Most companies I’ve encountered have moved towards split-tunneled VPNs so an employee clicking on a phish page would traverse the employees gateway, not corporates.

My experience is the opposite: Part of the justification for moving away from standards-based VPNs is to prevent split-tunneling.

My present employer's VPN client goes a step further and mangles the routing table to deny access to my own LAN while connected.

I can’t decide if I hate that more or less than what I’ve seen: client-side blocking of DNS resolution and driving all queries through Cisco Umbrella or friends.

I guess they both suck pretty hard.

interesting, i heard that some employers did set the default route to go through their vpn, havent had that experience myself either though.

it was always only the 10.0.0.0/8 and some /24 ranges from 192.168.0.0/16 at my current job

liberty mutual, the largest insurance provider, is in the process of moving from default route on the vpn to no vpn at all and zero trust networks for their apps.