When you're supporting ten thousand machines on four continents and confirming to twenty different data protection doctrines the last thing you need is some neckbeard rocking up demanding to store data in their unauditable homebrew fork of Haiku or some shit.
What is achieved with GPOs and agents is compliance, not security.
In other words, company issued devices don't protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.
Many good IT people really do care about actual information security, but not those in charge.
The result are devices that hinder some people's work but provide questionable actual security.
Oh, wait until you get a job in most offices. Microsoft, Microsoft everywhere.
BYOD with Linux? "We can't install the company's spyware on it, get that security risk out of here."
When you're supporting ten thousand machines on four continents and confirming to twenty different data protection doctrines the last thing you need is some neckbeard rocking up demanding to store data in their unauditable homebrew fork of Haiku or some shit.
What is achieved with GPOs and agents is compliance, not security.
In other words, company issued devices don't protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.
Many good IT people really do care about actual information security, but not those in charge.
The result are devices that hinder some people's work but provide questionable actual security.