In Enterprise: manageability. It’s hard to overstate how powerful Windows Group Policy is. Being able to configure every single aspect of the OS and virtually all major applications, Microsoft or otherwise, using a single application that can apply rules dynamically based on user, device, user or device groups, time of day, location, battery level, form factor, etc, etc. Nothing on Linux comes close, especially when simplicity is a factor, and until it does most large organisations won’t touch it with a barge pole.
Came here to day this. My workplace used to offer a Linux workstation option (which I opted in for 9 years), but they had to remove that option to fulfill new security and management, compliance standards. They need to be able to manage exactly which applications are installed on a system, which binaries are allowed to run and when, the exact settings for every application, the exact version of the OS and the specific updates, and precisely when updates are installed.
All of this needs to be applied based on the user, their organisational division, their security groups, clearance level, specific model of device, etc.
I know that using a combination of Selinux, Kerberos, and something like Puppet can get you close in the Linux world, but Microsoft group policy has been around for 30 years and is well understood and just works.
In Enterprise: manageability. It’s hard to overstate how powerful Windows Group Policy is. Being able to configure every single aspect of the OS and virtually all major applications, Microsoft or otherwise, using a single application that can apply rules dynamically based on user, device, user or device groups, time of day, location, battery level, form factor, etc, etc. Nothing on Linux comes close, especially when simplicity is a factor, and until it does most large organisations won’t touch it with a barge pole.
Came here to day this. My workplace used to offer a Linux workstation option (which I opted in for 9 years), but they had to remove that option to fulfill new security and management, compliance standards. They need to be able to manage exactly which applications are installed on a system, which binaries are allowed to run and when, the exact settings for every application, the exact version of the OS and the specific updates, and precisely when updates are installed. All of this needs to be applied based on the user, their organisational division, their security groups, clearance level, specific model of device, etc.
I know that using a combination of Selinux, Kerberos, and something like Puppet can get you close in the Linux world, but Microsoft group policy has been around for 30 years and is well understood and just works.