I'm sure there are exceptions, but most companies are going to use a certificate provisioning process tied to the device that is required for connecting to corporate resources. I agree with you that lacking this opens the door for someone to connect with an insecure device and create a whole series of compliance issues.

No company with even half a brain would let you log into corporate resources without using a company issued computer. No one uses their home computer for that type of work.