*Microsoft has launched the first hotpatch update for Windows 11 Enterprise and Education, version 24H2, allowing faster compliance without requiring device restarts. Eligible users can enroll their devices through Microsoft Intune to receive these monthly security updates. The hotpatching process is designed to streamline security management while maintaining system performance.**:**
Introducing Hotpatch for Windows 11: What You Need to Know
Microsoft has just rolled out its first hotpatch update for Windows 11 Enterprise and Education, version 24H This update promises faster compliance for your devices, making it a game-changer for IT admins. Let’s dive into the details!
What’s New with Hotpatching?
Hotpatch updates are monthly security patches that don’t require a device restart. This means you can keep your systems secure without the downtime typically associated with standard updates. As Microsoft puts it:
“Hotpatching gives you flexibility. Critical updates are applied promptly, allowing you to schedule restarts on your terms.”
Devices enrolled in a hotpatch policy through Microsoft Intune will automatically receive these updates. The hotpatch update cycle includes:
- Baseline Month: In January, April, July, and October, devices must restart to apply the cumulative security update.
- Hotpatch Months: For the subsequent two months, devices receive updates without needing a restart.
Eligibility and Availability
Hotpatch updates are available for devices with x64 (AMD/Intel) CPUs and Windows 365 Cloud PCs. However, it’s important to note that:
- Hotpatching is exclusive to Windows 11 Education and Enterprise editions.
- Devices must have Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later).
To opt your devices into hotpatch updates, simply navigate to the Microsoft Intune admin center and adjust your Windows quality update policy settings.
Hotpatching on Arm64 Devices
Hotpatch updates are also available for Arm64 devices, but this feature is currently in public preview. A crucial requirement for these devices is disabling compiled hybrid PE usage (CHPE). As an IT admin, you must consider:
- Disabling CHPE is necessary for Arm64 devices to receive hotpatch updates.
- Testing is recommended to ensure acceptable performance and application compatibility.
Key Takeaways
Hotpatching is set to revolutionize how organizations manage updates. With the ability to apply critical security updates without restarts, IT admins can maintain productivity while ensuring compliance. Remember,:
“Hotpatching doesn’t eliminate your ability to restart—it gives you flexibility.”
Stay informed and leverage this new technology to enhance your organization’s security posture!
From the Windows IT Pro Blog articles
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
