Enhanced Session mode establishes an RDP connection to the host which then connects to the virtual machine via VMBus. Security is most likely blocking at the host level, not the guest. I have not done a lot of work with this, but it should be enough to add the users into the host's Remote Desktop Users group. Obviously, that's not a wonderful thing, so you'll need to use other tools to prevent them from establishing a session on the host itself.
Enhanced session was not meant as a VDI stand-in, so under expected usage this is never a problem. RDPing direct to the guests is probably better. Understand that no matter how this is set up or configured, remote access to a Windows 10 desktop for anything other than administrative purposes (tech support on the Windows 10 instance or its apps) requires all sorts of licensing above and beyond what's needed for remote server access.