if you give out laptops to employees so that they leave the office with them, then it will be useless to implement any technical means - only those very legal papers will help.
Well, do not give laptops \ (kensington lock, if they are purchased exclusively from you) to those who work purely in the office.
And as a relatively simple technical solution (purely preventing problems) - organize monitoring of the availability of all laptops on the network.
Whoever did not get in touch for more than 10 (from last evening until this morning or a business trip within one working day) hours - is put on the wanted list (if the corresponding piece of paper or a notice of business trip \ vacation \ illness \ remote work, etc. is not written)

Standard "shop" method with RFID tags and gates on all exits.
But what will prevent an employee from passing a laptop through a window, on the other hand.
And turning an enterprise into Alcatraz can be a difficult undertaking, with a budget to cover the leakage of two laptops a month.

Alternatively, you can install / write an application that works in stealth mode and sends / connects to the server on a specific port at specified intervals ... and on the server already monitors connections to this port. If the connection is not established from the office network, then send a notification ...
True, it will not save if the laptop is turned off / turned on without the Internet / reinstalled the OS

programs have long appeared find my laptop, put on each

All technical means will work only until the laptop is turned off and the HDD is reformatted / MAC addresses are changed. Don't think kidnappers are fools.
If you want technical means so much, make an electronic log book. Passed / accepted, financially responsible person, that's all.

I had a case at a subsidiary (I'm not the owner, of course): they constantly stole a tool. Some tools are very expensive and more or less compact - you can take them out under clothes. Shmonat everyone is not really an option. RFID was considered, but decided not to.
A huge decline in the loss statistics was provided by reports of theft. Three times, no more was needed.

When dismissing persons working with material assets, the norm is to recalculate these material assets BEFORE the issuance of the last salary.

Technically, it is useless to solve it (it is possible, but it will be expensive - more expensive than buying 20 laptops).
All companies have long signed a piece of paper about the receipt of working equipment and liability in case of damage or loss. According to this piece of paper, everything is easily withheld from the salary (and if the salary is not enough, then through the court).
The only thing is that all these laptops must be legally inventoried and sealed (in case only hdd / ram is stolen).

Make stealing laptops pointless. Set passwords for power on, hard drive, bios. Of course, they can all be removed, but no one needs this crap.

Make sure that laptops turn on only within the organization's Wi-Fi network.
Employees will understand that it is useless to take a laptop outside the premises.
Those. the task is to turn a laptop into a "brick" in a "foreign" environment.

1. Put a password on the BIOS
2. Allow the laptop / computer to turn on only after authorization on the central server.
What is really there you have Ldap or AD - and there and there it is simply done.
It turns out that you can turn on the laptop only inside the branded grid.
For gourmets, I also recommend encrypting disks.

As the most effective solution from a technical point of view, only a small GPS tracker with a modem and power supply (well, or bus powered, but I did not find any ready-made solutions) comes to my mind, hidden in the case.
In general, the most correct option, as mentioned earlier, is administrative measures. Transfer all equipment to a new employee and hand it over upon dismissal.