Sounds like you don’t know about the current security philosophy, which is “zero trust”. You don’t trust anything, not even managed hosts. We operate under the assumption that we are already comprised and that there are already bad actors with access to the network, and therefore the risk is managed accordingly, using modern security controls such as conditional access, RBAC, PIM/JEA, PAWs, AIP etc. Not to mention the use of SIEM and XDR solutions to detect and contain evolving threats. We even have a 24x7 security team who manually monitor all our environments.

Also, our BYOD laptops connect via the Internet to cloud-based services, so it’s not like they’re connecting to some traditional LAN/VPN/domain etc.

Our zero trust security model isn’t something we whipped up out of thin air btw, it was established in consultation with Microsoft and another security agency which specialises in this stuff. Many major organisations around the world now follow a zero trust model, so it’s been battle tested. We are a MSP who provide IT services to several organisations - so there are many regulations we need to adhere to, and compulsory external audits are done every year to maintain our certification status. Never had any major issues in any of our audits.

Also citrix is a worse experience than any underpowered work laptop.

Not really. Have you even used modern versions of Citrix Workspace recently? It works just fine. If you had a poor experience then it’s likely that whoever provisioned your VMs underspecced them, or your VM host was underspecced or misconfigured, or you were probably accessing some ancient version of Citrix.

Also, it’s not like I’m in Citrix all the time, we only use it when accessing certain traditional apps or isolated environments. Most of our stuff, at least the stuff I mainly work with, is cloud-based.