A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows:

• Full disk encryption is enabled.

• "Always On" corporate VPN is enabled.

• eFuse-backed keystore is enabled.

• Wi-Fi 6 is configured with SAE.

• Location services is disabled.

• Application allow list is unconfigured.

Assuming the hospital policy cannot be changed, which of the following is the best way to meet the hospital's objective?