Remote access just for certain AD users without the use of SSH, auditable - possible?

New Contributor III

Hi all.
We have the requirement of once in a while Service Desk being able to remotely access to a Mac client (with it's user being asked for consent and being aware of the remote session running and being ended), but as we are also a highly-regulated business, we have certain restrictions in the internal use of ssh.
Is any of you aware of a remote access solution working without ssh? If ssh is a necessary requirement, would it be possible to limit its use to certain AD users and/or groups?
For the sake of compliance auditing, can its use being granularly logged?
Thank you for your two (or even more) cents. πŸ˜‰
Best regards