I am in agreement with the others. If you have Microsoft 365 then:
1.) You can upgrade these Win 10 pros to Win 10 Business or Enterprise depending on your Win 10 SKU
2.) Enrolling them into Azure AD means you can then manage them with Microsoft Intune and apply compliance, configuration and app protection policies to the local machines. This includes functionality like enforcing bitlocker, passwords, closing down the windows store, turning off the cameras and numerous other things.
3.) By Azure AD joining you can push the bitlockers keys up to the Azure AD user
4.) If you have the right Microsoft 365 SKU you can start implementing application SSO with Azure AD
5.) You can set up Autopilot so that as soon a new machine joins AAD it is setup out of the box