They can do that, but in my experience they do not, if only because it would be a vector for external attackers (who could control that machine via those connections routed directly to the Internet) to get into the company’s intranet without actually having to go through the company’s firewalls.
They can do that, but in my experience they do not, if only because it would be a vector for external attackers (who could control that machine via those connections routed directly to the Internet) to get into the company’s intranet without actually having to go through the company’s firewalls.
This is what strong endpoint security is for. EDR software is also common. Routing everyone’s internet traffic is pretty strenuous.