Microsoft is preparing to deploy the first security hotpatch for generally available Windows 11 Enterprise version 24H2 systems, targeting the second week of May 2025, according to company documentation the Microsoft Learn site explains.
This marks the operational debut of the reboot-minimizing patch technology on the client OS, following its public preview announcement At Ignite 2024, Microsoft revealed that it would bring a “revolutionary” new Hotpatch feature to Windows 11 Enterprise version 24H2 and a period of availability for testing hotpatch for Windows client.
The company promotes the feature as a method to “With hotpatch updates, you can quickly take measures to help protect your organization from cyberattacks, while minimizing user disruptions”, according to the Microsoft Learn site (quoted in article).
Preparing For The Patch
Administrators managing eligible Windows 11 Enterprise fleets need to ensure specific conditions are met before this initial hotpatch can be applied without requiring a system restart. Critically, devices must have the April 2025 baseline update installed first.
Additionally, systems need to be explicitly enrolled in the hotpatching program enroll your devices into hotpatching. This enrollment is managed through a dedicated policy configured within the Microsoft Intune console. To assist IT departments, Microsoft has provided a suite of resources Hotpatch for Windows client now available, including technical guides Hotpatch updates and user information Understanding security updates without restart.
Understanding The Hotpatch Cadence
The hotpatching system operates on a predictable quarterly cycle Live hotpatching debuted as a new feature in Windows Server 2025 in early November 2024, detailed in the Windows 11 hotpatch calendar. Each quarter begins with a ‘baseline’ month (like April) where a standard cumulative update, containing both security fixes and potentially new features, is installed and necessitates a reboot.
The following two months (May and June in this cycle) are designated for hotpatches. These updates focus solely on security fixes and are designed to be applied directly to running system processes in memory, thus avoiding a restart Hotpatch updates take effect immediately and don’t require user attention., according to Microsoft (via article).
Microsoft maintains that this method delivers the Devices receive the same level of security patching as the standard monthly security updates released on Patch Tuesday. compared to traditional monthly updates. While the aim is fewer disruptions, the company acknowledges that occasional critical updates outside the baseline schedule might still force a reboot Enabling the feature for an Arc-connected server.
Management Tools And Requirements
Beyond Microsoft Intune for policy management, the Windows Autopatch service, which helps automate update rollouts, also integrates with the hotpatching feature (a service included with certain enterprise plans).
Microsoft recently broadened the availability of Autopatch to include licenses such as Microsoft 365 Business Premium. Access to hotpatching on Windows 11 is included with specific subscriptions Windows Enterprise E3/E5 subscription, namely Windows 11 Enterprise E3, E5, F3, Windows 11 Education A3, A5, or Windows 365 Enterprise.
It’s confirmed that specialized hardware, such as a Copilot+ PC, is not needed The first Windows 11 hotpatch update since general availability is coming to enterprises in the second week of May 2025,. However, platform support is currently limited to x64 (AMD/Intel) systems; ARM64 devices are excluded for now. The feature is also unavailable for Windows 10 or unmanaged Windows 11 Enterprise builds.
Server Side Contrast
This client-side rollout follows the introduction of hotpatching for Windows Server its successful implementation in Windows Server, initially with Azure-specific editions Windows Server 2022 Datacenter: Azure Edition and later expanded with Windows Server 2025 Windows Server 2025, extending its capabilities to on-premises systems.
Microsoft is employing a different strategy for Server 2025 instances managed via Azure Arc in on-premises or multicloud settings. Starting July 1, 2025, this capability will transition from a currently free preview status to a paid subscription, a departure from the client model where it’s tied to existing licenses.
Microsoft promotes the server feature as a way to shorten the window of vulnerability, according to Microsoft, and improve operational efficiency, with one manager calling it a potential This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration… and you may finally get to see your family on the weekends., according to Hari Pulapaka, Microsoft General Manager of Windows Server.
