This isn't strictly an MDM question but rather a network security one. Managed networks can disable randomized MAC addresses using a configuration profile to track devices accurately. Firewalls can then map MAC addresses to devices to monitor hosts, ports, and inspect TLS traffic. Tools like Jamf Safe Internet or Zscaler enable user-based filtering, while RADIUS policies and tools like Splunk can consolidate and analyze user activity. I recommend consulting your Security team or MSP to implement the appropriate tools for the job.
