Need solutions for…

Patch Management; Open Source Windows +Mac possibly based on WinGet
if a domain is present, use Group Policies. -requires PC onsite/connected
paid possibilities; N-Central, NinjaRmm

Android Cell Phone based IP KVM. Connect to WiFi, Install the App, plug the USB-C cable into a PC/Cellphone and point the camera at the screen. now you can control the PC without installing software, from a different continent, reboot and enter the bios, install an operating system. There is NO remote control software for Apple phones. Send one of these to each remote site and now you never need to ship a PC back when it has a virus/won’t boot/needs a risky upgrade/needs initial software load installed. bonus points if it can mount an image as a USB drive.
Current best solution is PiKVM or TinyPilot -no camera so doesn’t work with cell phones

Browser Plugin police; plugins can see what you type in pw fields. install via Group Policy or login script. Config in file or DNS TXT record. reporting via PushOver (easy) / Slack / Teams / email (harder). Config lists approved plugins and where to report un-approved plugins. Or trust a mfg. plugins are given a signature+version if they don’t already have. changes are reported. unapproved plugins are forced to disabled, when approve they become enabled.