Hi,
As a best practice, keep ARM and CM config as default and APP RF as per your requirement, if you want to enable application fitering and control then you work with AppRF other wise leave it.
Other important beast practices are,
1. Keep number of SSIDs as less as possible ( under 8)
2. Keep disable extended SSID
3. Try to avoid using internal DHCP if possible
4. Manage IAPs through Central if possible
5. Configure stringent policies and enable Enterprise level (Dot1x) security for internal employees and enable Guest access for Guests with walled garden.
Hope you got more clarity on this. please feel free for any further help on this.