Hi Mark,
Yes, your understandings are correct.
In the long term, use WSUS for updates’ applied and push is a common way in company, which is suitable to the clients that cannot connect to Internet. The following Microsoft document give us a step-by-step guide.
Deploy Windows Server Update Services | Microsoft Learn
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services
In the short term, just install the latest servicing stack update(SSU) and cumulative update(CU) is enough for a standalone client. The cumulative update includes the content of previous security-only updates, the later update includes all the content of previous updates, so you don’t need to install every updates appears in update catalog.
About Dynamic Update, you could get more information from here:
The benefits of Windows 10 Dynamic Update - Microsoft Tech Community
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.