Re: "No MDM no connection... if the user doesn't like it, tough"
From my experience working in large office buildings, there are generally poor 3G/4G coverage areas in sections or all of the building.
While I appreciate the security implications of allowing mobile devices onto corporate networks, if you don't have any regulatory issues making personal devices undesirable, the small amount of additional cost to put in a BYOD solution (i.e. a cutdown security profile that distributes Wifi certs for access to guest-like DMZ providing limited Internet access with bandwidth restrictions) to allow your end users to use personal devices will likely lead to happier employees and a soft benefit to the company.
Companies I've worked with that have had less flexible policies (i.e. corporate MDM or no access) tend to have "exceptions" that allow things that any sensible company security policy should forbid (i.e. non-corporate wifi devices with Internet access and unmanaged security or an internal Wifi network allowing access via WPA2 PSK with MAC filtering without appreciating how easy to guess the key is or how easy it is to change device MAC addresses)
I appreciate companies have different requirements, but it always surprises me how unnecessarily draconian some companies are, and some of the reasons given for the measures can easily be disproved by wandering around the offices (people going out of the building for coffee/smoking to get mobile coverage, people playing games on their phones at their desk but not having mobile coverage due to concerns about productivity etc)
Biting the hand that feeds IT
