Hi @Ahmed Essam ,
I'm not certain if there are best practices design-wise as every company/organization are unique and different, there are however common best practices for security and other configurations which you can find over here:
Windows Server Update Services best practices
https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
Security best practices for Windows Server Update Services (WSUS)
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-server-update-services-wsus/ba-p/1587536
----------
If the reply was helpful please don't forget to upvote
and/or accept as answer
, thank you!
Best regards,
Leon