check before: 2025-04-02
Product:
Intune, Microsoft 365 admin center, SharePoint, Windows, Windows Autopatch, Windows Server
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Updated April 3, 2025: The language in the first paragraph was updated to provide more clarity on the update process.
Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version 24H2 and x64 (AMD/Intel) CPU. With hotpatch updates, you can quickly take measures to help protect your organization from cyberattacks, while minimizing user disruptions. You'll first create a hotpatch-enabled quality update policy in Windows Autopatch through the Microsoft Intune console. Eligible devices managed by this policy will be offered hotpatch updates in a quarterly cycle. Eight months out of twelve, you won't need to restart the device for the security update to take effect.
When will this happen:
Hotpatch updates are generally available on Intel and AMD-powered devices as of today, April 2, 2025, with the feature becoming available on Arm64 devices at a later date.
For Arm64 devices, hotpatch updates are still in public preview.
A new DisableCHPE CSP will be available for Arm64 devices shortly after the April 2025 security update.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-03
updated:
2025-04-04
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Hotpatch updates for Windows 11 Enterprise allow security patches to be applied without requiring a restart, minimizing work disruptions, and are available for Intel, AMD, and soon Arm64 devices, with setup managed through Windows Autopatch in the Microsoft Intune console.
Direct effects for Operations**
User Disruption During Update Process
If hotpatch updates are implemented without proper preparation, users may experience unexpected disruptions due to OS features or application updates that still require a restart, despite the hotpatch updates not requiring one.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates, https://techcommunity.microsoft.com/blog/windows-itpro-blog/hotpatch-for-client-comes-to-windows-11-enterprise/4302717
Incompatibility with Arm64 Devices
The hotpatch feature is not yet available for Arm64 devices, which may lead to inconsistencies in update processes and security levels across different device architectures if not managed properly.
- roles: System Administrators, End Users
- references: https://aka.ms/HotpatchForWindows11Enterprise, https://techcommunity.microsoft.com/blog/windows-itpro-blog/skilling-snack-hotpatch-on-windows-client-and-server/4358086
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-04-04 | MC Messages | Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version 24H2 and x64 (AMD/Intel) CPU. With hotpatch updates, you can quickly take measures to help protect your organization from cyberattacks, while minimizing user disruptions. You'll first create a hotpatch-enabled quality update policy in Windows Autopatch through the Microsoft Intune console. Devices managed by this policy will be offered hotpatch updates in a quarterly cycle. Eight months out of twelve, you won't need to restart the device for the security update to take effect.
When will this happen: Hotpatch updates are generally available on Intel and AMD-powered devices as of today, April 2, 2025, with the feature becoming available on Arm64 devices at a later date. For Arm64 devices, hotpatch updates are still in public preview. A new DisableCHPE CSP will be available for Arm64 devices shortly after the April 2025 security update. | Updated April 3, 2025: The language in the first paragraph was updated to provide more clarity on the update process.
Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version 24H2 and x64 (AMD/Intel) CPU. With hotpatch updates, you can quickly take measures to help protect your organization from cyberattacks, while minimizing user disruptions. You'll first create a hotpatch-enabled quality update policy in Windows Autopatch through the Microsoft Intune console. Eligible devices managed by this policy will be offered hotpatch updates in a quarterly cycle. Eight months out of twelve, you won't need to restart the device for the security update to take effect. When will this happen: Hotpatch updates are generally available on Intel and AMD-powered devices as of today, April 2, 2025, with the feature becoming available on Arm64 devices at a later date. For Arm64 devices, hotpatch updates are still in public preview. A new DisableCHPE CSP will be available for Arm64 devices shortly after the April 2025 security update. |
| 2025-04-04 | MC Title | Hotpatch for Windows client now available | (Updated) Hotpatch for Windows client now available |
| 2025-04-04 | MC Start Time | 04/02/2025 18:04:18 | 2025-04-04T01:25:27Z |
| 2025-04-04 | MC Last Updated | 04/02/2025 18:04:19 | 2025-04-04T01:25:28Z |
| 2025-04-04 | MC End Time | 04/02/2026 18:04:18 | 2026-04-04T01:25:27Z |
Last updated 2 months ago
