Just use a stable distro, install the security updates and eat your spinach.
What "managing and tracking" needs to be done that the default package manager cannot do for you?
From the policy side of things, you may run into "your laptop is not reporting that the latest windows or macos patches have been installed, you're required to have them installed".
It was way easier to accept the Windows laptop and just run Virtualbox all day long in full screen.
This sort of thing is not optional anymore and just dicking around with an unmanaged laptop and copying stuff onto unmanaged drives will be more and more difficult.
This stuff is not because of distrust or to make your life difficult. It's to protect the company and its customers.
What they should do though is support all business required OSes, not just Windows. Our company is pretty good at that and despite me doing all the work on managing non-windows compared to entire teams of Windows management people it works pretty well and users are happy :) Though I recently moved.
Not always about the amount of security software they have to deal with but these are just needed in this day and age.
I do understand your frustration though, as most enterprises don't care about developers if they're only a single-digit percentage of users, and have terrible IT processes like ITIL.
You can certainly configure these things but there are often audit requirements to prove it
2ndly, there is the nature of what the company does. If you are at a software engineering company, chances are you can just grab any linux lappy and get to work because everything you need is covered.
If you are at a software consuming company, you are at the mercy of what your LOB apps support. Software that has this kind of company as its customer either only targets windows or only targets web browsers (and even web apps somehow find a way to be windows-specific).
