Out of interest, what are your issues with applications in the user's profile?
(Like most reg readers I've worked in IT a long time so I'm familiar with many of the classic responses to that question). eg.
*Users can download and install apps themselves : Use application control, now they can't.
*Profile bloat : all VDI shops use a profile management solution that helps you manage profile bloat, be it UPM, UEM, FSLogix etc.
*Files can be downloaded and overwrite genuine files : use application control, now they can't.
The profile is just 'a piece of disk', but it happens to be one that roams with the user. Permissions aren't hugely relevant because - application control. If you view the 'user profile' as an area where the user has full read\write, unmanaged access to save and execute whatever they want, then sure I can see the problem.
Application control is the key - doesn't matter what NTFS permissions there are, or what process is trying to do the reading\writing - application control has a vice-like grip on it all. I'm not trying to say it is a utopia, it needs careful thought and implementation (like the rest of our IT systems).
1. Say NO to these apps your users\business needs, because 'SECURITY'.
2. Use your weight with the application vendors to have them see the 'error of their ways' and change the way they package and deploy their applications.
Or - accept it, you can't control what business critical (or non-critical) app your users will need next week, or how it is packaged\delivered, but you can ensure you have an IT environment that is capable of dealing with it whatever it may be.
I suppose different approaches to the same problem.
None of us want to work in an IT team that just says 'No' to everything all the time, like we did in the 90's/00's. We have technology these days that should enable us to say 'Yes!' a lot more now :) Or- maybe 'Yes!, but......'.
The real reason I think for the move away from MSI (VSTOR, C2R, Squirrel etc.) is WVD, full-on user virtualisation in Azure (hence FSLogix purchase), flexibility for software deployment on-the-fly, no reboots, self-updating apps etc. Sounds good right if we can manage it effectively!