Question #1:
Is it common to see an inconsistency between patches on the endpoint and what are available within the Workspace ONE UEM console. An example, would be, when standing up a Windows 10 endpoint, there are 4 x updates listed on the Windows 10 endpoint but they are not reported in the Workspace ONE UEM console and do not seem to get populated or listed at all.
Question #2:
If a Windows Update has been deployed to a Windows 10 endpoint and you unapprove the update, is it also removed from the Windows 10 endpoint.
You are likely running into this known issue for the first question: VMware Knowledge Base
Unapproving the update will not remove or rollback the update once it has installed. You can achieve this using a script or custom settings profile but there are some requirements when using the rollback API.
API Reference: Update CSP - Windows Client Management | Microsoft Docs refer to Roll Back section. You can then leverage the VMwarePolicyBuilder.com site to make a custom settings profile.
For more info regarding updates, please refer to Managing Updates for Windows 10: VMware Workspace ONE Operational Tutorial | VMware.
You are likely running into this known issue for the first question: VMware Knowledge Base
Unapproving the update will not remove or rollback the update once it has installed. You can achieve this using a script or custom settings profile but there are some requirements when using the rollback API.
API Reference: Update CSP - Windows Client Management | Microsoft Docs refer to Roll Back section. You can then leverage the VMwarePolicyBuilder.com site to make a custom settings profile.
For more info regarding updates, please refer to Managing Updates for Windows 10: VMware Workspace ONE Operational Tutorial | VMware.