> (on Linux you had to do things yourself at the time AFAIK, I don't think the situation has improved much)

You can schedule the updates any time you want, want to do it staggered then configure that, want to do it all at the same time then do that, want it with a random interval also possible. I don't see the "you need to do everything yourself" option as much as any managed environment.

I haven't been a sys admin in a very long time so my systems knowledge might be outdated, but I reckon functionality like intune's built-in monitoring of specific feature install failures would make a huge difference with a few dozen systems, let alone the hundreds of thousands you see in some of today's deployments. It's not like that stuff isn't possible on Linux, but if you're coordinating more than a few systems, that turns into a big, expensive project pretty quickly.

Centralized management is very useful, just a random delay is not enough. One of the (big) companies I worked with had jury rigged something with chef I believe to show different machines different "repositories" and roll things out progressively (1% of the fleet, 5%...).

Staggering is necessary in some cases. I've heard of scenarios where a company has lots of devices in the field which all simultaneously try to download a big update, and DDOS the servers hosting that update.