Securing WordPress running on Azure platform

We have a static website hosted on Microsoft Azure. Our marketing team wanted a easy way to update it so WordPress was installed on Azure, the site was created, marketing team updates it. A WordPress plug-in exports their updates as HTML which is shown on the static website. By not allowing WordPress to constantly run, it reduces our risk of WordPress vulnerabilities.

Can using plug-ins like WordFence, iThemes security help for a case like this?

How can I ensure when newer versions of WordPress is released, it is updated automatically?

Any other advice would be appreciated.

I have gone through
https://docs.microsoft.com/en-us/archive/blogs/azureossds/best-practices-for-wordpress-security-on-azure

https://docs.microsoft.com/en-us/azure/app-service/manage-backup

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website