This is an excellent question and it brings up a lot about network edge design. Now ISPs will provide you with a connection to the Internet where their equipment is assigned the public IP address and performs NAT (if necessary). In this case, you would connect a Layer 2 switch to that router and connect all of you internal devices.
The other option is to have their equipment function in Layer 2 mode and have the public IP address assigned to your own layer 3 device, i.e. a router.
Now both options are valid, however, each has its own advantages. The first solution leaves all of the edge configuration to the ISP. They set up NAT, firewall rules if any, and deal with all of the L3 functionality at the edge. It’s their device so they are in charge of it. This is good when you don’t have the necessary expertise and/or manpower to administer the edge devices appropriately but gives you less control over what is configured and what functionality occurs. The edge devices provided by the ISPs may also have limited capabilities.
The second option gives you more flexibility, and allows you to have more control over what goes on at your network edge. You can choose the appropriate piece of equipment to install at the edge depending on what operations and functionality you require. You have direct access to this device so you can immediately configure NAT, security rules or any other feature that the device offers. This will require more administrative hours and a higher level of expertise, so make sure you know what you’re doing if you make this choice.
My suggestion is that if you have the budget, and if you feel confident enough, get a good set of routers and have a go at configuring the features yourself rather than relying on the ISP. It’s good experience and it gives you more control over your network.
I hope this has been helpful!