Microsoft announced today that hotpatching of security updates is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices.
Windows Hotpatch has been available for Windows Server 2022 Datacenter: Azure Edition since February 2022, initially generally available for Windows Server Azure Edition core virtual machines, and in public preview for Windows Server 2025 since September 2024.
When hotpatching is available, Windows downloads security updates and installs them in the background without rebooting. To do that, hotpatching deploys the security updates by patching the in-memory code of running processes without restarting them after each installation.
“Hotpatch updates are scoped and provide a complete set of OS security patches. No additional features are included,” said Microsoft today. “They are unique in that they take effect immediately upon installation without requiring you to restart your device, helping to ensure focused, rapid protection.”
In January, April, July, and October (the first month of each quarter), Windows devices with hotpatching support will install a cumulative security update (containing the latest security fixes, features, and enhancements) and restart.
However, during the next two months, the devices will receive hot patch updates pushing only security fixes, which do not require a restart (this cycle will repeat each quarter).
“Devices stay secure and productive, and you reduce the number of required restarts for Windows updates from twelve to just four thanks to eight planned hotpatch updates each year,” Microsoft added.
Organizations that want to use hotpatching in public preview need to meet the following requirements:
- A Microsoft subscription that includes Windows Enterprise E3 or E5 (e.g. Microsoft 365 A3/A5 or Microsoft 365 F3); or a Windows 365 Enterprise subscription
- Targeted devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later)
- Microsoft Intune
Those eligible can enable hotpatch updates using a new Windows quality update policy in Intune and Windows Autopatch. Then you can opt-in (or opt-out) devices for automated hotpatch update deployment.
“And, good news, the quality update policy can auto-detect if your targeted devices are eligible for hotpatching,” the company said. “All other Windows 10 and Windows 11 devices will continue to receive the standard monthly security updates, ensuring that your ecosystem stays protected and productive.”
Today, at its Ignite annual conference in Chicago, Illinois, Microsoft also announced the launch of Zero Day Quest, a new hacking event with $4 million in rewards focused on cloud and AI products.
Redmond also shared more information on the new Windows 11 administrator protection security feature and said it’s working on a new “Quick Machine Recovery” feature to help admins use Windows Update “targeted fixes” to fix systems rendered unbootable remotely.