it is worth pointing out that Windows CAN be locked down pretty tightly by means of proper security policies, ACLs, firewall rules, VPNs and audits.
It's also worth pointing out that for some jobs, doing so makes things a right pain in the ar
. If it's someone in an office using a defined set of applications then yes, Windows can be good, in that it's easy to manage centrally and roll out upgrades while preventing users from installing their own stuff. I worked at one place that by default had everything locked down like that, but the development team were forever asking IT to allow this, that and the other because we needed all sorts of things to do our job. Eventually they granted admin rights on the machines and told us to tell them what we'd installed and that we were responsible for the consequences of anything bad.
"The enterprise cannot force the user to update their device or software." .....
Which is one of the biggest irritants of any of these auto-update schemes that require a reboot to complete. You leave the machine on overnight logging data, only to return in the morning to discover that it rebooted at midnight and you didn't get most of the data you wanted. I'm happy for the machine to tell me it's got updates to install but the job gets done when I'm ready for it.
The other irritating thing with Windows is when you do need a reboot in the middle of the day and it declares that it's got 60 updates to install before it will reboot and takes three hours to do it.