[dusted]

Just wipe the laptop and let them install Linux, but make it very clear that it is not supported and they'll have to find out how to do everything themselves.

If they can, great, no problem, if they can't, they can be fired for failing to do the job, not for refusing to use the provided system.

[senttoschool]

Definitely shouldn't do this unless the company's IT department already supports Linux. Configuring Linux, securing it, tracking it, managing it, all for one person is a huge effort.

The top comments and I share the same view.

[geysersam]

> is a huge effort.

Just use a stable distro, install the security updates and eat your spinach.

What "managing and tracking" needs to be done that the default package manager cannot do for you?

[viraptor]

For example connecting to an enterprisey VPN solution integrated into AD to access your exchange mail. Your options here may be limited to: install a supported system, or reverse engineer the provided configuration and pray you're a good enough expert in IPsec, Kerberos, and emulating a custom 2fa app which relies on secure boot and keys in TPM. Your onboarding starts tomorrow... and go!

From the policy side of things, you may run into "your laptop is not reporting that the latest windows or macos patches have been installed, you're required to have them installed".

[joezydeco]

The enterprise-y stuff isn't getting easier. My last Corp job, the VPN wouldn't let you in unless the active Win64-based agents were installed, alive, and scanning every file you create, download, or delete.

It was way easier to accept the Windows laptop and just run Virtualbox all day long in full screen.

[wkat4242]

Well duh.. The company is responsible for its security and data privacy (think millions in GDPR fines). In order to do that they need to be able to secure the system, mandate patches, monitor suspicious behavior using EDR/XDR etc.

This sort of thing is not optional anymore and just dicking around with an unmanaged laptop and copying stuff onto unmanaged drives will be more and more difficult.

This stuff is not because of distrust or to make your life difficult. It's to protect the company and its customers.

What they should do though is support all business required OSes, not just Windows. Our company is pretty good at that and despite me doing all the work on managing non-windows compared to entire teams of Windows management people it works pretty well and users are happy :) Though I recently moved.

Not always about the amount of security software they have to deal with but these are just needed in this day and age.

I do understand your frustration though, as most enterprises don't care about developers if they're only a single-digit percentage of users, and have terrible IT processes like ITIL.

[joezydeco]

What they should do though is support all business required OSes, not just Windows.

That's not an enterprisey thing to say. MacAfee, CarbonBlack, ViperSnot, etc all go for the low hanging fruit which is massive corps with 10K+ Windows seats. They won't support Linux ever and personally I get it. It's no big deal. You find ways to work around it.

[viraptor]

> It's to protect the company and its customers.

Also to make IT life easier. "You're getting updates when we say so, logs are getting shipped back and aggregated, every new binary started gets reported" approach saves so much time.

[bravetraveler]

Enforce things like a screen locker or drive encryption

You can certainly configure these things but there are often audit requirements to prove it

[jabroni_salad]

DLP snoopware for me. We actually need to be able to demonstrate that we know where the sensitive data is and is not. We have a metric for unsupervised devices and we need to keep that number as close to 0 as possible.

2ndly, there is the nature of what the company does. If you are at a software engineering company, chances are you can just grab any linux lappy and get to work because everything you need is covered.

If you are at a software consuming company, you are at the mercy of what your LOB apps support. Software that has this kind of company as its customer either only targets windows or only targets web browsers (and even web apps somehow find a way to be windows-specific).

[klyrs]

Spying on your employees.

[jonp888]

It's usually not that simple. At my company, for instance, a device registered as Windows will be blocked from the network if security updates are not installed within a reasonable period of time, so any non-Windows device needs to be registered as such and it's use justified.

[bogantech]

No endpoint protection and no management = no access to the network or any proprietary data