There are a lot of different “right” answes to this, and the only “wrong” ones are the ones that end up with patches not installed.
What is your starting point? Do you have a single baseline containing all of your patches, or do you have baselines separated by OS (i.e. one baseline for Win10, another baseline for 2016)? Do you keep separate baselines for non-OS stuff (like a baseline for Office, third-party updates, or the like)?
The simplest form would be to have a single baseline containing all of your required patches. In that scenario, I would organize the baseline into component groups, putting the prerequisites like servicing stack updates first, and include a task to reboot the machine (when the machine isnin a pending restart state) after the prerequisites. The next component group would include any service packs, rollups, etc. and include another reboot after that (again, only for things in Pending Restart), followed by a third component group of the normal monthly patches. When taking the Action, configure a post-action restart with timers and messaging as needed.
Advantages to that? If a prerequisite installed and flags the machine as pending restart, a restart happens. If nothing in the first component group is relevant, then the machine will not be in Pending Restart and we can safely skip that reboot. Either way the machine continues to the next component group (possibly after restarting).
Disadvantages? When you include a Task to restart the machine, you don’t get any options in terms of user messaging, delay options, or cancel options. You also don’t control exactly when the reboots happen - it’s just “sometime after the baseline starts, whenever it’s ready to reboot”. That may be ok for servers that are blocked out in, say, a 2-hour maintenance window, but end-users on their laptops may not appreciate it so much.
Since you list out separate Maintenance Window and Reboot Window, that may not work so well for you either. Since it had become a common occurrence that MS patches require sequencing with multiple reboots, you may end up needing to define two sets of patch and reboot windows. A first phase to do prerequisites and reboot, then a second phase to do patches and reboots. You could give these windows separate values, keep separate baselines for Prereqs and Patches, and use the “Run only when…” constraints on the actions to keep your prereqs and patches running in separate windows.
There are also a lot of options you could do around “breadcrumbs”, or having a task at the end of each baseline setting a client setting and using that value to step through a workflow. Or more customizations around Maintenance Windows. Or Orchestration / Server Automation.
In the end, what are the most important factors to you? Patching as early as possible? Minimizing the maintenance window time? Minimizing the number of reboots? Controlling the times of reboots? Having a gentler user experience around the reboots and messaging?