No More Reboots: Windows 11 Hotpatch Now Live

Microsoft has announced the rollout of its Hotpatch technology for Windows 11 Enterprise devices running version 24H2 on x64 architecture (AMD and Intel). As of April 2, 2025, this feature is available to all enterprise customers with an eligible subscription and Intune configuration. The innovation enables the installation of critical security updates without requiring a system reboot, thereby minimizing operational disruptions and enhancing overall system security.

Hotpatching stands as a cornerstone of Microsoft’s ongoing strategy to bolster the security and performance of Windows. While already widely implemented across Azure environments, the technology is now extending its reach to client devices.

The benefits are both immediate and substantial. First, updates take effect the moment they are installed, dramatically narrowing the window of exposure to potential threats. Second, users can continue working without interruption: the majority of security updates delivered throughout the quarter do not require a reboot. Only once every three months—during a designated “baseline month”—is a system restart necessary to apply cumulative changes, including new features and improvements. All other updates are delivered quietly via Hotpatch.

The update cadence is structured as follows:

• January, April, July, October: Baseline months requiring a reboot.
• All other months: Hotpatch updates are applied without the need for a restart.

As a result, the number of annual reboots due to updates is reduced from twelve to just four. Devices still receive all essential security patches, equivalent to those on the standard update track.

To enable Hotpatch, organizations must have one of the following subscriptions: Windows 11 Enterprise E3/E5/F3, Windows 11 Education A3/A5, or Windows 365 Enterprise. Devices must be running version 24H2 (build 26100.2033 or later), have Virtualization-based Security (VBS) enabled, and be managed via Microsoft Intune with the appropriate quality update policy configured.

For devices using Arm64 architecture, Hotpatch remains in public preview. Enabling it currently requires the manual disabling of CHPE support via the registry. A dedicated CSP will be introduced in upcoming updates to streamline this process.

The new update policy is already available within the Intune interface. Administrators can activate Hotpatching by creating a new quality update policy and toggling the relevant parameter to “Allow.” If the device meets all prerequisites, it will automatically transition to the seamless update model.

According to Michael Meyer, Senior System Administrator at Krones AG, the technology has fundamentally transformed their approach to security: “At first, we didn’t realize how critical it was for updates to take effect immediately. Now we understand—it dramatically reduces risk and eliminates unnecessary headaches.”

Hotpatch is officially available for all Windows 11 Enterprise users on Intel and AMD processors starting April 2025. Support for Arm64 devices will follow at a later date.