VMM 2012 (maintained and expanded with R2 and 2016) finally introduced integration between update services and virtualization hosts (even additional Fabric Servers like library servers, PXE servers, the WSUS server itself and the VMM management server).
VMM supports on demand (marketing speak for manual) compliance scanning and remediation of the fabric servers using compiled Baselines (group of patches/updates).
The scope for VMM update management has been expanded with VMM 2012 R2. You can add servers such as Active Directory, DNS, DHCP and other management servers that are not VMM host servers, as managed computers. You can then use a Windows Server Update Services (WSUS) server to manage updates for these infrastructure servers in the same way that you do for other computers in the VMM environment.
VMM 2012 also supports Cluster Aware Updates (CAU) orchestrated updates - when remediations are performed on a host cluster, VMM places one cluster node at a time in maintenance mode and then installs updates. If the cluster supports live migration, intelligent placement is used to migrate virtual machines off the cluster node. If the cluster does not support live migration, VMM saves state for the virtual machines.
This feature requires a Windows Server Update Service (WSUS) server to be associated with VMM. After you add a WSUS server to VMM, you should not manage the WSUS using the WSUS console.
This feature is a big improvements but during my testing I found the manual nature of updating the baseline still a little cumbersome.
A new feature in Microsoft Azure called Update Management enables to centralize the patch management for On-Prem and Azure machines (VM and physical server). It’s a free feature until 500mn of automation in a month. Update Management is just an orchestrator and provides order to Windows Update service. So the 500mn are almost never reached only with Update Management.
Microsoft, HyperV/2019, DataCenter
Hypervisor Upgrades, Updates and Backup, Management