If all prerequisites are met to receive hotpatch updates, you can enable or disable them by going to Devices > 'Windows updates'> 'Create Windows quality update policy' in the Microsoft Intune admin center to create a Windows quality update policy as shown in the screenshot embedded below. "The Windows quality update policy can auto-detect if your targeted devices are eligible for hotpatch updates," Microsoft added today. Other requirements include an x64 AMD64 or Intel CPU, Virtualization-based Security (VBS) enabled, and Microsoft Intune to manage hotpatch update deployment with a hotpatch-enabled Windows quality update policy. Eligible Windows 11 Enterprise 24H2 devices managed by this policy will be offered hotpatch updates quarterly, following the same ring deployment schedule as standard updates. Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. You'll first create a hotpatch-enabled quality update policy in Windows Autopatch through the Microsoft Intune console," Microsoft said in a Wednesday message center update. To enable hotpatching for Windows client devices, you will need a Microsoft subscription (i.e., Windows 11 Enterprise E3, E5, or F3, Windows 11 Education A3 or A5, or a Windows 365 Enterprise subscription) and a Windows 11 Enterprise 24H2 PC with the current baseline update installed. Microsoft first added Windows Hotpatch support to Windows Server Azure Edition core virtual machines, making it generally available in February 2022 for systems running Windows Server 2022 Datacenter: Azure Edition. On devices where hotpatching is available, Windows allows users to install OS security updates by downloading and installing them in the background without rebooting the device.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 02 Apr 2025 18:05:19 +0000