Microsoft’s Windows Server platform has utilized the hotpatch update method for a couple years. Microsoft has announced they are bringing the feature to Windows 11 Enterprise editions.
What is hotpatching for Windows? I’ll let them explain:
The first month of each quarter of the calendar year (i.e. January, April, July, and October), devices install the standard monthly security update and restart. This cumulative update contains the latest security fixes, new features, and enhancements. The following two months, devices are offered hotpatch updates, which include only security updates and install without the need to restart. At the start of the next quarter, the cycle repeats.
That’s it. Devices stay secure and productive, and you reduce the number of required restarts for Windows updates from twelve to just four thanks to eight planned hotpatch updates each year!
While most environments aren’t using the latest and greatest using Windows 11, M365/Entra, Intune managed devices – a big Microsoft Entra stack, the requirements are pretty normal for a company that is using that Microsoft stack – a Windows environment using Windows 11 24H2, Microsoft 365, Intune, etc.:
To take advantage of the public preview, your organization will need the following to be eligible for hotpatching:
- A Microsoft subscription that includes Windows Enterprise E3 or E5 (e.g. Microsoft 365 A3/A5 or Microsoft 365 F3); or a Windows 365 Enterprise subscription
- Targeted devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later)
- Microsoft Intune
You can enable hotpatch updates for eligible devices using a new Windows quality update policy in Intune and Windows Autopatch. Using those policies, you can opt devices in (or out) for automated hotpatch update deployment. And, good news, the quality update policy can auto-detect if your targeted devices are eligible for hotpatching. All other Windows 10 and Windows 11 devices will continue to receive the standard monthly security updates, ensuring that your ecosystem stays protected and productive.
All in all, if you’re all in with Microsoft, this is a great feature. Having less restarts due to Windows updates is always a great thing. They are noticeable in the workplace and can happen at the worst possible time (even with the nag screens and a timer when it’s forced). This will be a huge positive thing for the end user and the reputation of the IT department and keeping the security folks happy that everything is patched and protected.
MSTechPages is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate, we earn from qualifying purchases at no extra cost to you.
