More enterprise environments can now experience the power of security updates that do not require a restart. Hotpatching is now available for Windows 11, version 24H2 Arm64 devices. All you need to do is check your prerequisites, disable Compiled Hybrid PE (CHPE), and enroll these devices into a quality update policy with hotpatching enabled.
When this will happen:
Hotpatching for 64-bith Arm architecture is now generally available.
How this will affect your organization:
With hotpatching, your organization can benefit from:
- Faster compliance: Security updates are applied immediately, reducing the window of vulnerability.
- No downtime: Users stay productive—no forced restarts or interruptions.
- Smaller update payloads: Faster installs and easier update orchestration.
- Enterprise-grade control: Integrated with Microsoft Intune and Windows Autopatch for streamlined management.
What you need to do to prepare:
Review Hotpatching now available for 64-bit Arm architecture to check if you meet the prerequisites and additional guidance to get started.
A unique prerequisite for Arm64 devices is disabling Compiled Hybrid PE (CHPE). Do this in one of the following ways:
- Use the DisableCHPE policy. Apply the following configuration service provider (CSP) setting via Microsoft Intune or Group Policy, then restart the device once: ./Device/Vendor/MSFT/Policy/Config/Hotpatch/DisableCHPE = 1
- Use registry keys. You can also set the following registry key value to 1 and then restart the device once: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\HotPatchRestrictions = 1
Additional information: