My work "upgraded" to IE 11 late last year. The problem is so much of our internal infrastructure was built to target IE 8 (or earlier) that when our information services guys deployed IE 11 they forced it to run in compatibility mode.

Now you have to go through this endless dance of Enable/Disable compatibility mode depending on what site you are trying to visit. We have a lot of non technical users so as soon as you ask them to delve into menu options to use some added functionality on a site you lose them.

Even technical users hate this so most people sideload chrome. However a large number of workstation are locked down and those people have no option but to continue with IE.

Excellent advice that I give my students, and readers here will be well-served in following it.

I don't even want to admit how many managers come back to them with "we mitigate that risk with user education, we have too many legacy (blah blah blah)." There's always some excuse, isn't there? Usually within departments, but once executive-level hears this sort of thing, they tend to at least investigate what the real risks are. So I'm adding on to your advice to other readers to suggest they "go higher" with their security warning.

Man, I wish we lived in a world where management understood that people are shockingly good at finding ways of not doing what they're told!

Your experience isn't in healthcare, finance, military, manufacturing or oil and gas (to pop a few verticals off the top of my stack), it would seem. Literally 80% of my (adult, American-enterprise-employed) students in 2015-2016 so far have IE9 as their desktop standard, and have to beg for a special exemption to be allowed to install Chrome or Firefox.

Those assumptions are nowhere near as simple as you think when you are in a space that supports a large majority of all enterprise. You would shudder to see what real-world browser support is like when you write software to be used in that space.