Microsoft has announced the introduction of hotpatch updates for compatible business devices running Windows 11 Enterprise version 24H2, a significant advancement for organizations aiming to minimize downtime. These updates enable the installation of OS security patches in the background, eliminating the need for a device restart and thus reducing user disruption while maintaining robust security measures.
Windows 11 hotpatching comes to enterprise devices
In a recent blog post, David Callaghan from Microsoft elaborated on the benefits of hotpatch updates, stating that they take effect immediately upon installation, offering swift protection against vulnerabilities. He emphasized that devices utilizing hotpatching receive the same level of security as those updated through the traditional Patch Tuesday releases. The key difference lies in the absence of required restarts, allowing employees to continue their work with minimal interruptions.
To implement this feature, companies must establish a hotpatch-enabled quality update policy through Microsoft Intune. IT administrators will notice distinct KB numbers and OS versions for devices enrolled in hotpatched updates, which is an essential detail for managing updates effectively. While devices will still need to reboot for security updates installed four times a year—in January, April, July, and October—the subsequent two months of each quarter will allow for updates without a restart.
Regarding eligibility, Callaghan mentioned that Arm64 devices are currently in public preview, hinting at future support for these devices. For those looking to set up hotpatching, the process involves navigating to the Microsoft Intune admin center, selecting Devices, then Windows updates, and finally creating a Windows quality update policy with the toggle set to Allow. This feature is set to be generally available as of April 2, 2025, with confirmation that support for Arm64 devices will follow at a later date.
