Sign in Subscribe
Windows

Enable Windows Hotpatch (Preview)

Announced at Microsoft Ignite 2024, Windows Hotpatch allows Windows Updates to be applied to devices, without the need for a restart. Let's get it enabled!

Chris Greenacre

Chris Greenacre

2 min read
Enable Windows Hotpatch (Preview)
Photo by Clint Patterson / Unsplash

On November 19, 2024, Microsoft announced at Microsoft Ignite that "hotpatch updates" would be available for Windows clients. Previously, this was limited to Windows Server and has proven its reliability over the last two years.

When hotpatching is made available to your Windows clients, Windows downloads security updates and installs them, in the background, without requiring any user attention, reboots, or intervention. Hotpatch does this by updating the "in-memory code" of running processes, without the need to restart that process.

There are a few requirements, before your organisation can take advantage of the Windows Hotpatch Public Preview:

  • A Microsoft subscription that includes Windows Enterprise E3 or E5*; or a Windows 365 Enterprise subscription.
    • *e.g. Microsoft 365 A3/A5 or Microsoft 365 F3
  • Devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later).
  • Microsoft Intune.

Device requirements:

  • VBS (Virtualisation-based security) must be enabled.

So, how do we enable it?

  • Under "Manage updates" go to Windows Updates > Quality Updates.
  • Create a new "Windows quality update policy (preview)". Give it a descriptive name, then under Settings set "When available, apply without restarting the device ("hotpatch")" to Allow.
  • Under Assignments, assign the policy to any Microsoft Entra group that contains the Windows devices you're targeting.
    • You may need to go to the Entra admin center and create that group first.
⚠️
We strongly recommend creating a group with a limited number of test devices first, to ensure functionality and troubleshoot any issues before a wider deployment.
  • Click Next, then Create to finish creating your policy.

And that's it. You've created your Windows Quality Update policy, with Windows Hotpatch enabled. Windows will now automatically attempt to install quality updates with Hotpatch functionality, if the device is eligible and configured correctly.

According to Microsoft Learn, Hotpatch updates are released in the following months: February, March, May, June, August, September, November, and December. So, keep an eye out on your quality update deployments because we have a Hotpatch month coming up very soon!

Until next time 👋

Read more