[est]

> I haven't seen a BYOD setup that would allow whatever you please on the corp network.

You are right, there are rules, like the custom TLD is for authorized LAN users only. A public resolvable address is risky be cause the domain has a traceable ownership and identity, it relies on unnecessary external authorities.

For the migration I am considering deploy a company wide cert. But also I am frustrated because browsers shouldn't dictate the kind of Intranet structure we use.

If we still believe the Web should remain open, let the browsers behave more neutral.