Q. Is this really as harmful as you think?
A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.
That is by no means necessarily the case. For example, if a notebook is taken into the field and is not on the LAN.
A lot of companies are implementing better VPN tech (like SD-WAN, Nebula by Slack, etc), or at the least Microsoft Intune to ensure your corporate laptop is reachable anytime it’s connected to the internet.
My work laptop is a brick until it establishes a VPN tunnel back to the home network. There are ways to ensure the device only works how the company wants it to.
Windows has some kind of built-in VPN feature that auto starts and will otherwise not give you any network access. Add on top of that some corporate firewall and you basically can’t sneeze around your laptop without IT knowing.