To put it simple, it makes it possible for service provider to reject providing service to clients not running corporate-owned white-listed clients. Thus making it virtually impossible to create independent clients for such services.
It will be swiftly adopted by well meaning but clueless bank and government clerks who will accidentally use to lock all open hardware, open operating system, open browser users out and mandate you need to purchase at least one locked down corporate device to exist.
It's the trusted computing story all along. Eventually you will need permission to run your code on your own device and such "unlocked" device will be blocked from accessing any digital infrastructure because it might be otherwise used to breach ToS.
Isn't this already the reality in the mobile space?
I own a rooted Samsung device and have to jump through 100 hoops to be able to use my banking app or Netflix or some rando game (which I don't actually play). SafetyNet broken, hardware fuse blown, Magisk Hide + some other havks just to still be able to do online banking.
I just want to be able to ssh into my own device or install a real ad blocker, like Adaway without losing access to real world applications.
> they would love to extend this to all computing devices to remove control
That's not really true. Apple is encroaching freedom of software choice on their devices, but they know that they can't extend the same kind of security policies to the desktop. You can disable secure boot on Macs and even run Linux if you like. Additionally, it's a bit difficult but if you disable SIP you do get access to the entire systems file system. They're a shitty company when it comes to repair-ability and their walled garden, but they know they can't extend this to the desktop, or else they would disqualify themselves from the developer market (where they are quite popular).
It will be swiftly adopted by well meaning but clueless bank and government clerks who will accidentally use to lock all open hardware, open operating system, open browser users out and mandate you need to purchase at least one locked down corporate device to exist.
It's the trusted computing story all along. Eventually you will need permission to run your code on your own device and such "unlocked" device will be blocked from accessing any digital infrastructure because it might be otherwise used to breach ToS.