The tool sets you’re looking for fall under a category called IaC (infrastructure as code). They allow you to define environments and add installers and configuration to those environments. Typically they require an extra network-accessable server to act as a controller for the toolset.
My personal go-to at work for exactly what you’re asking is Puppet.
I’ve never heard of IAC on Windows desktops. IAC is about consistent building of cloud resources. These are individual physical devices and probably aren’t all being flashed and rebuilt with every deployment.
Configuration Manager / intune / sccm / whatever they change the name to next is the first-party solution from MS. It has always been able to modify an existing install. Push out a fresh piece of software, reconfigure one, uninstall one, force a group to update a gpo or update windows, etc…
Most universities use intune/puppet/chef for this in labs and for deployed desktops/laptops to faculty/staff to keep things up to date and consistent.
As I understand it, IAC is not about managing devices. When a IAC created device needs an update, you update the config, blow away the device, and build new.
Ansible and puppet manage devices. If you need a change, you send the package or config or reg key. You can’t blow away a device and build identical, like you can with IAC. At least not easily and without lots of careful group management.
That said, IAC is changing fast and I may not be up to speed on all the features of those tools. We’re an MECM and intune shop, with a bit of jamf on the side.