

Blocking VPNs isn’t really possible. You can block known IP ranges but ultimately there’s so many ways to encapsulate and encrypt traffic that no solution is 100%. I have specifically worked at places in which those in management positions are interested in sniffing DNS queries to “see what people are up to on company time” and those happened to also be the employers that were doing sketchy things that may or may not have been legal
Does she have the eyesight to see the quality difference?