Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-07-15 17:01:17
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
—
Services
Windows
Tags
Admin impact
Master tags
Security
Roadmap IDs
One-line summary
Hotpatching for Windows 11 24H2 Arm64 devices is now generally available, enabling security updates without restarts; admins must disable CHPE and enroll devices in a hotpatch policy.
Similar updates
More like thisMC999973 Reminder: Hotpatch eligibility and prerequisites
Reminder: Hotpatch eligibility and prerequisites Hotpatch for Windows Autopatch is in public preview; devices need Windows 11 24H2 with Jan 2025 update, VBS enabled, and specific registry changes for Arm64 to deploy without restarts. All devices must meet the following prerequisites: Operating system : Devices must be running Windows 11 24H2,.
MC1068760 Resources to get started with hotpatch updates for Windows 11, version 24H2
Prerequisites include: Windows Autopatch prerequisites Devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later) and with the current baseline update installed An x64 CPU including AMD64 and Intel (Note: Arm64 devices are still in public preview) Microsoft Intune to manage deployment of hotpatch updates with a.
MC1126220 Get started with July 2025 improvements in Windows 11
How this will affect your organization: You can start seeing improvements across various workflows in your organization with: Refreshed media for inbox Windows apps General availability of hotpatching for Windows x64 and Arm64 devices General availability of hotpatching for Window Server 2025 through Azure Arc Windows Autopatch groups .
MC1046878 (Updated) Hotpatch for Windows client now available
(Updated) Hotpatch for Windows client now available Hotpatch updates are now generally available for Windows 11 Enterprise 24H2 (x64), enabling rapid, restart-free security updates via Windows Autopatch and Intune; Arm64 support remains in preview. Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version.
MC1171745 Hotpatch efficiency unlocked: Smaller update size
Hotpatch efficiency unlocked: Smaller update size Hotpatch updates are now generally available, offering smaller, faster security updates that install in the background without restarts, improving productivity and network performance. Hotpatch updates, which are smaller than standard Windows updates, bring faster security and improved.
MC1073823 Hotpatch for client: Frequently asked questions
Hotpatch for client: Frequently asked questions May 2025 hotpatch update for Windows 11 24H2 is available; review new FAQ to prepare devices and understand hotpatching eligibility, deployment, and technical details. What you need to do to prepare: Read Additional information to find answers to any questions you may have in the following.
Details
Body (from Message Center)
More enterprise environments can now experience the power of security updates that don’t require a restart. Hotpatching is now available for Windows 11, version 24H2 Arm64 devices. All you need to do is check your prerequisites, disable Compiled Hybrid PE (CHPE), and enroll these devices into a quality update policy with hotpatching enabled.
When will this happen:
Hotpatching for 64-bit Arm architecture is now generally available.
How this will affect your organization:
With hotpatching, your organization can benefit from:
- Faster compliance: Security updates are applied immediately, reducing the window of vulnerability.
- No downtime: Users stay productive—no forced restarts or interruptions.
- Smaller update payloads: Faster installs and easier update orchestration.
- Enterprise-grade control: Integrated with Microsoft Intune and Windows Autopatch for streamlined management.
What you need to do to prepare:
Read Hotpatching now available for 64-bit Arm architecture to check if you meet the prerequisites and additional guidance to get started.
A unique prerequisite for Arm64 devices is disabling Compiled Hybrid PE (CHPE). Do this in one of the following ways:
- Use the DisableCHPE policy. Apply the following configuration service provider (CSP) setting via Microsoft Intune or Group Policy, then restart the device once: ./Device/Vendor/MSFT/Policy/Config/Hotpatch/DisableCHPE = 1
- Use registry keys. You can also set the following registry key value to 1 and then restart the device once: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\HotPatchRestrictions = 1
Additional information:
- Read Hotpatching now available for 64-bit Arm architecture for the complete announcement and technical guide.
- Find the DisableCHPE policy at System Policy CSP.
- Learn how to Enroll devices to receive hotpatch updates.
- Consult our comprehensive documentation on Hotpatch updates.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": null,
"ai_actions": [
"Check prerequisites for hotpatching",
"Disable Compiled Hybrid PE (CHPE) on Arm64 devices",
"Enroll devices in a hotpatch-enabled update policy"
],
"ai_master_tags": [
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Hotpatching for Windows 11 24H2 Arm64 devices is now generally available, enabling security updates without restarts; admins must disable CHPE and enroll devices in a hotpatch policy.",
"ai_topics": [
"Windows"
],
"category": "stayInformed",
"details_map": {},
"id": "MC1115741",
"importance": 1,
"is_major_change": false,
"last_modified": "2025-07-15T17:01:17Z",
"ms_products": [
"Windows"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Windows"
],
"severity": "normal",
"tags": [
"Admin impact"
],
"title": "Hotpatching now available for 64-bit Arm architecture"
}
}