Securing WordPress running on Azure platform

We have a static website hosted on Microsoft Azure. Our marketing team wanted a easy way to update it so WordPress was installed on Azure, the site was created, marketing team updates it. A WordPress plug-in exports their updates as HTML which is shown on the static website. By not allowing WordPress to constantly run, it reduces our risk of WordPress vulnerabilities.

Can using plug-ins like WordFence, iThemes security help for a case like this?

How can I ensure when newer versions of WordPress is released, it is updated automatically?

Any other advice would be appreciated.

I have gone through