I'm talking about secure networks, where all traffic has to be monitored to ensure nothing is accidentally leaked, that malware doesn't easily spread, or that proxies aren't used to circumvent filtering. MITM devices configured by the user are very much friendly actors, and an important component of defense in depth.

To be clear, the way these normally work is that they have their own root CA that devices participating on the network add to their trust stores voluntarily.