I’m interested in increasing the security of Windows laptops in an organization which is mostly Linux (R&D, product) but has Windows machines (laptops), from which engineers use connect to Linux dev machines and do their work (either in the office or remotely using vnc).
One approach that I heard is to create a Windows domain controller on top of a Windows Server and with group policies have a better control over the windows laptops. This would require having pro licenses (most laptops are home edition), and sounds quite expensive, both in time/labor to set it up correctly and in cost of licenses. We have no other use case for Windows server or Active Directory domain controller.
I saw a tool in one of the videos called Solarwinds RMM. Since in “securing a windows machine” my intentions are to ensure patching, and have control over what users install over their laptops, it looks like a better fit. I don’t know if this kind of tool is complementary or replaces the need for pro licenses and/or Active Directory domain controller.
I’m not an expert when it comes to Microsoft environment, and would love to hear any ideas or thoughts about this issue