What is achieved with GPOs and agents is compliance, not security.

In other words, company issued devices don’t protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.

Many good IT people really do care about actual information security, but not those in charge.

The result are devices that hinder some people’s work but provide questionable actual security.