[nine_k]

In every company in the US where I ever worked, my contract explicitly stated that all communications from company-provided devices belong to the company. I very much see the point. For private communication, use your own device and a guest network, a setup also seen everywhere. I haven't seen a BYOD setup that would allow whatever you please on the corp network. Did you? What industry it was? Genuinely curious; I believe a lot of things exist that I'm not aware of.

> isn't HTTP content makes the whole monitoring crap easier?

Not really. HTTPS remains encrypted where servers reject a downgrade, but an intruder can potentially force a downgrade in something misconfigured and snoop something important without having the root key.

> not carbon friendly

I suspect that switching off some of the endless lights in offices when sunlight more than suffices would have a seriously larger energy-saving impact.

[est]

> I haven't seen a BYOD setup that would allow whatever you please on the corp network.

You are right, there are rules, like the custom TLD is for authorized LAN users only. A public resolvable address is risky be cause the domain has a traceable ownership and identity, it relies on unnecessary external authorities.

For the migration I am considering deploy a company wide cert. But also I am frustrated because browsers shouldn't dictate the kind of Intranet structure we use.

If we still believe the Web should remain open, let the browsers behave more neutral.