Why being secure and transactable is a key to marketplace success
May 8, 2025The State of Coding the Future with Java and AI – May 2025
May 8, 2025
Improved control and consent over data sharing is a new feature coming to Windows Autopatch in June 2025. Plus, hotpatching—small and immediate security updates that don’t interrupt your workflow—is now accessible to everyone using Windows Autopatch.
In March, we announced that subscribers to Windows 11 Education and Business Premium SKUs have access to Windows Autopatch and will also enjoy these new features. Let’s dive in and share a little more detail.
Improved control and consent over data sharing
You’ve expressed your concerns about privacy and control when it comes to sharing your data. Some people want to share as much information as possible while others prefer to share less. Starting in June 2025, Windows Autopatch will offer improved reporting and troubleshooting capabilities based on your preferences. If there’s critical information that the service can’t access, Windows Autopatch will alert you to it. There are two levels of control to be aware of:
- Reporting and alerting: Most data in Windows Autopatch reporting is managed using diagnostic data settings. If you’ve disabled diagnostic data, you can still see your devices, but some columns will be empty, and an alert will let you know that Windows Autopatch can’t access information for that device.
- Improved troubleshooting: The Windows Autopatch client broker improves your ability to troubleshoot issues. For example, the broker can identify if devices may be sourcing updates from an old location, rather than the correct new location. As of June 2025, the Windows Autopatch client broker can be targeted however you want. For example, you can opt in to the Windows Autopatch client broker to help assess why a device may be experiencing update issues.
Bottom line: Data settings are no longer set for Windows Autopatch groups by default. Instead, you’re fully in control over what data you want to share with Microsoft.
Hotpatch updates are available through Windows Autopatch
A hotpatch update installs important Windows security updates once a month without needing to restart—securing your devices quickly without interrupting your workflow. Using hotpatch is easy and included if you are already using Windows Autopatch. To enable hotpatching for Windows client devices, you will need:
- Devices that have the most recent hotpatch baseline security update installed. (Baseline updates are offered quarterly as part of a normal security update. April was the most recent baseline month, and the next baseline is in July.)
- Devices running Windows 11, version 24H2 for x64 (AMD and Intel) CPU.
- Virtualization Based Security (VBS) enabled and running.
CHPE disabled for Arm64 devices. (Note: Hotpatching for Arm64 devices is still in public preview.)
If your devices meet the prerequisites for hotpatch updates, you can opt devices in (or out) for automated hotpatch update deployment using Windows Autopatch. From the Microsoft Intune admin center, navigate to Devices > Windows updates > Create Windows quality update policy and toggle to Allow.
Note: Your devices will still receive regular security updates even if they don’t meet the prerequisites for hotpatch updates.
Learn more about Windows Autopatch features
Explore the concepts and technology in detail and find answers to frequently asked questions about Windows Autopatch and hotpatch:
- Visit the Windows Autopatch documentation for more about Windows Autopatch client broker and hotpatch updates for Windows.
- Review the directions for activating hotpatch.
- Learn more about hotpatch for Windows client.
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.