it's interesting that Apple have iCloud Private Relay as part of the updated MDM restrictions reference but not Hide My Email: Restrictions | Apple Developer Documentation
Maybe you could configure Custom Settings in your iOS Restrictions profile and set allowCloudPrivateRelay to false and see if it encompasses Hide My Email as well.
EDIT: Got Hide my Email mixed up with the Mail Privacy Protection (MPP) which might proxy your mail app connectivity to your SEG - I wouldn't do that with enterprise mail. But the above might still help with controlling MPP from the console.
Is anyone else struggling to manage this setting? This might be okay for BYOD/COPE devices, it's terrible for COBO devices since you may not necessarily sign into the same device and thus you will be prompted every single time.