On any assignment undertaken in the last 10 years or so we have incorporated testing for Tor connectivity at the network or infrastructure level (egress or outbound traffic). We have generally conducted these tests on every network segment, as it is important to understand what connectivity any potential threat-actor may have as well as your regular user community.
Tor, or the network access layer of Tor connectivity, changes on a fairly regular basis. The physical Tor network of exit nodes, bridges etc can change on a daily basis.
Restricting or blocking Tor access varies and changes on an on-going basis so staying on top of and understanding the underlying connectivity methods is crucial. There is no “silver bullet” solution and requires a multi-faceted approach of both network and connected device(s).
Testing Tor access from each network segment at each location should be an integral part of your Cyber Security testing strategy.