I am sure all of you guys are about to get busy for Thanksgiving!
this is a short blog about Hotpatch.
This morning, while I was checking for updates regarding my tenants and looking for the new hardware inventory setting, I was pleased to see that the new setting “Hotpatch for Windows” had appeared in my tenant. Before we discuss it, let’s first go over the details.
We are all familiar with quality updates and the security patches released on the second Tuesday of each month. Microsoft has created a hotpatch for Windows 11 24H2 that allows these updates to be applied without requiring a restart. Typically, after monthly updates, the device must restart to install all security patches and to update the build number (the last four digits of Windows).
According to Microsoft, there will be two types of updates each quarter. The first update will occur in January, April, July, and October and will include a full security patch and new features, requiring the device to restart. The second update will be a light update, referred to as a hotpatch, and will take place in February, March, May, June, August, September, November, and December. This type of update will download and install immediately without requiring a restart.
diagram has been created by Microsoft Copilot
So, what is the befit of Hotpatch?
The device receives the same level of security patching as the standard monthly updates released on Patch Tuesday. Hotpatch updates take effect immediately and do not require any user intervention and less work for IT team. Users can maintain both productivity and security without needing to restart their devices.
Requirements:
Note: of course, I am not going to mention you should already have Intune and configured Windows Autopatch and have Windows 11 24H2.
You have a license E3/E5/A3/A5 or Windows 365 Enterprise subscription.
Windows 11 24H2 build (Build 26100.2033 or later).
Let’s configure the policy:-
Login to Microsoft Intune Admin Cente> Devices> Windows> under Manage Updates, click on Windows Updates> Quality Updates> Create a new policy “Windows quality update policy (preview)”
Click Next
Click Next
In the Settings menu, you have two options. One option is already selected and is grayed out “Apply the latest cumulative quality updates for security.”
The second option, “when available, apply without restarting the device (“hot patch”).”
Note: the device(s) in Autopatch ring will get the same deferral, deadline, and grace period
Click Next and assign it Group of devices; I have a group of all devices.
I’m unable to provide updates at this time since I must wait until December or when Microsoft releases the update.
Thanks for reading, and have a happy Weekend, Thanksgiving or holiday holiday 😊
Resource:-