Be very careful in how you implement whatever solution you end up going with.
My company has a few desktop computers that are used remotely by WFH employees. Over the years they’ve used a few different solutions with varying degrees of success, but eventually settled on the built-in windows Remote Desktop since it was the best performing solution. It’s like being there.
About 3-4 years ago they got hacked; an IP from Ukraine brute forced the password and was able to gain access. The hacker was interrupted in the process of clumsily installing some ransomware by hand and no damage was done, but they would up setting it so 3 wrong passwords would lock the account. Looking at the logs the computer was being attacked hundreds of times per day from dozens of IPs. Blocking non-domestic IPs put a stop to most of that.
Use a non-standard port, create a strong password, turn on the setting that locks the account after a couple attempts, and check your logs regularly.