As far as SharePoint and the other M365 SaaS services, those are updated by Microsoft with no interaction needed from you. Desktop installed Office apps can be and are set for automatic updates by default, but in my experience you’ll need to manually push updates for them periodically.

For Azure, as @Rykzon@discuss.tchncs.de said, any SaaS/PaaS and security back end are kept up to date by Microsoft - but if you’re running Windows / Linux VM’s in Azure, the patching inside those machines is on you unless you’ve setup automatic VM guest patching in Azure:
https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching

For the rest of it… how are you handling patching for your other clients? What patching and/or RMM tool(s) are you using? If you’re not aware of how patching is handled “in the cloud”, how are you handling it within the network?

(edit) - For knowing what’s going on with Microsoft patch day, the real answer is that IT shops / MSP’s of a certain size have a patching team who keeps up with news about updates, and likely a security team who keeps an eye out for critical security vulnerabilities and remediations. If you’re not big enough for that, here’s at least a starting point for Microsoft patching:
https://www.techrepublic.com/article/insiders-guide-to-managing-microsoft-patch-tuesday/