What is the best method to disapprove/deny/not approve the monthly "Preview" updates? I don't want to install them as I don't feel like beta-testing updates in production environments, but I also don't want them counting against us as they are otherwise listed as "Missing/Approved". Is there a way to deny current and future updates based on a name, so you could exclude *Preview*?
There is no built-in way to deny patches based on their name. The preview patches are almost always released on the 3rd Tuesday of the month, so on that day run a manual patch scan on one machine with each OS that gets previews and then decline the patches. Not ideal, but otherwise you'd have to run some SQL script to take care of it (assuming you are running on-prem) which is risky unless you know what you're doing :)
The following SQL code will dump out all the KB's in the system which don't have a patch override present.
If you run this every so often, you can then add your overrides for each patch via the GUI.
SELECT t1.kbArticleId as pd, t1.updateTitle
FROM patchData as t1
left outer join patchKbOverride t2 on t1.kbArticleId = t2.kbArticleId
where t1.updateTitle like '%preview of%' and updateTitle like '%Quality Rollup%' and t2.kbArticleId is null
group by t1.kbArticleId, t1.updateTitle