Bit of a long reply, as forced fortnightly rebuilds sound draconian but they really aren't.
We shun the traditional approach to managing users computers and laptops because it doesn't work. Technology should help people do their job, not get in the way of it. End users should be empowered to customise their working environment (directly or indirectly) to meet their needs. Of course that has to be balanced against satisfying security audits and compliance with DPA, GDPR etc..
What we have on-prem works very well, rebuilds and all. It is a technology company and even the folks working in HR and finance can find their way around customising "the build" to make changes. For the few that can't, we are on hand to help. Every aspect of the build is in source control, which the whole company has access to. Changes are committed, approved (providing they aren't installing malware or breaching licensing requirements) and effective immediately for the next build. They can grab another machine, reboot and rebuild it, test their changes work.
In other companies I suspect a feature request is made by one mechanism or another, ticketing system or up and back down through several layers of management. We don't even have a ticketing system because of the latency it introduces, and if we can't as a team react immediately to a request, we are doing it wrong.
We don't do massive disruptive roll-outs. Users are not left waiting ages for machines to update. Or as happened to my partner recently, presentations dont get disrupted by BIOS updates rolled out by an IT department in the middle of the working day. The machines are fast and responsive. Software is always up to date. Having machines in a known-state makes problems easy and quick to diagnose. Most users know how to make their machine rebuild when they do have a problem with it or want to get it back into the state it was in before thr screwed up a lod of settings. And rebuilding a machine is often quicker than working out a registry hive has been corrupted. Problems that crop up are dealt with quickly, even it is a case of swapping out a machine and fixing it on the bench. And as the desktop side of things is well managed, most of our time is free to concentrate on the infrastructure our platform runs on.
Sadly, all this falls apart with remote working which is why we are looking at employees buying their own hardware with an allowance and solving the compliance aspects via other means.
People who have left the company who I am still in-touch with actually miss the approach we take.