I’ve run Linux in the workplace, with permission of course (because I’m not stupid). In this case, everyone was their own IT person, and it was everyone’s responsibility to maintain their Linux system. Major software updates often failed on dev machines and required help from more knowledgeable Linux users, but it was doable. The whole thing was a security nightmare, though. The place ran on dark IT, firewalls and antivirus were a joke, half the team needed a Windows VM to test features, and every year there was someone who found out during an audit that their computer hadn’t received updates in nine months. The soft rule was that if you took more than four hours to bring a broken system back to life, you’d just install windows because time is money.

There’s basically no remote administration or patch management. Restricting users to non-root accounts breaks tons of important things, like “applying security updates”. Flatpak has made the application side of things easier, though. There’s kerberos integration, but no active directory. Saltstack and alternatives works great if you know how to use it; most IT teams don’t.

Linux has the advantage thst most kids coming out of school don’t know how computers work anyway. They do all of their work on phones and tablets growing up, so when they get into the office it doesn’t really matter what kind of computer you put in front of them. Could he a Chromebook, could be Fedora, could be Windows.

The most challenging problem is that as a business, you need to pick a software stack and company hardware. Most hardware is built to he used with Windows, most professional software doesn’t even run on Linux, even with WINE. If your entire company runs in a web browser then sure, Linux is an option, if you can find the right hardware. You’ll be spending quite some time configuring systems to disable root, connect to the management system, and force things like updates and security configurations, though.

Then there’s drivers and external facing software to consider. Printers, for example, are quite necessary. Easy access to email is also essential, but getting ActiveSync or EAS to work on any Linux system is a massive pain. The closest I’ve gotten to is using Thunderbird with a few addons, but that still required entering my credentials three times. I believe Gnome may integrate with contact and email sync these days, but the account providers seem to be limited to Google and Microsoft. You need to take special care to select laptops that will work with things like docks and beamers for presentations and working on site. To get some docks to work, you may need to set up your own repository to provide packages like evdi and DisplayLink with drivers signed by the company’s secure boot keys.

Technical support can be done. You won’t get anything as useful as RDP or plain old Teamviewer, but as long as you force X11, you can do remote support at least. Local support works well, though you may need a working network connection to authenticate your sudo-user. Boot repair and system restore can be done mostly, assuming you’ve set up a big enough /efi partition.

There’s no good UI for updating things like the password of an encrypted drive, so that’ll be a problem for your end users. All solutions require root access, which means someone from IT needs to initiate and monitor the process of changing the encryption password, which is rather annoying. Support for TPM+PIN with any kind of modern KDF is also mediocre, you need to pick a distro with sysyemd-boot to get thst to work.

Secure boot can be pulled off, though thst does require managing keys, which your IT team needs to be set up for. You’ll need to pick a vendor thst has some kind of Linux-based firmware management tool to distribute these keys during first boot up, but you can mash together a provisioning boot USB, I suppose. This has the added benefits of preventing people from messing with their corporate laptops and trying to circumvent IT policy, assuming the password on the firmware is good enough.

Antivirus is quite difficult on Linux. Enabling ClamAV works, but vulnerability management and intrusion detection on Linux is geared towards servers. Vendors like Microsoft provide endpoint security for Linux systems, but if you’re going to run Windows Defender, you may as well just stick Windows on the damn thing.

You’ll still end up with annoying problems that Linux hasn’t solved yet, like “hibernate doesn’t function unless you disable all security”, but Linux has made some great usability strides.

I agree that claims thst Linux doesn’t work in the workplace is based mostly on ignorance. However, it doesn’t make business sense to train and hire a team of Linux maintainers when there are tons of trained and prepared Windows admins out there. Can it be done? Definitely. Should it be done? If you, as the boss of your company, care about Linux, sure, why not. Just make sure to set up training sessions, sane defaults (sane for the end user, not for you), good Linux images, the right support infrastructure, and the right business processes before you start.

Should you use Linux to save cost? No, that’s ridiculous. An hour of IT debugging some kind of application crash is worth the money to buy multiple Windows licenses. Should you use Linux because of the user freedom it provides? Sure, if you don’t mind dealing with customers that have ISO security requirements for their vendors and if you absolutely trust everyone in your company to know the difference between a kernel and an initramfs. Should you tolerate the lone warrior who insists on installing Linux on their managed company device? If they sign a document that states they’ll pay for any and all damages to the company and its hardware in case they mess up, maybe. Getting those millions of lost revenue after a ransomware attack will be a challenge though, it’s probably best to forbid unmanaged operating systems.

Edit: as for the Google example, it got replaced by gLinux. Googlers can use Windows, macOS, some versions of Linux, and ChromeOS. Nobody is forcing them to use Linux.