Event banner
Event details
Looping back to my post from last months event: we have done further testing and can confirm that once a windows insider device which usually has 'Preview' patches ("D" Release) applied has Hotpatching enabled, they no longer receive "D" release patches and only receive "B" release patches. It's making me think that we enable Hotpatching for our estate and exclude a test group of IT staff who will remain on the insider preview and continue to receive "D" release patches.
Last month it was suggested that there was no direct link between the two configurations, but it seems there is. I submitted Feedback as suggested but as yet haven't heard anything back.
Also on the subject of Hotpatching I see that to get it working on ARM64 devices you need to disable compiled hybrid PE usage (CHPE) as it is enabled by default - Hotpatch for client: Frequently asked questions - Windows IT Pro Blog
This can be done by manually setting the reg key as documented on the above link. We have had some pushback from members of our IT dept who are rightly hesitant to disable this without being fully aware of any potential impacts, are you able to offer any more guidance or reassurance on this? I am keen to enable Hotpatching as I think it will bring real benefits in terms of bandwidth usage reductions and reduced user downtime without having to reboot 8 of the 12 months to be fully protected, however we are looking to shift more towards ARM64 devices and a reg tweak on these just doesn't feel right.
MicrosoftHi nlmitchell - thank you for the feedback on D/B policy behavior. In terms of CHPE, some better news that a reg key. We now have a preview CSP to DisableCHPE, System Policy CSP | Microsoft Learn so no need to manually adjust the registry. In terms of impacts, we just published a great Hotpatch FAQ this week. Check out Hotpatch for client: Frequently asked questions - Windows IT Pro Blog for full details, but we do answer the question on impact of disabilng CHPE, which I've copied into here:
What's the impact of disabling CHPE on end-user experience on Arm64 devices?
For Arm64 devices, we recommend testing hotpatch updates with CHPE disabled. The expectation is a fully working system with acceptable performance and application compatibility. As an IT admin, you have the choice to use hotpatch updates or standard updates. If you choose to disable CHPE, the device is eligible to receive hotpatch updates. If CHPE is enabled, the device is only eligible to receive standard updates.
Thanks for the response EricMoe , I had in fact read through that article that you mention above, very informative.
I guess the best way would be to apply the config to a few of our Arm devices to see what happens, the phrase "acceptable performance and application compatibility" does make me somewhat wary mind you. That seems to suggest that the performance of the device won't be as good as it would be if you were to leave CHPE enabled??
Enabling it for Intel based devices seems a no brainer for me at the moment. I can feel an EID group with dynamic membership based on architecture coming on here :-)
- EricMoe
One thought is to do an A/B test - disable CHPE on some ARM devices, leave enabled on others. See if your users can detect any difference. I've disabled it on my test device and have seen no difference in experience, but ultimately you have the final decision.