While updating OS patches, we see that SQL Server is also receiving hotfix patches; we don't want to install SQL Server patches and we don't want to stop OS patches from installing.
Microsoft says "By default, Windows Update client is configured to provide updates only for Windows. If you enable the Give me updates for other Microsoft products when I update Windows setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software."
I did check this setting on the server and it was off and grayed out.
Hence, I believe when SQL Server was installed, the below option was checked and that is causing it to receive updates:
So how can we disable it through some policy or registry key?
Best Answer
Possibility 1 - Azure Update Management
From Configure Windows Update settings for Update Management, which your question quotes:
It goes on to say:
Possibility 2 - Automated Patching
Microsoft has another document for Automated Patching for SQL Server in Azure Virtual Machines.
Some of the references to "Enable/Disable Automated Patching" are ambiguous as to whether they apply to just the SQL updates or to all updates.
Additionally, some text in a screenshot implies that it is all-or-nothing.
But then it goes on to provide some Powershell code that sure looks like it can be configured specifically for SQL updates. To enable:
And to disable:
Because the Powershell command has "SqlServer" in the name, that sure implies that it can enable/disable SQL updates independently of any others.
Caveats
The Automated Patching document is from 07 March 2018. One of the joys of Azure is that they can change things for the better at any time. And one of the drawbacks of Azure is that they can change things at any time.
That document also mentions that not all SQL updates will be applied as part of this updating mechanism.
If you are seeing SQL service packs or cumulative updates getting applied, they must be coming from some other updating process.