You would usually not try to block Tor at the network level. You would lock down your computers so employees can't make changes, and only allow them to run executables from locations which they have no write access to.
Tor can and should circumvent any firewall using obfuscation proxies that use AWS, GCS, Azure, etc. You'd need to block most of the internet to kill Tor.
And as for monitoring, I guess it might be possible, but if someone thinks to use bridge nodes that's also defeated.