My current company is managing the employees' laptops, which can either be Windows 11 based or MacOS based devices. We use JAMF, Intune and Empirum (made by Matrix42) to manage and ensure governance over the devices.
In my former firms, this was never a problem, as the company trusted their experts to ensure secure usage and proper licensing on their devices, but this is not an option in this scenario.<p>We would love to offer Linux-based laptops as well and especially the developers and IT technicans would be super happy to have a debians based OS, the IT service teams don't want to hand over these machines without any centralized control/governance.<p>Do you have any experience or hints how to ensure any kind of centralized managemend / governance / control for a linux based laptop? What you the solutions, your company have chosen?<p>Thanks
Puppet. We use it to configure the OS from barebones Kickstart onwards, as well as continuously enforce the various security policies we need to be able to tell people that we comply with.
It’s going to depend on the requirements the company has. For example, if you need to deal with FIPS or IRS compliance, it is going to be tough.<p>When I was responsible for IT in a regulated scenario, we over provisioned laptops and used VMs or the Windows 10 Linux layer. We treated the Linux part like a developer tool.<p>If you don’t have compliance and audit risk, just find an angle to make it on. The puppet advice is good - maybe add shipping logs to a siem or splunk server.