Any corp that runs BYOD should be using Conditional Access / InTune or a 3rd party equivalent. You sign into mail/calendar etc and it enrolls your device, turns on and enforces strong PIN, encryption, remote wipe etc.

This is very much a Solved Problem.

BYOD is fine (although I'm fairly sure the civil services DOES supply work phones to most line of business staff who require one). However you should be enforcing Android Work Profile or the iOS equivalent when accessing corporate resources as part of a Conditional Access Policy. E.g. as soon as you sign into work email etc it enforces MDM before you get access. This will do stuff like insist on a secure PIN/password screen lock, control over application install under an allow/deny list, enforce device encryption as well as provision it with any certs needed to access company resources. Every company I can think of has been doing this for years and it's trivial and essential under a Zero Trust model for security.

<shrugs> Pretty much every company does exactly that. It's neither hard nor expensive (and is probably a significant saver of money from not having to clear up after security incidents). UK Gov uses M365, they have access to InTune. Turn it on.

Personally I'd ban whatsapp/signal/telegram from them as well to enforce integrity in communications via Teams (which they are also using and licenced for) to avoid the "oops I lost my phone, sorry" responses to FOIA requests.

"As a CIO I strongly believe in protecting the integrity of the network and the information contained within it, you fvcking idiot" would be my response

What do you mean by this? It's unclear. Is it irony?

UK Gov has M365. They have this already via InTune. Who on earth, outside of government, would think allowing users to install ANYTHING they like on a work device was a good idea, let alone users that are privy to very sensitive information. It's madness.

Every time I read one of these stories I want to know WHY THE FUCK these orgs aren't applying mobile device management policies to gov devices to control what is installed on them. It's easy, they have the tooling already, just TURN IT ON.

Sure, defrost/defog buttons get used, but summer or winter, with climate control you set a temp you want and the car sorts it out and maintains that temp. I guess with older style aircon with no temp sensing you might need to manually fiddle with it but on modern cars - I don't see the point. I don't want to be cold in summer, I want to be comfortable all year round...

Doesn't everyone just set their AC to about 21 degrees, leave it on auto and forget it?

I remember the first thumbdrive we ever got at work. Around £400 for 120mb. That's MB, not GB.

It just feels like something that should be universal, it's not hard to do or anything!

Why aren't US gov owned devices subject to a device management policy? If they are Android or iOS, it's trivial to apply an MDM policy to them to control what can/can't be installed, to mandate being patched and up to date before accessing gov resources like email etc. If they're Windows or Mac, similar with InTune etc. How the hell aren't they already like this? Every large company I've worked with over the past decade has been doing this for years...!

When mine does this I usually suck out all the water with a pump action plunger, tip a few pints of boiling water into the drain hole then carefully use the plunger on it until it unblocks. With hot water you can feel your drain pipe until you find the spot where it goes cold and that's your blockage point.