administrators
Private
Posts
-
Weekly KB report - April 29, 2025
Weekly KB report - April 29, 2025
This is the blog post that provides an overview and link to full report.
-
Weekly Security Report - April 29, 2025
Weekly Security Report - April 29, 2025This is the blog that provides an overview of the report and a link to the full report.
-
Intune Updates for the Week of April 14, 2025
Hotpatch for Windows 11 Enterprise is now generally available for x64 devices as of April 2, 2025. It's a new way to apply security updates without requiring a device restart, minimizing disruptions for users and providing immediate protection against vulnerabilities.
Here are the key points:
•Benefit: The main advantage is applying security patches without reboots, leading to less downtime and faster security compliance. Users can continue working uninterrupted during hotpatch updates. This can reduce the number of required restarts for Windows updates from twelve to just four per year.
•How it Works: Hotpatch operates on a quarterly cycle.
◦In baseline months (January, April, July, October), devices install cumulative updates (including new features) and require a restart.
◦In the subsequent two months, devices receive hotpatch updates containing only security fixes, and no restart is needed.
◦These updates are managed through a hotpatch-enabled quality update policy in Microsoft Intune.
•Key Prerequisites:
◦Specific Microsoft subscriptions including Windows 11 Enterprise E3, E5, or F3, Windows 11 Education A3 or A5, or Windows 365 Enterprise.
◦Devices running Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later) with the latest baseline update.
◦x64 (AMD/Intel) CPUs.
◦Microsoft Intune for management.
◦Virtualization-Based Security (VBS) must be enabled.
•Arm64 Devices: Support for Arm64 devices is currently in public preview and requires disabling Compiled Hybrid PE usage (CHPE) via a registry key setting and a device restart.
•Ineligible Devices: Devices that don't meet the prerequisites will automatically receive the standard Latest Cumulative Update (LCU), which does require a restart but keeps them secure.
•Management: You enable Hotpatch by creating a Windows quality update policy in Intune and setting the option to "Allow" applying updates without restarting ("Hotpatch"). Intune can detect eligible devices.In essence, Hotpatch is designed to enhance security and user productivity by applying critical security updates rapidly with minimal disruption caused by reboots.
The blog article is over here: https://www.checkyourlogs.net/intune-update-for-the-week-of-april-14-2025-hotpatch-updates-for-windows-11-now-generally-available/
Find the podcast on YouTube: https://youtu.be/Zev4MuZCRKw
-
RE: first test topic of epic proportions
Green light on the screen,
Code flows smooth, no errors seen—
Victory in clicks. -
🎙️ Welcome to the General Discussion Forum! 🗨️
This is your space to connect, collaborate, and spark conversation with other IT pros and PortalFuse users! Whether you're deep into Microsoft Intune, Entra ID, Windows 365, patching strategies, or application packaging, this is the place to share insights, ask questions, and bounce around ideas.
🧩 Got a cool workflow using PortalFuse?
Stuck on an Intune policy?
Building an MSIX package and need a second opinion?
Or just new here and want to say hi?You're in the right spot. Introduce yourself, and let’s build a strong, helpful community together!
#PortalFuse #Intune #Windows365 #EntraID #Patching #AppPackaging #Community
