Using their equipment they can ensure you are on isolated network if you have no updates applied and can push those updates to you. They can push security configurations, like restricting what office apps can or cannot do. Ensuring AV is configured to their liking. Configure logging so if you ever get owned, they can trace it back from where it came and what it did. They can ensure you are on some proxy server. They can alert you if your host accesses known bad site. They can run background penetration tests if necessary.
And so on.
MS world has the tools to do that. Supporting Linux in that kind of enterprise would need significant additional investment.
Also, using your own equipment is often a differentiator between contractors and employees, as is setting your own work schedule.
I work with a B2B product, and the client requirements when it comes to security are absolutely a labyrinth to navigate for my teams and our product, and I cannot imagine the nightmare they must deal with on a day to day basis.
The reality of the regulatory scope for IT is that it's chaotic. I've come to the understanding that regardless of the enterprise, likely any given business is failing to meet the requirements of _some_ regulatory framework because of some system in use that was never designed to be framework compliant, it was just made to solve a problem.
Typically there are means for exceptions to the frameworks, but IT teams are reticent to submit such requests as it's not well defined in the regulation "what happens if you submit too many requests?"
Very likely there is an audit script or something the businesses can run to quickly approve/deny a new machine. I get the GP's frustration and your statement over such restrictions/requirements, but I also understand it from the other side; it's much easier to just play it safe than risk an auditor in a bad mood deciding that you're non-compliant and the non-sense that goes with the path back to compliance.
I have freelanced for over a decade and never had a customer tell me I had to use their hardware. I don't doubt it happens -- I know f/t employees working remote who have to lug around a "work" laptop -- but I would just say no to a contract like that unless it had a lot of ofsetting benefits.
The policy may come from the IT security people rather than a policy enforced by the client company. I have had to jump through hoops with large company IT departments just to get access to their network.
That said, there are efforts to get tools like Intune to work on Linux, but it's still early days.
Said as someone who vastly prefers working under Linux.
Depending on what work you do exactly and how beefy your machine is, you can spin up a virtualbox with linux to do your job. I had such a case and did my work just fine.
This means they only have to worry about making stuff work and be secure for windows clients. This means they can easily save time and money by saying “only use windows clients”.
That claim needs to be annually tested and verified by independent blue and red teams written up in an official report that measures overall org. productivity as claimed and in actual reality.
What you’re saying makes 110% meritocratic sense, but there’s no way this would ever fly in a penny-pinching enterprise environment. There’s a reason that enterprise sales/support is a gigantic business constantly competing to win contracts.
Nobody in those old style companies are ever evaluating tech on it's merits.
There's always better solutions, sometimes even much cheaper in some categories but they really want the stamps.
Support does not mean “it works“. Support refers to who is on the hook when something goes wrong.
If the company is not prepared to support Linux, there is your problem.
Get differrent clients...
In all the companies I had been so far I always requested a Linux and they came back with a lot of bullsh#t
