Starting with the news that it’s now possible to use
Windows 365 Win11 Enterprise 24H2 hotpatching. The previously introduced
functionality targeting Windows Server 2022 Datacenter: Azure Edition, gives
companies a chance to apply one or other security update without rebooting the
entire system. This translates into less downtime while still maintaining
security.
How Hotpatching Works
Hotpatching enables security updates to be implemented
and applied behind the scenes by replacing the in-memory code of the existing
processes. When the in-memory code is altered, the changes take effect
immediately and there is no need to restart the machine every time a subsequent
update is carried out.
Hotpatching, however, is unable to make feature
enhancements and its updates are solely for security issues so that protection
is delivered rapidly.
Quarterly Update Cycle
A quarterly update schedule pertaining to the devices
that utilize hotpatching has also been provided by Microsoft:
Quarterly Cumulative Updates:
During January, April, July, and October, devices receive quarterly updates
that encompass recent changes like incorporating new security patches and
system estimations alongside a system restart.
Monthly Hotpatch Updates:
In the two months that follow every quarterly hotpatch update, only security
patches are pushed out through hotpatching at the cost of no reboots.
Effectively, this reduces the number of reboots that
are frequent off the shelf from twelve to four ensuring enhanced productivity
with security measures on the go.
Hotpatching Eligibility Prerequisites
Prior to public preview and if an organization would
like to adopt hotpatching for Windows previously mentioned, the organization
needs to satisfy the following prerequisites.
If applicable, a subscription license by Microsoft
that contains either a Windows Enterprise E3/E5, Microsoft 365 A3/A5, Microsoft
365 F3 or a Windows 365 Enterprise license.
Windows 11 Enterprise, version 24H2, including Build
26100.2033 or greater on the devices.
Management via Microsoft Intune or Windows
Autopatch.
The devices eligible can be registered to hotpatch
automated updates via the new policy for Windows quality updates based in
Intune. The policy is also able to automatically enroll the eligible devices
which enhances the user experience.
Major Announcements in Ignite 2024
Microsoft made certain important announcements
relating to the following development during the Ignite 2024 conference in
Chicago.
Zero Day Quest:
A new hacking competition focusing on vulnerabilities of big tech and AI where
about four million US dollars is provided in prizes.
More information on Windows 11 Security
features:
Administrator Protection:
This is a newly introduced feature that is required for protecting admin
accounts.
Quick Machine Recovery:
Admins will be able to deploy Windows update target fixes to revive systems
that are powered on but are not bootable.
Zero Trust DNS:
Guarantees that all DNS requests are sent to the designated DNS server.
Config Refresh:
Allows administrators to bring the affected devices into a present state by
utilizing preset configurations.
Considering the expansion of space for hotpatching
along with the features that are to latch on further down the line, Microsoft
is positioning itself to fulfil its market promise of increasing security, and
manageability of its ecosystem and pushing efficiency.