> or else I get a nice email from IT.

what would it say? how ridiculous.

I'll bet you can't insert USB flash drives either.

We have to have endpoint monitoring software on all employee computers for SOC2.

We keep the monitoring to as minimal as needed to meet that requirement.

If your workstation stops checking in, or tells us your workstation doesn't comply then we will ping you to fix it.

It's always polite: Your machine is reporting X please fix that.

E: I should point out that our monitoring doesn't involve wifi like the person you replied to.

probably something like "hey, it looks like updates haven't been installed on your corporate laptop in the last three months. Please fix that or we're going to ban it from our systems."

My company "allows" USB sticks but they will encrypt any files on it with key tied to that machine. Had a tech updated a config file when after this was silently rolled out and poof line down for the day as it couldnt be used to reimage systems on the embedded pcs.

I had the same thing, it was about keeping track of assets. If I didn’t power on this laptop then the IT department reported it as a lost asset.

Leave it at work? Say you don't allow "rogue devices" on your network. ;-)

My work laptop and phone get a VLAN and virtual SSID all for themselves and people wonder why.

How do you set this up? pfSense?

That's what I do, although with OpnSense, but that's that easy part. Also, a cheap managed switch works well enough for this purpose.

The main issue I had was that most "consumer" access points don't support multiple SSIDs with separate VLANs. In the end, I went with a Netgear WAX something that can support 4 SSIDs, each with a dedicated VLAN (+ a separate management VLAN). But it's more expensive than "normal" APs with similar performance.

I've got a Mikrotik hEX and Mikrotik hAP AC2 that do the job, with few enough wired devices I don't even bother with a managed switch anymore.

Time that laptop had an "accident"