Corporate IT: What do you use to manage Linux laptops for your employees?

11 points · DogRunner · 30 days ago

My current company is managing the employees' laptops, which can either be Windows 11 based or MacOS based devices. We use JAMF, Intune and Empirum (made by Matrix42) to manage and ensure governance over the devices. In my former firms, this was never a problem, as the company trusted their experts to ensure secure usage and proper licensing on their devices, but this is not an option in this scenario.

We would love to offer Linux-based laptops as well and especially the developers and IT technicans would be super happy to have a debians based OS, the IT service teams don't want to hand over these machines without any centralized control/governance.

Do you have any experience or hints how to ensure any kind of centralized managemend / governance / control for a linux based laptop? What you the solutions, your company have chosen?

Thanks


7 comments
eyeris · 29 days ago
Recommend r/sysadmin on Reddit if you haven’t already checked there
bigfatkitten · 29 days ago
Puppet. We use it to configure the OS from barebones Kickstart onwards, as well as continuously enforce the various security policies we need to be able to tell people that we comply with.

Show replies

dyingkneepad · 25 days ago
Just remember: whenever IT doesn't deliver a workable solution, Shadow IT does.
synthoidzeta · 28 days ago
I used DriveStrike at an organization
Spooky23 · 28 days ago
It’s going to depend on the requirements the company has. For example, if you need to deal with FIPS or IRS compliance, it is going to be tough.

When I was responsible for IT in a regulated scenario, we over provisioned laptops and used VMs or the Windows 10 Linux layer. We treated the Linux part like a developer tool.

If you don’t have compliance and audit risk, just find an angle to make it on. The puppet advice is good - maybe add shipping logs to a siem or splunk server.