Seeking advice on using Mac laptops in Windows 11 enterprise environment (compatibility with security policy)

wait wait wait.

The T2 chip is the equivalent or better than any Windows TPM module. And it 's not just a hack added at the last minute, it also integrates a custom SSD controller for the Internal drive. MacBook Pro since the 2018 intel models all have T2 chip, and even better features are built into Apple-Silicon Macs.

Your IT staff appear to be un-educated. And Students want Macs!

This is the opening page of a security GUIDE, quite extensive:

Apple Platform Security - Apple Support

and more along the same lines

What is a signed system volume? - Apple Support

About the read-only system volume in macOS Catalina or later - Apple Support

Signed system volume security in iOS, iPadOS, and macOS - Apple Support

Privacy and Security. That's Macintosh!

Time to switch to Windows. If it were my company I would want and ensure consistency when using tools such as computers. If you can convince the company to switch to Macs that would work for you. But in a business environment, heed the advice of the IT Department.

Just throwing this out there. Apple, the largest company in the world, with a significant proprietary folio, runs on Mac.

having worked for numerous higher ed institutions and a couple of big name companies, I’ve pretty much always had a Mac. I suspect something else afoot. Whether it’s contractual, ease, or vendor selection, etc. admittedly, I know only very high level computer security so experts may better guide you, but this doesn’t sound right.

denimcloak wrote:

Hello, 

My team and I have been using a Mac in a large organisation that is predominantly Windows-based for years.

Recently, we were informed that the organisation's environment is transitioning to Windows 11. As a result, Macs can no longer access restricted content stored in MS Outlook, SharePoint, and some online databases. According to the IT department, Macs lack the necessary configuration for security posture checks, threat protection, zero trust, and data loss prevention. 

As a creative team, we feel the Mac platform better aligns with our creative processes and workflows. Therefore, we wonder if exploring a solution for Mac users with the IT department would be feasible. 

One final detail: the Org does support IOS (iPhone and iPad) so it's unclear why the incompatibility is specific to laptops.

If your IT department is adamant in using the Windows environment, your team has practically no chance in winning them over, especially when the security matters are in the fore. The IT department has the company board behind them, practically always.

denimcloak wrote:

In case my IT colleagues are open to testing, I plan to provide them with a list of ways that we could provide these measures on the Mac platform.

If they are IT people, they should know the difference. Also, most IT people are biased toward one system, and don't usually want to rock the boat, or are overly happy to get into areas that would be dangerous to their pay check. So, it is always better to consult your IT colleagues beforehand.

denimcloak wrote:

Hello there, thank you for your input. I'd like to clarify that the organization in question is actually an educational institution, with thousands of students and staff. The recent policy change seems to suggest that students might not be able to purchase a Mac for studying purposes, and may instead be required to buy a Windows computer that has a TPM module installed.

If I was a student I would want to be 100% compatible with the required course apps, professors' computers and apps, other students for group projects, and with IT support. If that means using a Windows computer that is what I would do.