When they rolled out the beta Microsoft said it wouldn’t be, but they could always change their mind with the general release. Excerpt from a previous Verge article about the beta rollout (https://www.theverge.com/2024/4/12/24128640/microsoft-windows-11-start-menu-ads-app-recommendations):
“This will appear only for Windows Insiders in the Beta Channel in the US and will not apply to commercial devices (devices managed by organizations),” says Microsoft in a blog post.
Unfortunately, this article doesn’t actually quote Microsoft saying it’s rolling out to ALL machines. That bit in the article is from the author.
I hate to say it but company data is most definitely on personal computers.
This is why stuff like adaptive MFA and DLP are a thing. What most people don’t know is if DLP is properly implemented the IT team/department have records of who, when, where, and what device were used to not just access/download data/files.
The problem is a lot of companies don’t properly implement DLP because it’s not a turn key solution. You need to properly classify your data first and that requires essentially a company wide audit with buy-in from all levels of management. After the classifications you can then implement restrictions and compensating controls.
Back in the day you could just block USB/network transfer, but if you have data accessible outside of a corporate network you then need to implement conditional access/adaptive MFA where only registered devices are permitted to access certain systems.