Category
stayInformed
Severity
normal
Major change
True
Last modified
2025-02-08 03:51:22
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
—
Services
Windows
Tags
Admin impact
Master tags
Security
Roadmap IDs
One-line summary
Hotpatch for Windows Autopatch is in public preview; devices need Windows 11 24H2 with Jan 2025 update, VBS enabled, and specific registry changes for Arm64 to deploy without restarts.
Similar updates
More like thisMC1046878 (Updated) Hotpatch for Windows client now available
(Updated) Hotpatch for Windows client now available Hotpatch updates are now generally available for Windows 11 Enterprise 24H2 (x64), enabling rapid, restart-free security updates via Windows Autopatch and Intune; Arm64 support remains in preview. Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version.
MC1068760 Resources to get started with hotpatch updates for Windows 11, version 24H2
Prerequisites include: Windows Autopatch prerequisites Devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later) and with the current baseline update installed An x64 CPU including AMD64 and Intel (Note: Arm64 devices are still in public preview) Microsoft Intune to manage deployment of hotpatch updates with a.
MC1073823 Hotpatch for client: Frequently asked questions
...FAQ to prepare devices and understand hotpatching eligibility,What you need to do to prepare: Read Additional information to find answers to any questions you may have in the following categories: Hotpatch update definitions Eligibility and availability of hotpatch updates Hotpatching on Arm64 devices Technical information about hotpatch.
MC1126220 Get started with July 2025 improvements in Windows 11
How this will affect your organization: You can start seeing improvements across various workflows in your organization with: Refreshed media for inbox Windows apps General availability of hotpatching for Windows x64 and Arm64 devices General availability of hotpatching for Window Server 2025 through Azure Arc Windows Autopatch groups .
MC1115741 Hotpatching now available for 64-bit Arm architecture
Hotpatching now available for 64-bit Arm architecture Hotpatching for Windows 11 24H2 Arm64 devices is now generally available, enabling security updates without restarts; admins must disable CHPE and enroll devices in a hotpatch policy. More enterprise environments can now experience the power of security updates that don’t require a restart..
MC1138549 Hotpatch readiness: Enable VBS at scale
Hotpatch readiness: Enable VBS at scale To use Windows Autopatch hotpatching (security updates without restart), you must enable virtualization-based security (VBS) on Windows clients using Intune, PowerShell, or Command Prompt. Additional information: Find step-by-step instructions to enable VBS and to validate and monitor enablement at .
Details
Body (from Message Center)
(Updated 2/7 8:00pm to call out additional prerequisites related to OS version)
Hotpatch is an extension of Windows Update, designed to reduce downtime and disruptions by allowing the installation of Monthly B release security updates without requiring a device restart. We encourage users to test and use Hotpatch.
However, it's important to note that not all devices are eligible for Hotpatch updates. We want to remind you of the prerequisites necessary to ensure a successful Hotpatch deployment across your environment. For complete details, see Windows Autopatch Hotpatch Updates.
When will this happen:
The Hotpatch feature is currently in public preview. We welcome users to test and use Hotpatch in production environments, as well as provide us their feedback. Enrollment to Hotpatch updates begins at the Intune admin center. See the resources at the Additional Information section, below.
How this will affect your organization:
If you've recently added devices to your Hotpatch policy as part of Windows Autopatch, please note the below prerequisites to ensure successful Hotpatch deployment.
All devices must meet the following prerequisites:
- Operating system: Devices must be running Windows 11 24H2, specifically the January 2025 Windows monthly security update - KB5050009 (OS Build 26100.2894) (baseline).
- Virtualization-Based Security (VBS): This must be enabled to ensure secure installation of Hotpatch updates. For details, see Memory integrity and VBS enablement.
Arm64 devices only: Disable compiled hybrid PE usage (CHPE), by making the following changes.
- Edit the Windows registry: Path HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
- DWORD key value: HotPatchRestrictions = 1
- You must restart the computer after you set this registry key. Once set, you do not need to set it again because it will persist. See the documentation in the Additional Information section for additional details.
What you need to do to prepare:
In order to take advantage of the benefits of Hotpatch, devices must meet the necessary prerequisites. Review devices in your environment and see the resources at the Additional Information section below if deployment is not occurring as expected.
Devices that don't meet one or more prerequisites automatically receive the Latest Cumulative Update (LCU) instead. LCUs contain monthly updates that supersede the previous month's updates containing both security and non-security releases. While LCUs require a system restart, they ensure that the device remains fully secure and compliant.
Additional information:
- For more details on device requirements, see Hotpatch updates (public preview) | Operating system configuration prerequisites
- To enroll in Hotpatch and see the latest release schedule, see Hotpatch updates (public preview) | Enroll devices to receive Hotpatch updates
- If you have any questions or need further assistance, please reach out to your Microsoft representative.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": null,
"ai_actions": [
"Verify devices run Windows 11 24H2 with Jan 2025 update",
"Enable Virtualization-Based Security",
"Apply registry change for Arm64 devices",
"Review device eligibility for Hotpatch"
],
"ai_master_tags": [
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Hotpatch for Windows Autopatch is in public preview; devices need Windows 11 24H2 with Jan 2025 update, VBS enabled, and specific registry changes for Arm64 to deploy without restarts.",
"ai_topics": [
"Windows",
"Intune"
],
"category": "stayInformed",
"details_map": {},
"id": "MC999973",
"importance": 4,
"is_major_change": true,
"last_modified": "2025-02-08T03:51:22Z",
"ms_products": [
"Windows"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Windows"
],
"severity": "normal",
"tags": [
"Admin impact"
],
"title": "Reminder: Hotpatch eligibility and prerequisites"
}
}