I recommend to block the remote access apps on your MX Firewall and set a single app as default remote access and integrate it with LDAP Authentication. If an employee exists the company only remove the username on your Active Directory and that’s it. We as Network Security Engineer have to enforce policies in our company to keep it safe from the world. I don’t consider a good practice allow any remote access application in your Network because it opens a lot of attack surfaces.
For example you can enforce to only permit RDP from Microsoft and authentication with 2FA agains Active Directory.
If you consider my answer as solution please mark it as solution 😀
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA