Microsoft has launched Hotpatch technology for devices running Windows 11 Enterprise, version 24H2 and x64 architecture (AMD and Intel). As of April 2, 2025, the feature is available to corporate users with the necessary subscription and Microsoft Intune settings. This innovation enables the installation of critical security updates without rebooting, minimizing workflow disruptions and enhancing overall system security.
Hotpatching is a core part of Microsoft’s strategy to improve both performance and protection. It has already been widely adopted in Azure and is now making its way to client devices.
The benefits of the technology are clear. Updates are applied immediately after installation, significantly reducing the window of vulnerability. Additionally, users can continue working without interruptions—most security patches throughout the quarter require no restart. A reboot is only required once every three months during a “baseline month” to apply cumulative changes, such as new features and improvements. In all other months, updates are applied silently.
The update schedule follows this pattern:
-
January, April, July, October — baseline updates with a reboot
-
All other months — Hotpatch updates with no reboot required
This means that instead of 12 reboots per year, only four are needed. At the same time, all security updates remain consistent with the standard update model.
Subscription Requirements and Rollout Status
To use Hotpatch, organizations need one of the following: Windows 11 Enterprise E3/E5/F3, Windows 11 Education A3/A5, or a Windows 365 Enterprise subscription. Devices must be updated to version 24H2 (build 26100.2033 or higher), have Virtualization-based Security (VBS) enabled, and be managed via Microsoft Intune with the relevant update quality policy.
On Arm64 architecture, Hotpatch is still in public preview. To enable it, CHPE support must be manually disabled in the registry. A dedicated CSP to handle this is expected in future updates—we’ll keep you updated.
Hotpatch settings are already available in the Intune interface, adds NIX Solutions. Admins can activate the feature by creating a new quality policy and setting the corresponding option to “Allow.” If the device meets all criteria, it will automatically shift to seamless updates.
Michael Meyer, Senior System Administrator at Krones AG, shared: “At first, we did not realize how important it was for updates to take effect immediately. Now we understand that this dramatically reduces risks and eliminates unnecessary headaches.”
Hotpatch has been available since April 2025 for Windows 11 Enterprise users on Intel and AMD processors. Support for Arm64 is expected soon.