Obviously you need to make sure the server serving the thin clients have protection first off. If your running windows thin clients then yes, use VSE or see if MOVE supports the infrastructure. Linux could benefit from VSEL as well. I guess you would also have to factor in the overhead of running an antivirus solution on thin clients, to make sure you have enough resources.
I know if you are in the DoD environment it is required to meet DISA requirements, and I believe in the healthcare industry required to meet HIPAA.
The server already is - just a Win2012R2 box, so takes MA/VSE and is happily managed from ePO.
Dont know if you're familiar with IGEL OS; the thins are not-really-thins, as they boot a linux install that is managed from the management console on the server. EVERYTHING on them is configured via the management console, to the point where you can't even install or run anything from the endpoints without it being specifically allowed and configured.
Ultimately the only use of the thin clients is to boot straight into an RDP session as soon as it logs in, so in the end, the user may not even be able to use the igel desktop at all (or even see it, after I've finished configuration). But I've been tasked from on-high to ask the question and test, so that's what I'll do!
Yeah, never heard of or used IGEL, we use citrix xendesktop with MOVE doing the AV. It sounds like your thin clients are more of read only so it would be a lot harder to get infected, but if they are still able to use iexplore.exe I am sure there is some way it could be exploited down to the server.