I have 2 Macs that are overseas and need their web traffic routed all the way back to the US due to how our orgs network restrictions are set up (always on VPN), and I've been unable to get these Macs to update to 11.6 despite multiple attempts. I'm pissed that Apple no longer supplies a standalone installer for these updates. Having everything going thru the software update mechanism every time can be flakey. WTH is Apple thinking sometimes?
We have much the same restriction. You may be able to push back to your security team that you are unable to install security patches to the Macs to patch several 0-day exploits until they allow *.Apple.com (or at least apples update servers and needed ports) around the captive gateway.
You security team would need to decide what is the greater risk. Not being able to patch the Macs or not having total control over Apple traffic which they already cannot inspect or monitor in any way shape or form. If your security team says no save the email and wash you hands of it and move on.
The MacRumors article doesn't mention it, but the 11.6 and Catalina 2021-005 Security Updates supposedly address a zero day that may be actively being exploited (at least on Big Sur), so it's highly recommended you get all your Macs up to date as soon as possible. We're doing an emergency push to all our Macs starting this evening.
We already restrict iMessage and do not allow the use of AppleID's. I find it a bit strange they did not just roll this in to 11.5.3 or something to get it out faster and less impactful. They could have updated iMessage without rebooting the Macs with a much smaller update like they do with Safari.