So run it through Parallels. If IT doesn't want to do it that's a different problem, but the Windows on Intel Macs hasn't been a problem for business programs for a while.

Microsoft somewhat already did the work needed to migrate of windows by making Active Directory and Group Policy irrelevant.

With office 365 and intune you can essentially have the same control as traditional AD joined machines actually Intune probably has better management than GPO these days.

The only thing that is still missing for corpo is Intune for Linux and even that isn’t 100% required as long as there will be Intune for Edge on Linux, once you can manage the browser the majority of the controls the organization needs are handled.

“custom software written in Winforms or something that can't be ported”

I haven’t seen any of these in almost a decade. there are specialized use cases that require some specialized software, but for most business operations the software works cross platform or runs from web apps. I used to keep a parallels instance to run MS SQL server for some tasks but we have even transitioned that to a less propriety setup.