Starting in May 2026, Microsoft will enable hotpatch security updates by default for eligible Windows devices managed via Microsoft Intune and the Microsoft Graph API. This transition utilizes Windows Autopatch to deliver updates that eliminate the need for immediate system restarts, significantly accelerating the patch compliance process for organizations.
Microsoft is fundamentally changing how Windows enterprise devices receive security patches by shifting to a hotpatch-first approach. Beginning with the May 2026 security cycle, devices managed through Microsoft Intune and the Microsoft Graph API will have this feature enabled by default. These updates are funneled through Windows Autopatch, a service designed to automate the maintenance of Windows and Microsoft 365 software across large fleets of computers.
Historically, the traditional update model created a notable window of vulnerability within corporate networks. IT administrators usually provided employees with a three to five-day grace period to restart their machines voluntarily before the system forced a reboot to apply patches. During this multi-day gap, devices remained unpatched and susceptible to exploits, presenting a constant challenge for security teams aiming for rapid remediation.
The introduction of hotpatching aims to resolve this friction by applying security code directly to the running memory of the operating system. Because this method does not require a full system restart to take effect, Microsoft projects that the duration required to achieve 90 percent patch compliance across an organization will be reduced by half. This allows for a much more aggressive security posture without the typical productivity interruptions associated with mandatory reboots.
Despite the move toward automation, Microsoft is providing administrators with the tools necessary to manage the transition. New IT controls are scheduled for release in April to help organizations prepare for the May rollout. These controls will allow administrators to manage hotpatching at the tenant level, giving them the flexibility to opt out entirely or to target specific groups of devices based on their internal testing and deployment schedules.
The company maintains that hotpatching represents the most efficient path to maintaining a secure environment. For those who choose to disable the feature initially, the process for re-engagement is a simple toggle within the management console. By allowing updates to be applied without restarting, Microsoft is attempting to balance the urgent need for cybersecurity with the operational demands of a modern workforce.
Source: Microsoft to Enable Windows Hotpatch Security Updates by Default