For locked-down devices, they’ll be running LTSC or LTSB editions (Long-Term Support Channel/Branch), or Windows Embedded, which are simplified and heavily customisable versions of Windows. For general-purpose devices, they’ll be using Pro or Enterprise versions of Windows which, crucially, support Group Policy. Using GP it is very, very easy for a single admin to configure an arbitrarily large number of Windows machines to work exactly how they want them to work, including configuration options that aren’t otherwise exposed to the end user in any way.
Edit: just to add: the lack of an equivalent of Group Policy is what is preventing Linux becoming widespread in businesses. If you think you know of a service for Linux that works like Group Policy, then you don’t know Group Policy.
For locked-down devices, they’ll be running LTSC or LTSB editions (Long-Term Support Channel/Branch), or Windows Embedded, which are simplified and heavily customisable versions of Windows. For general-purpose devices, they’ll be using Pro or Enterprise versions of Windows which, crucially, support Group Policy. Using GP it is very, very easy for a single admin to configure an arbitrarily large number of Windows machines to work exactly how they want them to work, including configuration options that aren’t otherwise exposed to the end user in any way.
Edit: just to add: the lack of an equivalent of Group Policy is what is preventing Linux becoming widespread in businesses. If you think you know of a service for Linux that works like Group Policy, then you don’t know Group Policy.