[jessaustin]

They want people to be able to BYOD and not know what's going on. (I'm sure that most employees were informed in some opaque memo, but that only goes so far.) "Our shared network works best with Microsoft phones." Hey, this is a new marketing effort for all those crap Lumias they're trying to unload!

[MichaelGG]

So you're positing that Microsoft is going to intentionally destroy their TLS-CA verification system so any company can compromise any Windows device in the name of BYOD, without explicit action from the user?

[jessaustin]

As we've been told many times, "it ain't a bug it's a feature". Sure, you and I don't want to tell the DLP guys our bank passwords, but most people already don't care. It's not feasible anymore to just block TLS, and supporting client proxy config is so tedious.