Hello GRAY Mike
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
As per the security recommendations for virtual machines in Azure, it is recommended to apply the latest updates before creating custom VM images. You can use the Update Management solution in Azure Automation to manage operating system updates for your Windows and Linux computers in Azure.
Regarding your question about hardening the security of the VMs, it is recommended to follow the security recommendations for Azure Virtual Machines. You can find these recommendations in the article "Security recommendations for virtual machines in Azure".
As for your question about using AD DS to support GPO hardening, it is not mandatory to use AD DS for hardening the security of VMs in Azure. You can use other methods such as Azure Security Center, Azure Policy, and Azure Firewall to harden the security of your VMs.
For Windows-based VMs, you can use the Security Baseline for Windows 10 and Windows Server to apply security settings to your VMs. You can find more information about this in the article "Security Baseline for Windows 10 and Windows Server".
For Linux-based VMs, you can use the Security Baseline for Linux to apply security settings to your VMs. You can find more information about this in the article "Security Baseline for Linux".
I hope this helps!