In most companies, most users have several devices that they lug around in their briefcases and connect to random networks around the world. The devices they use at work they also use privately, and they access all kinds of stuff from more or less legitimate sources.
In today’s world you have to find the right balance between security, availability and performance. You can’t just restrict access and activity, but must accept that your users require and expect to make full use of the technology in their hands.
It makes your job harder.
Instead of just saying “No!”, you must teach your users how to behave. And you must be able to identify and respond to behavior and incidents that jeopardize the security of your organization.