In large organizations for compliance purposes it is commonplace for the company to MITM all network traffic internally. This ensures that information which is restricted from leaving particular systems or the company doesn't get exfiltrated. It's kind of a braindead practice, but it's what happened in the early days of SSL being disgusting and now that things are nicer we're stuck with it.
We shouldn't be stuck with it. In a large organization they should already have control of the endpoints. They can absolutely get every domain/VPN-joined machine to directly tattle on user traffic without intercepting anything. It's just that Microsoft's tools (or Red Hat's or Apple's) for that are less sexy to IT people and have less interesting names and hardware purchases involved than things like "Electric Eel Secure Firewall" and "NetShark 3000".
It's the Corporate IT equivalent of the security theater that still gets consumers to buy Norton/McAfee/etc products when Windows Defender and Windows Firewall are more than adequate, free, built-in, but "too quiet" and not enough slot-machine like glowing green "Safe" spinners.
