Microsoft has made hotpatching generally available for Windows 11 ARM64 devices, enabling security updates without restarts. This breakthrough reduces downtime, speeds compliance, and streamlines patch management—empowering ARM64 users with faster, seamless updates and enhanced productivity. Unique :
Hotpatching Hits 64-bit ARM: What You Need to Know
Microsoft just expanded its hotpatching magic to 64-bit ARM devices running Windows 11, version 24H This means faster security updates without annoying restarts are now available beyond just x64 CPUs. If you manage ARM64 fleets, this update is a game-changer for minimizing downtime and boosting productivity.
What’s New with Hotpatching on ARM64?
Hotpatching lets Windows apply security fixes while the system runs, skipping the usual reboot. Since its April 2025 launch on AMD/Intel devices, millions have benefited. Now, ARM64 devices join the party with the same perks:
- Instant security compliance with immediate patch application
- No forced restarts, keeping users uninterrupted
- Smaller update payloads for quicker installs
- Enterprise-grade control via Microsoft Intune and Windows Autopatch
“With Hotpatch and the Autopatch feature updates, we have seen a more enhanced system with minimized downtime and streamlined patch management.” – Pat Macfarlane, Senior Workstation Engineer, TriNet USA, Inc.
Key Technical Steps: Disabling CHPE
Before hotpatching can work on ARM64, you must disable Compiled Hybrid PE (CHPE). This compatibility layer supports x86 emulation but conflicts with hotpatch updates. Disabling it is straightforward using Microsoft Intune policies or registry changes:
- Set the DisableCHPE policy via CSP:
../Device/Vendor/MSFT/Policy/Config/Hotpatch/DisableCHPE = 1 - Or use registry key:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\HotPatchRestrictions = 1 - Restart the device once to apply changes
Don’t worry—x86 apps still run in emulation mode after disabling CHPE. However, test your workloads to catch any performance shifts before wide deployment.
How to Enroll Your ARM64 Devices
Getting started is simple. Use Microsoft Intune’s admin center to create or edit a Windows quality update policy. Enable the option “When available, apply without restarting the device” and assign it to your ARM64 groups. This enrollment ensures your devices get hotpatch updates starting next month.
“Secure smarter. Patch faster. Restart less.” – Microsoft Windows IT Pro Blog
Why This Matters
Hotpatching on ARM64 means your organization can maintain security without sacrificing uptime. It’s perfect for modern, always-on environments where every minute of downtime counts. Plus, integration with Intune and Windows Autopatch makes management seamless.
Ready to modernize your update strategy? Check prerequisites, disable CHPE, enroll devices, and enjoy faster, less disruptive security patches on your ARM64 Windows 11 machines.
From the Windows IT Pro Blog articles
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
