Regarding RDP, the issue might be the same as no SSH into machines where you can break out of. Best practice for devs is to work locally and submit PRs? For non tech workers, I don't see the need to RDP anywhere since applications today are mostly cloud based, and others are license based, you'd need a license for the employee to use, say, autodesk tools, so they can install locally. No RDP is good advice either way.

For VPNs, I think they mean non company provided VPNs. So if they're needed, the company should provide them. I can se a scenario where your ISP throttling your traffic or you want to secure traffic and your employer has no VPN. Idk how I'd solve this one.

Verified working locations: I work usually from home or my office, but when I travel, it's usually not a secret where I am, I don't actively try to hide it, it's visible during zoom calls, etc. It's about the level of trust you build with your employer. I have stopped by HQ once or twice while on vacation but that is not required. Overall don't have shady patterns?

But...I am certain companies are not reasonable and some will conflate RDP with any remote thing. Others have no idea how to setup vpn infra, and others simply can't fathom that a remote employee can/should travel while working. So they will have policies that will make remote workers ineligible for hiring.

I believe most work from home. Certainly there are many “work from a cafe” or “work as a footloose traveler” people, but I think they are a small minority in practice.

RDP should be architected around, VPNs are fine just not _commercial VPNs_, and verified working locations here isn't about making sure you're always working from 123 Foobar street but about making sure you're in the country you say you are.