During my time at a Microsoft Partner before joining Microsoft and now at Microsoft, customers are asking me, if Microsoft does the patching of Azure IaaS VMs.
The answer is no. But with the latest updates to the Update Management solution in the Operations Management Suite, you can now configure an automated patching schedule for your Azure IaaS VMs.
When you have a look at the Update Management solution in OMS, you can see required updates for Windows Server and Linux VMs running on Azure or on-premises. They just have to be connected with an OMS workspace.
In the main view of the Update Management solution just scroll to the right side to get to the point of managing update deployments.
There you can define a one time, a weekly or monthly schedule. The possibility adding different VMs to different schedules ensures that your services running on Azure IaaS VMs will be always available during an automated patching schedule.
After a run you can check the update deployment result and dig deeper into it, when you need information about which update got installed on which VM.
As you can see, Microsoft does not do an automatic updating of your Azure IaaS VMs. But you get the freedom of choice, if you want to patch your VMs manually or automate the patch deployment with a few simple steps through the Operations Management Suite.