Strategy for machines for employees at a small business
Solution 1:
Remote desktop over VPN for everything risks being a truly terrible experience. Input lag. Slightly more difficult to support multiple monitor setups. Video or audio calls over IP possibly being complete garbage. Internet downtime means no work done, due to no local files or web browser available.
Delete the desktops. Buy decent laptops, and spares. Share the same models of laptop for both in and out of the office use cases.
Get tools to manage and secure devices. Which should be done in either scenario, which makes your argument that remoting into desktops is more secure not very compelling.
Issue hardware tokens for multi factor auth. Disk encryption. Force password change on loss. Remote wipe. Remote support procedures to fix or replace machines. Possibly outsource fixing hardware, to a vendor that does on site repairs or fast ship of replacement.