> They likely want laptops being sold running Win11 to have sane security capabilities for corporate use out of the box
Corporate security has been fine for years: TPM 1.2 (if I remember the versions correctly) alongside bitlocker and sensible corporate policies render computers all but impervious to everything. However, this implies a competent IT division in your company... I've worked in plenty without them!
Social engineering or clicking a dodgy link/download is probably a bigger threat than someone hacking your computer and that can be mitigated to a huge extent by restricting access to only the things that the user needs, locking down apps, running with low privileges, auditing relevant things etc... again, competent IT division needed for this too.
Now, if your threat matrix includes nation-states then one could argue that any device is hackable.
My take is that hardware vendors saw the writing on the wall with the pandemic-buying about to ease-up and worked with Microsoft (or pressured them...) to help out. We're already seeing Chromebooks on the wane[0].
From my perspective (long-time Windows guy now on Fedora) I see nothing of value in Windows 11 that 10 didn't have already.
Corporate security has been fine for years: TPM 1.2 (if I remember the versions correctly) alongside bitlocker and sensible corporate policies render computers all but impervious to everything. However, this implies a competent IT division in your company... I've worked in plenty without them!
Social engineering or clicking a dodgy link/download is probably a bigger threat than someone hacking your computer and that can be mitigated to a huge extent by restricting access to only the things that the user needs, locking down apps, running with low privileges, auditing relevant things etc... again, competent IT division needed for this too.
Now, if your threat matrix includes nation-states then one could argue that any device is hackable.
My take is that hardware vendors saw the writing on the wall with the pandemic-buying about to ease-up and worked with Microsoft (or pressured them...) to help out. We're already seeing Chromebooks on the wane[0].
From my perspective (long-time Windows guy now on Fedora) I see nothing of value in Windows 11 that 10 didn't have already.
Edit: Forgot the answer I was gonna write :)
[0] - https://chromeunboxed.com/canalys-report-chromebook-sales-do...