Recent conversations with Apple have not yielded much support for a rapidly scaling worldwide-remote team. Our money's peanuts on the scale of things for them, so we need to take matters into our own hands with the strategies described.
It depends what you’re allowing it for. For most companies, letting people use gmail with strong authentication and short sessions on personal computers that are patched, encrypted and up to date is a very small risk compared to the productivity gains. If you’re a bank and you’re giving access to an internal app with customer data or worse money then definitely not!