I built a system once that used a bunch of inexpensive SBCs. Due to their physical location being close to users who could easily physically tamper with them; I placed them on my client network and treated them just like regular clients rather than putting them on a more trusted network. I'm not going to put a $50 IOT device on a subnet next to $10,000 servers. If you only have a handful of devices maintaining them is easier by throwing them in the least trusted tier and applying standard user monitoring rather than trying to micro manage them. The data they're dealing with is inconsequential to the operation of the business.
By the way I'm not talking about Chinese IOT devices with default root passwords and ssh enabled. I'm talking headless Windows clients.
I built a system once that used a bunch of inexpensive SBCs. Due to their physical location being close to users who could easily physically tamper with them; I placed them on my client network and treated them just like regular clients rather than putting them on a more trusted network. I'm not going to put a $50 IOT device on a subnet next to $10,000 servers. If you only have a handful of devices maintaining them is easier by throwing them in the least trusted tier and applying standard user monitoring rather than trying to micro manage them. The data they're dealing with is inconsequential to the operation of the business.
By the way I'm not talking about Chinese IOT devices with default root passwords and ssh enabled. I'm talking headless Windows clients.