Ok, thank you. Yes, I would like them all to meet the same requirements. If I did this, how would I tell what they are using to meet that requirement?

Ideally I would like to know that they have the control in place but also that say the Windows device is protected by defender. Not using Symantec for example.

Would I amend the control to state that it is controlled by Defender?