Since Arc brings Azure like services and ARM to on-premises boxes, you should allow machines onboarded through Arc to participate in Azure Groups in AA / Update Management. Consider this scenario:To manage groups for Non-Azure machines onboarded to Update Management, you can either read in the membership of onboarded servers in AD groups, WSUS groups, or SCCM groups or teach the people who manage patches a bunch of Kusto queries so they can build the proper dynamic patch groups. It would be much easier for people to simply use tags (as they can with Azure native VMs) and build dynamic azure groups based on these tags. If Arc is supposed to bring Azure's management capabilities to on prem boxes, and you can tag Arc machines the same way you would Azure native machines, then it stands to reason you should be able to use dynamic azure groups based on tags in Update Management.
