if it’s a large enough company, expect them to have systems administrators (sometimes called systems engineers nowadays) to exert control over their windows systems using either active directory or azure iam policies.

there are multiple ways to get a linux system to comply with those policies; but that doesn’t matter since they’ll make the case to management that the extra operational costs of either getting your system to become compliant or providing you with support will hurt the budget and/or suck up extra bandwidth for support.

your best bet in such cases are to offer written agreements that you will never seek out IT’s help and you will take full responsibility if you’re not able to get your work done because your linux system and provide a plan written down for each eventuality you can think of when your linux system doesn’t work as expected.

i would also expect your manager to reject your request despite these efforts unless you’re a highly enough paid individual contributor or have a special enough relationship with upper management.

Does your company have a serious IT department that manage devices?

If yes, then you’ll need to do whatever they say, and be ready to be told that’s not happening.

If not, I’d suggest a stable distro, encrypt the disk, and use flatpak/nix to install fresh packages. Fedora could work, but I’ve had bad luck with it, and wouldn’t want to risk my device crapping out because of an update.

The rest is really going to depend on your work and your it department.

The main selling point of business windows is Active Directory. I’m not aware of a Linux or FOSS alternative for it (I never looked). At a certain size, companies will want to have all computers log in via a central server and be able to remotely access and control any such machine

It Depends.™

In my previous job I ran my main laptop with Linux. Pain points:

• MS Teams liked to crash on screen sharing
• o365 email and calendar works best on Evolution, but still is not perfect
• meeting rooms often had special usb dongle to connect to the screen. That never worked on Linux.

Overall it was glorious.

I’d suggest one of the fedora atomic installs, maybe even get a couple renewed Thinkpads all set up, one with kde and one with gnome and let them play with them for a few days. I was the only engineer in my company that ran Linux and the bosses only concession was that I carry a windows PC too when he was onsite with me so he’d understand what I was doing, but he provided a nice one for me so I never complained.

How it’s set up depends on your business needs. We have a few hundred, and ow they’re set up and managed is defined by a dozen or so groups. Base image to deploy, then ansible and config management to set up the roles.

Users are generally authorised via AD using sssd. Some have very specific Groups which have normal user access and occasionally sudo privs for specific commands. SSH, RDP or physical access.

Our sysadmins have local users with root privs, but most administration is done at scale using ansible or Uyuni.

Like everything, least privilege is the best way. AD allows us to quickly control access if someone leaves or is compromised, but it could equally be done with any central LDAP system and groups.

Many orgs mandate this. You’ll be fine.

I used to roll out mint xfce edition or Qubes to our staff laptops, unless an employee asked for a specific distro. I think some used fedora.

Don’t use flatpak; its a security risk.

While I have to maintain an old Windows 7 box to run some ancient software on it, I do most of my development work on a Linux machine. I use LibreOffice to read and write documents, use Inkscape for drawings in my documntation, but first and foremost, my main IDE is Linux native (although a Windows port does exist).

My company only requires that I run their AV agent (bit defender).

Microsoft Teams is even flakier than on Windows (yes, it’s possible…)

It’s better to ask forgiveness than permission. And forgiveness meaning “I didn’t realize I couldn’t do that”