Windows 11 systems can be segregated off into a new WSUS Group and then you can approve only the upgrade for W11 23H2 to that group. That way only those systems will see it and get it.
Windows 10 systems that have W11 23H2 approved (assuming you approved it to the group that contains W10 systems), would check to see if there are any hardware blocks and if not, it would install the upgrade to W11 onto those systems. If there are hardware blocks, W11 will not be offered.
WSUS bypasses the WUfB "soft blocks" (user experience issues like crashing due to driver issues) and will install on systems if it is approved and meets the hardware requirements. For this reason, you should test the Upgrade FIRST before releasing it to your network.