Hotpatching Now Available on Windows 11 ARM64 Devices

Microsoft has announced that the hotpatching feature is now available for Windows 11 version 24H2 ARM64 devices. This feature allows security updates to be applied to a system without requiring a reboot.

Microsoft introduced hotpatching support for x64 devices with Intel and AMD in April 2025. It works by directly updating the code in a computer’s memory while the operating system is running, without modifying the files on disk or requiring a system reboot. It replaces or modifies specific functions or instructions in memory, which allows critical updates to take effect immediately while the system continues operating normally.

Key benefits: Faster, safer, and reboot-free updates

Microsoft highlighted that the hotpatching feature offers various benefits for Windows 11 users. It eliminates the need for system restarts by applying updates directly to the running memory, which helps reduce downtime. Updates are applied immediately to help organizations stay compliant with security requirements more quickly.

The update packages are smaller, which makes installations faster and easier to manage. Additionally, hotpatching integrates seamlessly with tools like Microsoft Intune and Windows Autopatch, giving IT administrators centralized and efficient control over update deployment.

“Since general availability on x64 (AMD/Intel) CPU devices in April 2025, hotpatch adoption continues to grow rapidly. Millions of devices and thousands of customers have been receiving updates during hotpatch release months. Thanks to those of you who have already tried hotpatching and are now enabling it across the majority of your fleets. Your overwhelmingly positive feedback highlights the strong confidence in the value it delivers,” Microsoft explained.

Prerequisites

To enable hotpatching, devices must be running Windows 11 Enterprise version 24H2 (Build 26100.2033 or later). Moreover, the Windows 11 devices must be managed via Microsoft Intune with a hotpatch-enabled update policy. Customers must also have one of the eligible licenses, including Windows 11 Enterprise E3/E5, Microsoft 365 F3, Windows 11 Education A3/A5, Microsoft 365 Business Premium, or Windows 365 Enterprise.

Additionally, Windows 11 PCs must have Virtualization-Based Security (VBS) enabled. Devices should also have Compiled Hybrid PE (CHPE) disabled (specific to ARM64).

How to enroll Windows 11 Arm64 devices in hotpatching

Microsoft says that administrators can enroll Windows 11 Arm64 devices in hotpatching by following these steps:

• Go to the Microsoft Intune admin center, and navigate to Devices > Windows updates > Quality updates.
• Select Create Windows quality update policy to create a new policy.
• To edit an existing policy, select it from the list under Name. Then, select Edit next to Settings, on the following screen.
• Next to Automatic update deployment settings, set the “When available, apply without restarting the device” option to Allow.
• Assign the policy to the Arm64 device group.

Microsoft releases hotpatch updates on a monthly schedule, which allows most updates to be applied without restarting the system. However, this process isn’t entirely restart-free. Every three months, a baseline update is released that does require a system reboot to ensure the system remains stable and fully up to date.

After installing this baseline, users typically receive two months of hotpatch updates that don’t require restarts. However, keep in mind that there may occasionally be exceptions where certain updates require a reboot due to their nature or scope.