Hi,
by default Microsoft is not patching your VMs. If you deploy VMs (its IaaS) you are responsible...

If you would use Azure SQL oder Managed Instance for example (its PaaS) than you have no access to the windows machines under your sql service. Here MS will update Windows and SQL...

Azure only offer IaaS and Paas..

But there is an Feature called Autopatching: https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching - with that serice you can enable patching by MS

Hi

Yes, it is true that Microsoft offers automated patching for virtual machines (VMs) hosted on the Azure platform. With automated patching, Microsoft will automatically apply critical security patches and updates to the VMs in your subscription, reducing the need for manual patching and ensuring that your VMs remain secure and up to date.

However, it's important to note that automated patching is an optional service and is not enabled by default. You can choose to enable or disable the service, and you can also specify a maintenance window during which updates should be applied.

It's also worth noting that Microsoft will not apply patches to custom applications or configurations on your VMs, so it's still important to test patches and updates in lower environments before applying them to production environments.

Regarding your question about whether Microsoft has admin access to your VMs, it's important to understand that Microsoft does not have access to your VMs unless you have explicitly granted them access. Even with automated patching enabled, Microsoft does not have direct access to your VMs, and all patches are applied automatically using a secure and controlled process.

In summary, while Microsoft does offer automated patching for Azure VMs, it's important to understand that this is an optional service and that you can choose to enable or disable it as needed. Automated patching can help reduce the need for manual patching and ensure that your VMs remain secure and up to date, but it's still important to test patches and updates in lower environments before applying them to production environments.
Here are some usefull links that provide more information on Azure virtual machine patching:

"Azure Update Management overview" - Microsoft documentation on automated patching for Azure VMs: https://docs.microsoft.com/en-us/azure/azure-update-management/overview

"Automate patching for Azure VMs" - A step-by-step guide on how to enable automated patching for Azure VMs: https://docs.microsoft.com/en-us/azure/automation/automation-update-management

"Azure VM patching strategies" - A Microsoft blog post that discusses different patching strategies for Azure VMs: https://azure.microsoft.com/en-us/blog/azure-vm-patching-strategies/

"Security update validation and deployment" - Microsoft documentation on best practices for testing and deploying security updates: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-update-validation-and-d...

I hope these resources are helpful for you!

@lfk73 

I thought they are mention Windows 365 (SaaS) and Update Management with Azure Arc but under preview stage starting from last year