Let’s talk about the most remarkable recent update for Windows 11. It introduces Hotpatch updates for Windows 11 Enterprise, version 24H2, and later.
Why is it significant for businesses?
Hotpatch allows security updates to be applied without requiring a system reboot.
Traditionally, installing updates on Windows devices often involved rebooting. This disruption was not good for workflows and employee productivity. But hotpatching addresses these issues by simply eliminating the need for restarts or downtime while providing all the necessary security fixes in a seamless manner.
Hotpatch, which has already been working on Windows Server for two years, is now available (in preview) for Windows 11.
This enhancement is undoubtedly a crucial development for organizations whose business types mandate minimum instances of downtime and require their systems to be up all the time.
In this blog post, we’ll learn the concept of hotpatching in detail and see how, step-by-step, we can configure Windows Hotpatch.
Overview of Windows Hotpatch for Windows 11 Enterprise
Hotpatching is a major shift in Windows 11 Enterprise update handling. They are a part of the regular monthly security patches (also known as the B-release). But the key difference is auto installation. So, you need to distinguish between baseline releases and hotpatch updates.
CLICK: Why Microsoft Defender is the Better Cybersecurity Option
Baseline releases are typically deployed every quarter. They include the latest security updates, features, system enhancements, but they still require a reboot. On the flip side, hotpatch updates focus exclusively on security fixes.
If you understand this difference, you can manage your update schedules quite effectively. This way, you ensure your security is maintained without sacrificing efficiency.
Eligibility Criteria for Windows Hotpatch Updates
You need to meet some specific requirements to take advantage of hotpatch updates on Windows 11 Enterprise.
First, the devices must be using Windows 11 version 24H2 or later.
Then, you must enable Virtualization-Based Security (VBS) to ensure secure installation. Another prerequisite is having the latest Baseline Release installed on the device.
If your devices do not meet this criteria, they will automatically receive the Latest Cumulative Update (LCU) instead. LCUs include the monthly updates that replace the previous month’s releases. They contain both security and non-security fixes. However, unlike hotpatch updates, LCUs require a system restart.
Configuring Windows Hotpatch Updates
In the Policy CSP, Update CSP (Configuration Service Provider), and configure Windows hotpatch for Windows 11.
You’ll find a new setting, AllowRebootlessUpdates. It has recently been added to this section. This is the setting that enables devices to receive hotpatch updates by ensuring eligible devices are enrolled properly.
There is this new policy recently created for Windows quality updates, solely focused on configuring the behavior of hotpatch updates.
CLICK: Fully Automated Migration from Active Directory to Entra ID
Below are the six steps required to set up this policy:
- Go to Microsoft Intune Admin Center
- Devices > Windows Updates.
- The Devices | Windows Updates page has a Quality Updates tab. Go to Create > Windows Quality Update Policy.
- Go to the Basics page. Give a good but unique name for the policy. Click Next.
- Go to the Settings page. Configure the following settings:
a: Set the slider for Apply the latest cumulative quality updates for security to Allow.
b: Set the slider for When available, apply without restarting the device (“hotpatch”) to Allow. This will enable hotpatch on the device.
- Go to the Assignments page. Choose the required user/device group. Click Next.
- Review + Create page allows you to verify the provided configuration. Click Create.
You have successfully enabled Windows hotpatching on eligible devices. However, remember, the configurations of the Update Ring will still be on.
Verify the Windows Hotpatch Configuration
Once the configuration is complete, it’s time to verify if the implementation was successful. There are several methods to check that.
CLICK: Setting Up Shared Channels for Cross-Organization Collaboration in Teams
First, a new report has been added to the Windows Autopatch reports. This report provides details about hotpatch quality updates.
Access it by going to:
Reports > Windows Autopatch > Windows Quality Updates > Hotpatch Quality Updates.
For a more credible verification, check the device itself. One of the easiest ways is to look for the hotpatch update in the list of installed updates. Check for the confirmation message that must be there if the update has been installed.
That said, you can examine the actually applied configs locally on the device. The best places to check are the Registry and the Settings app. Both provide clear evidence of the configuration.
Settings > Windows Update > Advanced Options > Configured Update Policies also provide the info you are looking for.
Registry also offers the direct link to the Update CSP setting: AllowRebootlessUpdates.
Lastly, Event Viewer offers logs of details about the recent config changes. Here you can get further confirmation.
Conclusion
Streamlining Security & Productivity with Windows Hotpatch Updates
Hotpatch updates for Windows 11 Enterprise devices have huge benefits for businesses looking to keep up security while staying up for 100% of the time. There is no more need for reboots. No more disruptions. Your workforce can stay productive all the time.
Configuring and then verifying hotpatch updates is a straightforward process. You really need to grasp it to enhance your organization’s ability to maintain a secure IT environment without sacrificing efficiency.
Windows Management Experts – Professional & Managed Services.
At WME, we specialize in providing professional Windows and Microsoft services. We help businesses like yours implement the latest changes into MS offerings so as to keep your workflows optimized and secure. No matter if you need expert guidance on configuring Windows hotpatch updates or implementing other Microsoft solutions like Azure, Microsoft 365, security services, etc., our team is here to ensure your IT is both secure and efficient. Let us help you master the complexities of modern IT solutions. Contact WME today to learn how our managed and professional services can empower you with the latest Microsoft innovations.
Windows Management Experts
Now A Microsoft Solutions Partner for:
✓ Data & AI
✓ Digital and App Innovation
✓ Infrastructure
✓ Security
The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.
