Update Domain

In Azure a logical group of the underlying hardware that undergoes maintenance or is rebooted at the same time. Azure distributes VMs across update domains during maintenance at least one instance of the application always remains running. The order of update domains being rebooted may not proceed sequentially during planned maintenance, but only one update domain is rebooted at a time.

As VMs are created within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.

If a serious security vulnerability is identified and a patch created. It’s in Microsoft’s interest to get that applied to the host underneath your VM as soon as possible which is a rare exception but it has happened. The update and/or patching of the service will walk through your update domains one after the other.

Virtual machines in the same update domain will be restarted together

In this example which includes a SQL cluster with two nodes and a file share witness, none of the VMs shares the same Fault Domain nor the Update domain and makes total sense. Being a cluster each node has independent network and power and in case it needs to be upgraded/rebooted by Microsoft it will never happen at the same time for any of them.

Sources: