Hotpatch updates or “hotpatching” is an interesting approach that aims to reduce the number of reboots required to install updates on Windows 11. We first spotted “hotpatching” in the Windows 11 consumer edition in March 2024, and it’s finally rolling out to the public, but unfortunately, it’s limited to Enterprise customers.

Unlike traditional Windows Updates, Hotpatching adopts a different installation style that patches the in-memory code of running processes instead of the usual route.

The current state of Windows 11 requires users to reboot their devices every time the cumulative update rolls out on the second Tuesday of the month (aka Patch Tuesday). This monthly update is mandatory and brings all the security fixes required to protect the PC, along with some feature add-ons.

Hotpatching is different because it changes how Windows updates are applied. In the new approach, Microsoft divided the existing twelve-month update cycle into Cumulative baseline and Hotpatching categories.

January, April, July, and October are the months when Windows will receive cumulative updates like they currently do and will have to restart the PC to apply the changes.

But aren’t we talking about “no reboots” updates? To better understand how the whole hotpatching idea works, take a closer look at the diagram below:

Your PC will still need a reboot whenever it installs a cumulative baseline update in the months mentioned above, which equals four restarts in a year. For the other eight months, you’ll receive hotpatch updates that silently install on your PC and don’t require a full system reboot to apply.

You’ll save eight reboots a year which means you don’t have to close the existing work session just to apply a security update.

The only downside of this is that your PC will receive new features every quarter and not every Patch Tuesday. So, you’ll get four feature updates instead of twelve. However, in an Enterprise environment, it’s really not an issue to deliver new features every month, and the focus is more on security and stability.

Windows 11 Hotpatch system requirements

What does it take to turn on hot patching in Windows 11 24H2? According to Microsoft, you must meet the following system requirements:

1. Windows 11 Enterprise edition. All editions are supported, including E3, E5, or F3. Or you can also use Windows 365 Enterprise subscription.
2. A PC with x64 CPU. ARM is not supported by default because Snapdragon PCs are for consumers, not really businesses. But you can turn it on by disabling CHPE.
3. Microsoft Intune access.
4. PC with Virtualization-based Security (VBS).

Microsoft isn’t forcing Hotpatching on admins, and there is an option to opt-out if you don’t want to use it early on.

All the management happens via the Intune admin center, and you can create a new policy by going to the Devices > Windows updates > Create Windows quality update policy option and changing it to Allow.

You can also check if all the connected systems are eligible for hotpaching. Old Windows 11 versions and Windows 10 aren’t eligible and will follow the current update standard of monthly security updates.

Note: ARM64 devices must take an additional step to turn off CHPE to be eligible for hotpatch updates. Microsoft has published the registry key you must manipulate to keep the hotpactch support active.

The post Microsoft turns on “reboot less” Hotpatch updates for Windows 11 Enterprise appeared first on Windows Latest