Microsoft is enabling some Windows updates by default for several PCs

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft is flipping a big Windows update switch in May 2026. Some PCs will start getting security fixes instantly, and many restarts may soon be history.

 

Neowin · Mar 10, 2026 06:14 EDT

Blue Windows 11 update screen with This might take a few minutes dont turn off your PC written and a

Windows Autopatch is a managed service for enterprise customers to automate updates while empowering IT admins to ensure that endpoints are healthy and compliant through ring-based, staggered deployments. IT admins also have the ability to reverse updates easily if something does go wrong. Now, Microsoft is enabling hotpatch security updates by default for Autopatch customers.

Starting from May 2026, eligible Windows PCs leveraging Autopatch through Intune or the Windows updates API in Microsoft Graph will begin receiving hotpatch updates by default. Up until now, when IT admins began rolling out security updates, they would have to wait a few days for devices to restart and apply the patches. However, with hotpatch releases, these security updates are installed as soon as possible, without requiring any restart. This results in faster compliance across environments, also because security updates delivered via hotpatch are typically quite small.

After April 1, 2026, devices that meet the prerequisites for hotpatch, and have applied the April security update will begin receiving hotpatch updates following May 2026. It is important to note that hotpatches are applied after a baseline is met. This means that Autopatch will first install the April security update and then restart, after which security updates won't require a restart. Meanwhile, hotpatch configurations, such as rings and deferrals, for quality updates will remain intact.

Microsoft says:

Windows Autopatch is enabling hotpatching by default because hotpatch updates are the quickest way to get secure. As such, we recommend keeping hotpatch updates enabled for your devices. If you're not ready for this change, you can opt out groups of devices or the whole tenant.

The tenant setting to opt out of hotpatch updates is scheduled to go live on April 1, 2026. And because April is a hotpatch baseline month, you have until May 11, 2026 before any hotpatch updates are deployed.

IT admins can find out more details about this change and how to enroll PCs into Windows Autopatch here.

Comments (0)

format_indent_decrease
AI Article