Hotpatching Windows 11 Enterprise with Intune
Today, we’re diving into the latest and greatest update for Windows 11 Enterprise – Hotpatching! If you’re like me, you’re always looking for ways to keep your systems secure without the hassle of constant reboots. Well, hotpatching is here to save the day!
What is Hotpatching?
Hotpatching is a game-changer. It allows you to apply monthly security updates (the B-releases) without needing to restart your device. This means less downtime and more productivity for your organization. It’s like magic, but for your Windows updates!
Why Should You Care?
Imagine this: You’re in the middle of an important task, and suddenly, Windows decides it’s time for an update.
You reboot, and everything grinds to a halt. Not fun, right?
With hotpatching, those pesky reboots are a thing of the past. Your device stays up and running while it gets the latest security fixes.
Hotpatch Calendar 2025
Microsoft has released a hotpatch calendar for 2025 It shows two types of updates:
- Quarterly Baseline Updates: Every quarter (January, April, July, October), devices receive a baseline update that includes the latest security fixes, new features, and enhancements. This update requires a system restart. Monthly
- Hotpatch Updates: In the months following the baseline update (February, March, May, June, August, September, November, December), devices receive hotpatch updates. These updates focus solely on security fixes and install without requiring a restart.
| 2025 1B | 2025 2B | 2025 3B | 2025 4B | 2025 5B | 2025 6B | 2025 7B | 2025 8B | 2025 9B | 2025 10B | 2025 11B | 2025 12B | |
| Baseline & Restart | X | X | X | X | ||||||||
| Hotpatch | X | X | X | X | X | X | X | X |
Hotpatch and Autopatch: A Seamless Duo
Windows Autopatch is like your trusted autopilot for updates. It automates the deployment of updates, including those hotpatches we talked about earlier, to all windows devices in Intune. No more manual grunt work or late-night patching marathons. Just set it and forget it! But let’s get down to the nitty-gritty. To tap into the magic of Hotpatch and Autopatch, your organization needs to have the right licenses. Specifically, you’ll need:
- Windows Enterprise E3/E5
- Or equivalent subscriptions like Microsoft 365 A3/A5 or Windows 365 Enterprise
With these in hand, you’re all set to unlock a seamless, reboot-less update experience. Hotpatching under the Autopatch umbrella ensures that your devices stay updated, secure, and running smoothly without constant interruptions. It’s all about maximizing productivity while minimizing downtime—because who has time for reboots, right?
Enable Hotpatching with Intune
To take advantage of hotpatching, your Windows 11 Enterprise devices need to be running version 24H2 or later. You’ll also need Virtualization-Based Security (VBS) enabled and the latest Baseline Release installed. If your devices meet these criteria, you’re good to go!
Configuring hotpatching is a breeze. Head over to the Update CSP (Configuration Service Provider) and look for the new setting: AllowRebootlessUpdates. Enable this, and you’re all set! Here comes a detailed guide:
- Access the Intune Admin Center:
Start by logging into the Microsoft Intune admin center. Navigate to Devices > Windows updates > Quality updates - Click Create and select Windows quality update policy
- On Basics, enter a suitable name and description and select Next
- On Settings, configure and enable these settings and then click Next:
“Apply the latest cumulative quality updates for security”
“When available, apply without restarting the device (“Hotpatching”)
- Finish the configuration by adding the appropriate Scope tags and assign the configuration to the correct targets
Wrap-up
Hotpatching isn’t just a theoretical improvement. It’s been tested and proven on Windows Server for two years now. By bringing it to Windows 11 Enterprise, Microsoft is ensuring that your devices stay secure without interrupting your workflow. Hotpatching is a significant step forward in keeping Windows 11 Enterprise secure and productive. It’s a win-win for IT admins and end-users alike. So, why not give it a try and see the difference for yourself?
About The Author
