        }
        finally {
            Write-Verbose "Attempt $i complete"
        }
    }
}

# Common parameters auto-enabled: -Verbose, -ErrorAction, -ErrorVariable
Invoke-SafeRestApi -Uri "https://api.example.com/health" -Verbose -ErrorAction Continue

A single [CmdletBinding()] line gives you Verbose, Debug, ErrorAction, WarningAction, and more for free. The @params splat improves both readability and reuse.

19. Pipeline Objects and PSCustomObject

PowerShell's real power is the object pipeline. Where bash streams text, PowerShell streams .NET objects.

# Pipeline example
Get-Process |
    Where-Object { $_.WorkingSet64 -gt 500MB } |
    Sort-Object -Property WorkingSet64 -Descending |
    Select-Object -First 10 Name, Id, @{N='RAM(MB)';E={[int]($_.WorkingSet64/1MB)}} |
    Format-Table

# PSCustomObject = PowerShell's DTO
$report = Get-Service | ForEach-Object {
    [PSCustomObject]@{
        Name       = $_.Name
        Status     = $_.Status
        StartType  = $_.StartType
        CheckedAt  = Get-Date
    }
}
$report | Export-Csv services.csv -NoTypeInformation
$report | ConvertTo-Json -Depth 3 | Set-Content services.json

Add ForEach-Object -Parallel and IO-bound workloads accelerate dramatically:

$servers = Get-Content servers.txt
$servers | ForEach-Object -Parallel {
    Test-NetConnection $_ -Port 443 -InformationLevel Quiet
} -ThrottleLimit 32

20. GUI Automation — Out-GridView, ImportExcel, PSWriteHTML

PowerShell can also produce lightweight GUIs:

# Interactive selection with Out-GridView
$selected = Get-Process | Out-GridView -PassThru -Title "Pick processes"
$selected | Stop-Process -WhatIf

# ImportExcel — read/write .xlsx without Excel installed
Install-PSResource ImportExcel
Get-Service | Export-Excel -Path C:\services.xlsx -AutoSize -TableStyle Medium2

# PSWriteHTML — interactive HTML reports
Install-PSResource PSWriteHTML
New-HTML -FilePath C:\report.html -ShowHTML {
    New-HTMLTab -Name "Services" {
        New-HTMLTable -DataTable (Get-Service) -ScrollX
    }
}

PSWriteHTML reports are built on DataTables and Charts.js, so they have search, sort, and filter out of the box. A common use is morning ops reports automatically emailed to the team.

21. Active Directory and Group Policy Cmdlets

Import-Module ActiveDirectory   # Requires RSAT, still most stable on 5.1

# User lookup
Get-ADUser -Filter "Department -eq 'Engineering'" -Properties EmailAddress |
    Select-Object SamAccountName, EmailAddress

# Group members
Get-ADGroupMember -Identity "Domain Admins" -Recursive |
    Get-ADUser -Properties LastLogonDate |
    Select-Object Name, LastLogonDate

# Local users
New-LocalUser -Name "deployer" -Password (Read-Host -AsSecureString) -Description "CI Deployer"
Add-LocalGroupMember -Group "Administrators" -Member "deployer"

# Group Policy
Get-GPO -All | Select-Object DisplayName, CreationTime, ModificationTime
Backup-GPO -Name "Default Domain Policy" -Path C:\GPOBackups

Active Directory cmdlets work in 7.x through WindowsCompatibility, but some scenarios remain more stable on 5.1.

22. Microsoft Graph PowerShell SDK

The older AzureAD and MSOnline modules were retired in 2024, replaced by the Microsoft Graph PowerShell SDK.

Install-PSResource Microsoft.Graph -Scope CurrentUser

# Connect with the right scopes
Connect-MgGraph -Scopes "User.Read.All","Group.Read.All"

# Lookup Azure AD users
Get-MgUser -Filter "department eq 'IT'" -Top 100 |
    Select-Object DisplayName, UserPrincipalName, Mail

# Conditional Access policies
Get-MgIdentityConditionalAccessPolicy |
    Select-Object DisplayName, State

# Intune devices
Get-MgDeviceManagementManagedDevice -Top 50 |
    Where-Object { $_.OperatingSystem -eq "Windows" }

Disconnect-MgGraph

Microsoft Graph is essentially the entire REST API surface wrapped in PowerShell, which means 60+ sub-modules. Install only Microsoft.Graph.Authentication and pull individual sub-modules as needed to keep things lean.

23. Key Windows Server 2025 Features

Windows Server 2025 went GA in November 2024. The DevOps-relevant highlights:

  • Hotpatching for Windows Server — Security patches without reboots (free when enrolled in Azure Arc).
  • OpenSSH on by default (server side)Add-WindowsFeature -Name OpenSSH-Server.
  • Sysmon integrated by default — Stronger security event logging.
  • DTrace — The Windows equivalent of Linux's strace / eBPF.
  • WSL2 on Server — WSL2 now runs on server SKUs.
  • SMB over QUIC — File sharing across the internet without a VPN.
  • First major Active Directory update in 30+ years — 32k page size, OPTIONAL_FEATURE introduced.
# Enable SSH
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service sshd -StartupType Automatic

# Make pwsh the default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
    -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force

With this, Linux-style workflows (SSH plus standard tools) are first-class on Windows.

