At my agency we have a client that always ships us locked down laptops (healthcare space so understandable). Thing is this client, while very good at getting the laptops out to you, is horrible at actually getting them back and pretty much lets you keep them....I have 4 Macbook Pro's sitting on a shelf behind me, all from this client.
Are they all still locked to an MDM profile, if so while they're yours, at any point you could lose access to them and that sucks. There's a ton of laptops that have been up on Ebay that ended up having mdm. We bought a few on accident for our non-profit. Fortunately we were able to find the original owners and they were gracious to remove them. We were also lucky they hadn't been disabled. Thing is most people don't realize that when you restore / setup that laptop it will pull that profile regardless of how you wipe or clear it.
TLDR; Make sure MDM profiles are gone and the laptops are cleared before doing anything personal :D
woo... linux and windows don't have that, at least not windows yet. you never know.... they might make uefi behind a subscription making mdm thing over to windows/linux side
Used to work in Healthcare, we'd use Computrace which operated at the motherboard firmware level. It can remotely brick a device and also automatically manage installing additional payloads in Windows once an internet connection was formed.
Doesn't this put you in a position of potential liability, if, say, someone breaks into your home/agency, steals those 4 laptops, and leaks personal healthcare data off them?