Actually the Azure Security Center is in public preview, but nevertheless it is a very useful extension to the existing Azure services.
-> https://azure.microsoft.com/en-us/blog/azure-security-center-now-available/
First of all you have to define the security policy for your subscription. Afterwards the Azure Security Center will install the data collection agents on your Azure VMs.
Now you have to wait until the scans are completed and then you will get the notifications about the update status of your VMs.
Actually the update status is only available for Windows based VMs, but you get exact insights which updates are missing.
After you have installed the updates and the next scan cycle is finished you see a healthy Azure VM environment in your Azure Security Center.
So it is easy to keep your Azure VMs up to date, even you are not using a monitoring or patch management solution in your Azure environment.