I would very much appreciate some advice please, in relation to my questions, as indicated, in relation to the following scenario:

Multiple users require unattended access to one remote PC.

All users work from home. Currently connect to remote PC with Teamviewer (ID and password).

Manager is concerned about security. Says remote PC is open to the entire internet.

Manager wants to implement Teamviewer's TFA-for-connections. Result: All devices on a list (in the remote PC's TeamViewer settings) receive a push notification to Deny or Allow each and every attempted connection.  

I've suggested, as an alternative solution, we add each user's computer to the Trusted Devices list on the Teamviewer Account to which the remote PC is assigned. Only trusted devices are allowed to connect. Authorisation of a trusted device is done via email. It's way less annoying. 

1) Does the alternative solution provide a similar level of authentication of connections to the remote PC?

If having the PC open to the internet is the primary concern, shouldn’t security and firewall policies of the remote PC be reviewed, rather than the authentication of connections made via one application?

2) Is this a fair statement?

Are there alternative solutions that don't require the purchase of additional software, aren't overly complicated to implement or to explain?

3) Is there a better way?

I realise the scenario described does not provide a lot of detail. If it's not mentioned, it's probably not happening 😩

Greatly appreciate all advice and suggested approaches.