This reminds me of secondary school, where the IT guy blocked UDP completely. WireGuard didn't work, HTTP3/QUIC didn't work, network time didn't work, and probably a bunch of other stuff.
This is perfectly reasonable if you provide internal network time, and you don't want people using your network for illegal activity. At work we don't block "all UDP", but we block anything QUIC, anything classified as a VPN or proxy, and anything like DoH which is intended to obscure visibility into network usage.
Organizations who are not doing this are not adequately managing their network.
Isn't it kind of creepy that you manage which websites people can visit and spy on their usage? I disagree that this is needed for "adequately managing their network."
Generally we don't monitor activity, we just filter it. As I say "I'm an engineer, not the HR department". But there's significant legal and reputational risk to not preventing illegal activity from your network, and major security risks to not blocking malicious content from things like ad companies. Unsurprisingly, the lead pusher of HTTP/3 and QUIC is the world's most pervasive ad company.
Organizations who are not doing this are not adequately managing their network.