KevonHayes-3427, Apologies for the delay from over the weekend. Thanks for the great question.
1/2:
Firstly, in regard to your point on patching App Service hosts – App Service being a PaaS (Platform as a Service) offering users are only required to focus on their code, and not to worry about managing the underlying Virtual Machines and other resources with the latest security updates, OS patches and so on.
App Service applies monthly updates to the resources, making sure our customers’ code is always running on the most recent security patches and OS versions available.
App Service update cycle:
Before beginning worldwide updates, we deploy first to a private region which is not commonly accessible. Only after testing is validated there, we begin to roll out to datacenters across the globe. Our typical time for completing updates worldwide is about 10 business days, which allows us to deploy during each region’s off hours and also avoid deploying to Paired Regions at the same time (for example, East US and West US).
Kindly check these docs for more info:
The magic behind App Service OS updates
How and when are OS updates applied?