Microsoft will enable hotpatch security updates by default for all eligible Windows devices managed via Microsoft Intune and the Microsoft Graph API starting with the May 2026 security update. Updates will be delivered through Windows Autopatch, which Microsoft says will halve the time to reach 90% patch compliance and can be managed or disabled using Intune controls that go live April 1, 2026. #WindowsAutopatch #MicrosoftIntune
Keypoints
- Microsoft will enable hotpatch security updates by default for eligible Intune-managed Windows devices starting May 2026.
- Hotpatch updates are delivered through Windows Autopatch to apply fixes without requiring device restarts.
- Microsoft estimates hotpatching will halve the time needed to reach 90% patch compliance.
- Admins can opt out at the tenant level or configure hotpatch per device using Intune controls available April 1, 2026.
- Device readiness can be verified with the Hotpatch quality updates report in Intune and admins have until May 11, 2026 to prepare.