[2-4-Flinching]

That sounds terrible.

That is a crazy amount of bandwidth usage to VPN out and then back into the the network through the same pipe is a waste. Not counting the licenses and even the ability to maintain that many connections at a given time. Going off of the use cases I have actually done.

It not hard to setup WPA2 Enterprise with assigned VLAN access, heck you can even assign it based on the device, meaning Joe signs in on his laptop and he gets internal access but when he signs in on his cellphone it goes straight out. Each connection is assigned based on need and checked by the IT department.

The OP doesn't even say they are given internal access just network access, which could be straight out to the internet. The majority of cellphones used in my company are VLAN straight to the internet but there are cases where tablets and cellphones need access to server and shares that they are assigned to a VLAN they are on.

[rando444]

I regret mentioning VPN. Most people don't VPN with their phones, it's possible, but most people don't. They use their phone to access their company e-mail and sometimes other services which are open on the internet already. It's a small amount of traffic compared to the cost of trying to maintain an entire separate network just for some one-off use cases, forcing people to sign-in, register their devices, maintain the network, etc.

Of course there are special cases for tablets and such, but you'd treat those differently than someone's personal phone.

If they were given a connection "straight out to the internet" then it's even more bizarre to require strict regulations about their phones.

I see no advantages to letting people's personal phones on a corporate network.