Blog Post

Windows IT Pro Blog

5 MIN READ

Securing devices faster with hotpatch updates on by default

Microsoft

Mar 09, 2026

Windows Autopatch is enabling hotpatch security updates by default to help secure devices even faster. This change in default behavior comes to all eligible[i] devices in Microsoft Intune and those a...

A bar chart shows a comparison of the number of days to security compliance for hotpatch updates versus standard updates for four sample companies. Hotpatch updates are faster: three versus 6 days and 7 versus 19 days for the companies with 30,000 devices and 13 or 14 days versus 25 and 27 days for the companies with 50,000 and 70,000 devices.

Updated Mar 06, 2026

Version 1.0

device management

security

servicing and updates

windows 11

windows autopatch

Chris_Tulip

Microsoft

Joined June 13, 2022

View Profile

Windows IT Pro Blog

Follow this blog board to get notified when there's new activity

Animesh Joshi

Brass Contributor

Apr 23, 2026

Chris_Tulip,

Very informative article.

We have Hotpatch enabled at a tenant level through "When available, apply updates without restarting the device ("hotpatch") setting to Allow

One of our devices meets all pre-requisites as per https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates

In the following report, Hotpatch Readiness column says Ready

In the following report, Hotpatch enabled columns says No

I suspect even though it's set to allow at tenant level, a quality update policy needs to be setup for Autopatch registered devices? Mentioned at https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates#enroll-devices-to-receive-hotpatch-updates