Microsoft to Launch Windows Server 2025 Hotpatching Service on July 1st

Microsoft’s long-anticipated hotpatching feature for Windows Server 2025, previously exclusive to Azure, will become generally available as a subscription service on July 1, 2025.

This innovation, currently in free preview, enables organizations to apply critical security updates without the need for disruptive server reboots major shift in enterprise update management.

How Hotpatching Works: In-Memory Updates Without Reboots

Hotpatching fundamentally changes the Windows Server update process by patching the in-memory code of running processes, eliminating the need to restart the process or the entire server after most security updates.

This is achieved through a mechanism that injects updated binaries directly into memory, allowing workloads to continue uninterrupted.

The process is orchestrated through Azure Arc, which connects on-premises or multicloud Windows Server 2025 Standard or Datacenter machines to Azure’s management plane.

Once connected, administrators can enable hotpatching via the Azure Portal and Azure Update Manager.

The technical prerequisites include:

• Windows Server 2025 Standard or Datacenter (build 26100.1742 or later)
• Azure Arc connectivity via the Connected Machine agent
• Virtualization-Based Security (VBS) enabled (requires UEFI with Secure Boot)
• An active Azure subscription

Sample PowerShell for Azure Arc onboarding:

powershell# Install Azure Connected Machine agent
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt
# Connect to Azure Arc
azcmagent connect --resource-group <ResourceGroup> --tenant-id <TenantID> --subscription-id <SubscriptionID> --location <Region>

Once enrolled, hotpatching can be enabled through the Azure Portal’s Update Manager interface.

Patch Cadence, Pricing, and Limitations

Hotpatching operates on a quarterly baseline cycle: four times a year (January, April, July, October), a cumulative update requiring a reboot is released.

The remaining eight months feature hot patches that update the server without a reboot, dramatically reducing downtime.

On rare occasions, unplanned baseline updates may require an extra reboot for critical security fixes.

From July 1, 2025, hotpatching will be priced at $1.50 USD per CPU core per month for Windows Server 2025 Standard and Datacenter editions connected via Azure Arc.

The feature remains free for Azure Datacenter Edition users (Azure IaaS, Azure Stack, Azure Local), where hotpatching is included by default and does not require Arc connectivity.

Key limitations:

• Hotpatching covers only Windows security updates; non-security, .NET, and driver/firmware updates still require traditional patching and reboots.
• Quarterly baseline updates are mandatory to maintain update integrity.

Strategic Impact: Uptime, Security, and Hybrid Cloud Integration

The introduction of hotpatching for non-Azure environments marks a pivotal shift for hybrid and multicloud enterprises.

By significantly reducing the frequency of planned reboots, organizations can achieve higher availability, faster security patch deployment, and simplified change management.

Microsoft’s own Xbox team reports reducing patching cycles from weeks to days using this technology.

With Azure Arc’s adaptive cloud approach, hotpatching extends Azure-native update orchestration to any supported environment-on-premises, at the edge, or across clouds-ensuring consistent security posture and operational continuity.

In summary, Hotpatching for Windows Server 2025, launching as a paid subscription in July, brings cloud-grade update agility to all enterprise environments, promising fewer reboots, reduced vulnerability windows, and streamlined patch management for modern IT operations.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates