The Windows Update pausing guide that is linked above will get you as close to your goal as possible. Pausing updates on W10/W11 doesn't disable it entirely, but turns off the primary automated features, and then it continues to run a limited number of components that check for and install things it deems critical, such as certificates and Defender patches.
Using all the tweaks in that guide will:
- Pause updates out of the box on a clean install
- Allow updates to pause forever, rather than the 35 day limit
- Prevent drivers from automatically downloading or installing
- Prevent Microsoft Store apps from automatically updating
Microcode updates aren't going to be affected by anything unless you're deleting the microcode files, and you will know if you are. I don't know how NET updates are handled for sure, since I don't use them, but I'll bet pausing Windows Update will stop those patches from downloading and installing, so if you want those updates they'll need to be done manually.