Ideal Setup?

Good morning,

I am running a small (less than 10 devices) small business with unique high security needs on intune. Deviced are hybrid joined to azureAD (no local server). As for app deployment, I honestly don't know if a preferred enterprise app deployment option exists in a small business setting vs. a large enterprise, which we're not. Here are the options I an considering and was hoping anyone could just weigh in:

1. deploy using intune deploy in cloud configuration
2. upload packaged msi files or LOB (when required if modern web link option unavailable) in apps secion on Microsoft Endpoint Manager
3. deploy on azure VM
4. deploy on microsoft managed desktop
5. deploy using microsoft deployment toolkit (MDT)
6. deploy using windows 365

I think 5 is an adjunct to 2 but am unsure. There are just a lot of options and I don't really know what, if any, works best.

I am a physician, not an IT admin, so a straightforward approach with support for my Microsoft Endpoint Security policies is really all I need. I do have one dynamic device that is an ultrasound screen. I do discern corporate vs. personal devices and assign policies based on user or device groups where appropriate. I would have to read a lot to use scripts but do customize with URI admin templates. So, hopefully there's an ideal option that can keep letting me manage the way I have grown accustomed to, but I am willing to learn new things if an alternative strategy has benefits that outweigh the time committment to learn this all.