It's notable in that I've seen an increasing number of companies where employees are essentially given a thin client to connect to a remote server for work, and are sometimes even prohibited from transferring that data out of that environment to the local machine.

Yeah that’s really critical if you use O365, as the encryption terminates in each local jurisdiction and is in cleartext on that front end device. So if you connecting in Germany, you’re hitting a front end in Germany or at least the EU, and so forth.

One easier way to do that is to use a Chromebook Public Session with a VPN, then connect to SaaS or a hosted desktop in your jurisdiction.