24. Best Practices — Real-World Recommendations

For long-lived production scripts:

  1. #Requires -Version 7.4 at the top of every script — blocks accidental interpreter mismatch.
  2. No aliases — Use Get-ChildItem, Where-Object, ForEach-Object instead of gci, ?, %. Better readability and easier static analysis.
  3. Approved verbs — Check with Get-Verb. New function names must use the official verbs (Get-, Set-, New-, Invoke-, etc.).
  4. Code-signing certificates — Production scripts should be signed: Set-AuthenticodeSignature -FilePath script.ps1 -Certificate $cert.
  5. Execution policyRemoteSigned or AllSigned on machines. Never make Bypass permanent.
  6. Constrained Language Mode — Consider enabling it in environments handling untrusted input.
  7. PSScriptAnalyzer + Pester as CI gates — Block bad merges automatically.
  8. Module manifests (.psd1) — Declare version, dependencies, and exported functions explicitly.
  9. Logging — Use Start-Transcript to capture entire sessions, and distinguish Write-Information from Write-Verbose clearly.
  10. Error handling — Default $ErrorActionPreference = 'Stop', with explicit try/catch around fallible operations.

25. PowerShell Universal and PowerShell Studio

Ironman Software's PowerShell Universal turns PowerShell scripts into web APIs, dashboards, and scheduled jobs instantly. It is the go-to for internal self-service portals.

# Pseudo-code page in PSU
New-UDPage -Name "VM Restart" -Content {
    New-UDTextbox -Id "vmName"
    New-UDButton -Text "Restart" -OnClick {
        $name = (Get-UDElement -Id "vmName").value
        Restart-AzVM -Name $name -ResourceGroupName "prod-rg"
        Show-UDToast "Restarted $name"
    }
}

PowerShell Studio (SAPIEN Technologies) is a full IDE with a built-in form designer, great for building visual form-based operational tools. VS Code with the PowerShell extension is the standard, but Studio remains useful for teams doing heavy form work.

26. Korean / Japanese / Global Windows DevOps in the Field

Korea:

  • NHN Cloud — Windows VM and SQL Server workloads, internally built PowerShell automation libraries.
  • Samsung SDS — Rolling out SCCM + Intune + PowerShell DSC v3 across global sites.
  • Naver Cloud — Windows server hosting, Hyper-V-based cloud console.
  • LG CNS — Standardizes Active Directory + GPO + ConfigMgr patterns across SI projects.
  • Kakao Enterprise — Pester + PSScriptAnalyzer as CI gates by default.

Japan:

  • NEC — Windows operations across government and finance systems, JIS-certified automation tooling.
  • IIJ — Windows VPS hosting, WSUS + PowerShell patch automation.
  • Microsoft Japan (Tokyo) — Contributes to PowerShell 7.5 i18n and PSReadLine Japanese-input stability.
  • CyberAgent — Windows containers in game operations.
  • Fujitsu — Enterprise SCCM and Intune SI business.

Global trends:

  • Microsoft itself runs significant parts of Bing and Office infrastructure on PowerShell 7.
  • GitHub Actions' windows-2022 and windows-2025 runners ship with PowerShell 7.5 by default.
  • Azure DevOps Pipelines plus Azure PowerShell remains a strong combination.

Windows DevOps is not dead. With PowerShell 7, WSL2, OpenSSH, DSC v3, and Microsoft Graph converging, workflows have grown much closer to those on Linux while keeping enterprise assets like Active Directory and SCCM intact. The 2026 Windows DevOps engineer holds the best tools of both worlds.

References

  1. PowerShell official docs — https://learn.microsoft.com/powershell/
  2. PowerShell on GitHub — https://github.com/PowerShell/PowerShell
  3. PowerShell Gallery — https://www.powershellgallery.com/
  4. PSScriptAnalyzer — https://github.com/PowerShell/PSScriptAnalyzer
  5. Pester — https://pester.dev/
  6. PSReadLine — https://github.com/PowerShell/PSReadLine
  7. WinGet (Windows Package Manager) — https://learn.microsoft.com/windows/package-manager/
  8. Chocolatey — https://chocolatey.org/
  9. Scoop — https://scoop.sh/
  10. WSL2 official — https://learn.microsoft.com/windows/wsl/
  11. Windows Terminal — https://github.com/microsoft/terminal
  12. Sysinternals — https://learn.microsoft.com/sysinternals/
  13. Sysinternals Live — https://live.sysinternals.com/
  14. DSC v3 — https://learn.microsoft.com/powershell/dsc/overview
  15. Ansible for Windows — https://docs.ansible.com/ansible/latest/os_guide/windows.html
  16. Az PowerShell — https://learn.microsoft.com/powershell/azure/
  17. AWS Tools for PowerShell — https://aws.amazon.com/powershell/
  18. Microsoft Graph PowerShell SDK — https://learn.microsoft.com/powershell/microsoftgraph/
  19. Windows Server 2025 — https://learn.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2025
  20. Mark Russinovich — https://learn.microsoft.com/sysinternals/community/mark-russinovich
  21. Ironman Software PowerShell Universal — https://ironmansoftware.com/powershell-universal
  22. SAPIEN PowerShell Studio — https://www.sapien.com/software/powershell_studio
  23. GitHub CLI — https://cli.github.com/
  24. NHN Cloud — https://www.nhncloud.com/
  25. Samsung SDS — https://www.samsungsds.com/
Discuss on TwitterView on GitHub