Microsoft has unveiled a significant enhancement to its security update process, announcing that hotpatching is now available in preview for Windows 365 and Windows 11 Enterprise 24H2 client devices. This feature, which allows for seamless installation of security updates without the need for a reboot, aims to bolster the security and productivity of organizations.
Details on Hotpatching
Hotpatching has been a part of the Windows ecosystem since February 2022, initially rolled out for Windows Server 2022 Datacenter: Azure Edition. It became generally available for core virtual machines and entered public preview for Windows Server 2025 in September 2024. The essence of hotpatching lies in its ability to download and install security updates in the background, effectively patching the in-memory code of running processes without interrupting user activities.
According to Microsoft, “Hotpatch updates are scoped and provide a complete set of OS security patches. No additional features are included.” This means that once installed, these updates take effect immediately, ensuring that devices remain secure without the downtime associated with traditional update processes.
The update cycle for devices supporting hotpatching is structured to enhance efficiency. In January, April, July, and October, devices will install a cumulative security update that includes the latest fixes and enhancements, followed by a restart. In the intervening months, hotpatch updates will deliver only security fixes, eliminating the need for a restart. This streamlined approach reduces the number of required restarts from twelve to just four each year, thanks to the eight planned hotpatch updates.
Eligibility and Implementation
Organizations interested in utilizing hotpatching during its public preview must meet certain criteria:
- A Microsoft subscription that includes Windows Enterprise E3 or E5 (such as Microsoft 365 A3/A5 or Microsoft 365 F3) or a Windows 365 Enterprise subscription.
- Devices must be running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later).
- Microsoft Intune is required for management.
Eligible organizations can enable hotpatch updates through a new Windows quality update policy in Intune and Windows Autopatch, allowing for automated deployment of these updates. Notably, the quality update policy can automatically detect whether targeted devices are eligible for hotpatching, ensuring a smooth transition to this new update mechanism.
For those devices not meeting the hotpatching criteria, Microsoft assures that they will continue to receive the standard monthly security updates, maintaining a robust security posture across the ecosystem.
In addition to the hotpatching announcement, Microsoft made headlines at its Ignite annual conference in Chicago, Illinois, by introducing Zero Day Quest—a new hacking event offering million in rewards focused on cloud and AI products. The company also provided insights into a new Windows 11 administrator protection security feature and revealed plans for a “Quick Machine Recovery” feature aimed at assisting administrators in remotely fixing systems that become unbootable.
