You can secure boot Linux with UEFI. For a laugh I do it on my Arch lappie but my Home Assistant Debians do it out of the box and so do my Ubuntu LTS servers. I gather that SuSE does too and probably many others.
You can domain join via Winbind or SSSD. Exchange via Evolution or Kmail and other work arounds exist. TPM 2.0 has been supported for quite a while so all good for encryption and other attestation tasks. We have rather a lot of host based firewalls (sore point 8) but it looks like the latest effort might stick for a while longer than the past ones.
...
Oh, you use that ... vendor ... SSL VPN. OK, can't do that and that's generally where it falls apart. We do have several.
I can and do operate solely on Linux but I have the benefit of owning the company. Some of my customers insist on their gear/setup for their environment and that's fine: they get to buy it too.
Most business IT over a few hundred employees looks nothing like this. They’re going to be managed laptops with locked UEFI and, if you got past that, you or your manager would get a call from IT asking you why it isn’t showing up in the management system anymore and to ship it back for a restore.
At a larger enterprise organization (that isn’t tech/FAANG) it could be considered a fireable offense.
It's extremely frustrating that IT policy in large corporations is the same for say clerical stuff and software engineering. Down to buying the same hardware for ease of management when it makes no sense because of the use cases being so different.
You'll be stopped long before SSL VPN. Right about the "you're running an unsupported/unauthorized OS on your company-owned laptop, send it back so we can restore to Windows"
And then you send the laptop and your two week notice. People seem to forget or not take advantage of the employees' market that's been going on for several years in this field.
I think they meant bios/uefi is locked out by IT. That is case for me. Also TPM is only available on some distros. You can use linux as long as it is Ubuntu or RedHat and maybe Arch if you are lucky.
From the original comment, it's likely an IT department, meaning a large org, meaning slow changing policies in place about how the machines are setup, often in order to meet even slower changed compliance laws.
Your seven different "vendors" solution to bodge domains/outlook wouldn't be supported by IT, which is a problem when then machine breaks or an audit happens...
You can domain join via Winbind or SSSD. Exchange via Evolution or Kmail and other work arounds exist. TPM 2.0 has been supported for quite a while so all good for encryption and other attestation tasks. We have rather a lot of host based firewalls (sore point 8) but it looks like the latest effort might stick for a while longer than the past ones.
...
Oh, you use that ... vendor ... SSL VPN. OK, can't do that and that's generally where it falls apart. We do have several.
I can and do operate solely on Linux but I have the benefit of owning the company. Some of my customers insist on their gear/setup for their environment and that's fine: they get to buy it too.