I own a Mac for various reasons, including to see how clients view things given I am otherwise Windows based.
I'm less concerned about Mac and more concerned about why you're allowing anyone to use personal devices to connect to your network. That is a major risk and exposure, and since it is a personal device, you face more restrictions in what you can and cannot do to monitor or control their activities.
My little rant aside, there are Mac friendly software VPNs that at least provide an encrypted connection but they can still be disabled. I use these (BitDefender VPN but I am also testing out SurfShark VPN since it is much faster), but my employees also know how seriously I take security and that if I find their VPN is disabled for any extended period of time and without valid cause (such as accessing online banking for clients), it can be a terminable offense.