@David Prentice Welcome to Microsoft Q & A Community Forum. To patch Azure machines as per configured schedules, please change patch orchestration to "Customer Managed Schedules (Preview)". This will set Patch mode to "AutomaticByPlatform" and BypassPlatformSafetyChecksOnUserSchedule to "true", which will ensure machines are patched using your configured schedules and are not auto patched. This change is not applicable to Arc-enabled servers.
Once the setting BypassPlatformSafetyChecksOnUserSchedule is set to true, remove the schedule associated to the maintenance configuration. Then neither autopatch nor the schedule patch will run.
Reference documents: