That's a great question. In my experience (15 years at MSPs and several years as a freelance consultant where I'm mostly in house one place but take side jobs) I've been the one who had to make this change.

Some companies are very serious about it. Laptops end up on some device management solution that can tell every program you've got installed and flag anything not pre-approved. Then take away everyone's ability to install outside of device management.

Some companies want to scare the users into compliance but want IT to be able to do their own thing. So they'll install some easily bypassed thing or enroll everyone but not keep an eye on their network to find rogue devices.

Some companies threaten it, pay money for a consultant to put together a plan, don't like the price, threaten to go elsewhere, and the exec who championed it finds a new job while nothing of note was done, but they're sitting on a handful of licenses for software no one is using.

I used to carry a toolkit of free software in portable format on a thumb drive and another thumb drive with a full Linux environment in case I had to do something at the first kind of company.