Twenty five years ago
Twenty five years ago I was the network admin for a secondary school which just got its first Internet connection. Before releasing it to all an' sundry, we implemented things like strict proxy servers and firewalling, to prevent computers just arbitrarily connecting out to the Internet.
We allowed port 80 and 443 access to all domains, unless they were on a content filtering blacklist (initially, and then category-based filtering as time went on). But overall, we prevented access to the net for most things, unless there was a good reason to not. We did MITM SSL inspection too, and pushed our CA certificate to domain-joined workstations (and there was no guest wifi).
Back then (he says, bring his blanket a little closer and the ash from his pipe flaking in his beard) there were less threats and more control. Now it seems like we have more threats and less control: pesky CDNs and AWS/Azure VMs means you can't just block a range, or even a domain name sometimes, as it's shared by something else. Everything is dynamic, and we seem to have reduced our ability to respond appropriately: "just let the machine do whatever it wants" seems to be the default firewall setting.
Why aren't we segmenting our LANs from our WANs properly anymore? Why is it the default to just let the computer, the phones, the IoTs do whatever they want on our networks and down our pipes?