Microsoft to enable Windows hotpatch security updates by default
Summary
Microsoft is making hotpatch security updates available by default for Windows devices managed via Intune and the Graph API, starting in May 2026. These updates allow security patches to be applied without requiring a full system reboot. The feature is initially available for Windows Server and Windows 11 Enterprise multi-session.
IFF Assessment
This change is beneficial for defenders as it enables faster deployment of critical security patches, reducing the window of vulnerability without disrupting user operations.
Defender Context
Defenders should be aware of this change as it streamlines the patching process, potentially leading to quicker mitigation of vulnerabilities. It's important to ensure that eligible devices are properly managed through Intune and the Graph API to benefit from this automatic hotpatching capability. Organizations should monitor the effectiveness and any potential side effects of hotpatching in their environments.