Is it reasonable to ban Windows OS from our workplace?

I don't think you've given enough information.

It's reasonable to limit what OS people can use for maintenance and security reasons. There are tons of windows only shops.

If not having it is getting in the way of your work, you should talk to your company about it and discuss how it would help you. (Edit: or if it's you doing the banning, have the same conversation and make sure it's not harming anyone's work)

It reminds me of the old atheism discussions: all companies limit the number of OSs they support, yours just limits one more.

Yes if you have legal or finance staff; their workflows rely heavily on the Windows versions of Office. Google tried and were unable to do it, FYI.

Also, I'm not a huge fan of Windows anymore, but it's device management capabilities via Active Directory and Intune are far and away the best in class. Yes, Windows suffers from success (by way of getting targeted for exploits all of the time), but it is really really easy to lock down, encrypt, and wipe Windows laptops and desktops en masse.

We have a Windows free office. It's not hard when nobody needs to use Windows. If you don't have anyone using Windows right now, it seems like you have a similar situation.

Do you have an "IT guy" who knows how to manage systems? Perhaps I'm assuming a lot from your one sentence but it sounds to me like you are a bunch of techies who decided they can do their own IT and now realise you cant.

I work at a large corporation, my email (outlook, which we also use to book resources and rooms), password management, desk phone, software updates, identify and privileges are all tied together with a Microsoft stack (I don't pretend to know how it works). Do you need this? If so, is there a Linux equivalent to this holistic management? Do you need full MS Office (eg macros)? Are you happy with the variable compatibility that LibreOffice/online suites offer?

Another reason to be concerned with Windows is that the Microsoft Store monitors everything you do with the software downloaded and installed from there. It records when you open it and what you did with it, and then puts it in pretty little charts for complete strangers to see. Here's an explanation of just ONE report it creates with collected data: https://docs.microsoft.com/en-us/windows/uwp/publish/usage-r... .

Doesn't the answer depend on what your employees do for work, what applications they use, etc.?

Seems like you really thought hard about the subject and provided us with the information we needed to asses the situation in your threat environment. Based on the information you provided it's a clear "How the hell should we know?"

If I hear you correctly, you're asking whether banning Windows is a secure, smart thing to do? And if I understand Windows correctly, the answer is hell yeah.

Not to hijack your thread or anything, but I just discovered Window's MSIX Packaging Tool takes snapshots of your desktop shortcuts (and other files) and then distributes them to complete strangers when you upload a package to Microsoft's store.

It's a reproducible phenomenon, too. Just pack something with this tool, right click the resulting .msix file, choose Extract with the Packaging tool, and then look at what's inside these three files:

UserClasses.dat User.dat Registry.dat

Those three files and all the content inside of them goes straight to Microsoft and the strangers who have access to your .msix package!

Based upon your expressed concerns, it appears that you are currently operating a Windows-free environment. I presume from your question that you have a (potential) new hire who wants to bring their Windows laptop and connect it into your environment.

If these assumptions are correct, then in the interests of maintaining your secured environment and avoiding support issues you have a valid reason to ban such Windows laptops from your workplace. The new hire should be issued with a correctly configured PC.

If the issue has arisen during negotiations with a new hire, then it's up to them to walk if they are so attached to their Windows devices. Is it some new manager or sales person? If they can't handle working in your environment then they will be more trouble than they are worth.

In my last 40 years of jobs only one job had windows in its workplace. lots of Linux and embedded devices though, so it was not as embarrassing. windows shops do 10 less in 10 more time, but this is big cooperate.

If you don't need Windows, or can sequester all your Windows stuff on some VDI, then sure. It gets easier every year. I ditched my last daily Windows driver a couple years ago and I don't even miss it for gaming since I can spin up a RTX enabled host on Geforce Now using pretty much everything I own with a processor in it.

However, in very large scale environments, I'm not sure the alternatives to Windows are quite mature enough yet to deal with the less common situations encountered there. M&A, localization, and offline access to files all come to mind.

There's no reason you can't have both where the need arises.

Personally, I think Windows is not a great OS. On the other hand, some developers of commercial software only have limited knowledge and produce apps that can only run on Windows.

I don't know if the principle has been changed or not, but several decades ago the sequence was:

Analyse the task.

Get software to perform that task.

Get the operating system that will run that software.

Get the hardware that will allow that operating system and app to run.

Quite often, people will reverse the project and buy the hardware first. Then try to match up the rest. It doesn't always work optimally.

Seems like a pretty slippery slope, to me. Not only would you turn away potential employees (and risk angering some current hires), you'd have to try defending MacOS and Linux with the same arguments. Unless you're deploying to an XServe, you're setting yourself up with a double standard that seems pretty indefensible. I say that as someone who hates Windows with a passion, and hasn't used it in years.

Lol no, you guys live in a fantasy world

Windows will be the dominant OS for our entire lifetime. Put stock on it

Maybe, maybe not.

Under who's authority do you seek to act. Who are the stakeholders who oppose the notion? How many people already use Windows? How many applications that are in use require it?

Before anyone can answer with authority I feel we need to know a lot more about your situation.

At the desktop? I’d say no it’s not reasonable. I think its better to let users run the OS they are most familiar/productive with and mitigate security issues via more practical means.

Banning windows servers from use would be more reasonable.

I mean you can. Compromising Windows networks that are poorly configured is hilariously easy.

That doesn't mean a Linux/macOS network is more secure inherently - I find people patch their macOS and Linux devices a _lot_ less than on Windows, so I find a lot of older bugs and exploits work really easily.

Entirely depends on how good you actually are at your job & keeping stuff locked down and patched.

And Apple. In fact especially Apple.

Windows is not going anywhere anytime soon. If you take away windows, you will lose out on many technologies. And just because people complain about windows, doesn't mean they can actually do anything about it. And if you can do something about it, you're probably a criminal learning ways to exploit the software.

If existing employees are already using Windows, then no, it's not reasonable.

It's not only reasonable it should be the norm.