I think it's important to make a distinction between secure boot features that are local-only, and remote management features. The "Remote Device Management baked into firmware" claim above carries with it some pretty important implications that are, as far as I can tell, not actually true.
It's not too different from scaremongering about Intel ME/AMT which is often maligned even in the context of computers that don't have the necessary Intel NICs for the remote management features.
I agree with your point about OP's statement regarding "where is not not needed Windows in any way, to the Remote Device Management baked into firmware as Apple does with its hardware" I also read that to mean that the firmware solution is self-contained and complete, even though that's pretty misaligned when you consider the meaning of a "remotely" managed device (remotely managed by what?).
But it's still entirely factual in my own description. When a device checks in during initial setup, the firmware-level boot process can receive policies that block alternative OS installation, and that absolutely is a feature of the firmware.
Anyway, I tried to interpret OP's meaning, and provided more detail on how Apple's firmware is special.