the logical conclusion is
When you think about it, all of the arguments in the article seem to point to locally installed Windows, managed with SCCM, SCOM, and using Direct Access for connectivity to the office.
If users want personal stuff on the machine then dual boot can be used to provide two perfectly secure OS partitions which run at "baremetal" speed.
P.S. desktop PCs should never be referred to as "Iron" - even Wintel servers are "Tin"