We have people using two factor authentication to VPN onto our network. For security, as it stands, people with home PC's/laptops access our network by having to RDP onto their own local machines at work and then accessing the network drives. This was just to prevent the SMB port being open and reduce the possibility of viruses transferring from local PC's onto our own PC's as we don't have control of their machines at home.
As the company shifts more and more towards mobile usage, more and more users are beginning to request direct access to the actual network now, i.e. once they have VPN'd to our Firewall, to directly map to the network drives. We use Watchguard firewalls.
What would be your proposition for such a scenario? Would you offer them access to the network with extra security measures in place, such as having them install applications that would control ransomware/viruses etc?