Microsoft Launches Hotpatching for Non-Disruptive Security Updates on Windows 11 Enterprise and 365.
Rebootless updates coming to Windows 11 Enterprise and 365 for security updates: Microsoft releases hotpatching for Windows 11 Enterprise 24H2 and Windows 365 Preview Editions.
Microsoft has begun rolling out the long-awaited hotpatch update for security updates on Windows 11 Enterprise 24H2 and Microsoft 365 Preview Builds. Once installed, users will be able to download and install the security patches through Windows Updates, without needing to reboot their device for them to become active. 🔄
“Hotpatch updates are targeted and provide a complete set of operating system security patches. No additional features are included,” Microsoft explains. “They are unique in that they take effect immediately upon installation without requiring a device reboot, helping to ensure fast, targeted protection.” 🛡️
HotPatch updates have been available on Windows Server 2022 Datacenter: Azure Edition since February 2022, and are now also available on Windows Server 2025. They are proving to be more than just a quality of life improvement, reducing system downtime for each reboot required to apply security patches.
Hotpatching updates the code in memory with the update, thus avoiding the need to reboot the system. This method also has other advantages, as mentioned by Microsoft:
- Fewer binaries mean updates install faster and consume less disk and CPU resources.
- Less impact on workload with less need to reboot the machine.
- Better protection, as Hotpatch update packages are geared toward Windows security updates, which install faster without requiring a reboot.
- Reduce time exposed to security risks and change windows, and facilitate patch orchestration with Azure Update Manager.
Hotpatching is incredibly useful for commercial workloads, as security patches are required on a regular basis, some more urgently than others. This means that users no longer need to schedule an update for a critical patch and coordinate a reboot for complex servers and clusters that use these operating systems. Microsoft also uses hotpatching for its clusters, such as the Xbox network. 🎮
We reported that Microsoft was testing hotpatching internally a few months ago, with the goal of rolling it out to 22H2 builds and Arm64-based devices, the rollout of which will be delayed by a full year.
There are limitations to hotpatching, as it only works for security patches. This means that Cumulative Updates, which are rolled out during the first month of each quarter, will require a reboot. It is worth noting that for Windows Server 2022 and 2025, hotpatching does not include non-security updates for Windows, .NET updates, or non-Windows patches such as firmware, drivers, and software updates, which will likely be the case with Windows 11 Enterprise and Windows 365 as well.
Windows 11 Enterprise editions are part of the Windows Enterprise subscription, which includes Enterprise E3, Enterprise E5, and Microsoft 365 Enterprise plans. Those who have subscribed to this plan will need a Windows 11 Pro license. Windows 11 Enterprise includes more features, such as Azure Virtual Desktop, Credential Guard, Direct Access, Universal Print, and more. Pro and Enterprise versions are designed for business users but with specific purposes. 💼
You might expect hotpatching to inevitably come to Home and Pro editions of Windows, though hotpatching is more beneficial on systems with a more complex deployment. Rebooting every system after an update is impractical for many situations, as it involves downtime. ⏳