I don't see how Linux would prevent anything if company wants similar controls on their machines. Like tracking update status, forcing updates when needed, potentially wiping entire device when stolen and so on. Fault really is not the OS but the control corporate wants over their devices. And it does make some sense.

Indeed. You'd expect a corporate IT system to be able to ssh as root into all their devices. And the cloud is even worse: if you get hold of the right IAM role, you can simply delete everything! That does usually get locked behind proper 2FA, but it's not impossible to phish even experienced admins once in a while.

Compare to the Facebook global BGP breakage and the amount of hands-on authorization that needed to happen to recover.

And no, there are plenty systems you don't want to have root ssh on.

Mainframes require 4-eyes administration to do more nuanced "root" things than picking up a sledgehammer and physically smashing drives.

That is all well and good but how do you:

- Ensure the Linux machines are up-to-date and users are not just indefinitely postponing OS updates?

- Same as above but with programs/software

- How do you ensure correct settings configuration in terms of security? Say default browser, extensions, program access etc?

- Re-image or reinstall the OS when there are issues or PC handover to another employee? Manually with a USB stick?

This kind of control exists and is needed for Linux and MacOS too. RMM is not a Windows only thing...

The critics here see Intune but what if they used another RMM and they compromised another cloud RMM account? Same issue.