Max out 21.5" 4K iMacs. So, Core i7, 32GB RAM, Radeon Pro 560, 1TB SSD (unless your workflow is such that you're cool with a 512GB or 256GB SSD because you have access to reliable network storage). Definitely do SSD; don't do Fusion.
On the MBP side, a maxed out 13" (save for SSD size) should be adequate; if more power is needed, get that person an iMac because that'll be the best bang for buck. Unless you have people on your team that do HEAVY work from other locations.
So, a few things here:
(1) Adobe products function IDENTICALLY in Windows and macOS. The only functional differences will come in the form of plug-ins. Otherwise, the programs themselves are identical and by design. It has been that way since the pre-Creative-Suite days.
(2) You will get FAR better performance out of a PC for the cost of even a decent 21.5" iMac, let alone either MacBook Pro because Apple would rather a thin machine than a machine with actual power that is a little thicker. Furthermore, Adobe favors NVIDIA GPUs for performance acceleration for just about all of their design programs and Apple hasn't used NVIDIA in any of their products since the Mid 2014 15" MacBook Pros.
(3) Regarding the notion that Macs shouldn't be supported in an IT environment, if they're thinking that Macs won't do what they want them to do out of the box with a traditional Active Directory environment and nothing else, they're absolutely right. Especially given what Apple has done since Mac OS X Lion through the present (by incorporating Mobile Device Management technology into macOS), an IT department that hasn't made any effort to add in things like JAMF to make Mac management not a huge pain, would be better off leaving the Macs alone or not having them altogether. This much is correct. HOWEVER...
(4) Having worked with Macs and PCs in various IT jobs over the years, I will say this: don't fear your IT department. Don't fear what they want to do with the computers that you technically don't own personally. Just about all of it is to maintain information security, and stability (all of which are good things regardless of what platform you're on). They're not there to be mean; they're there to keep the lights on. If IT is locking down something, unless your IT department is comprised of jerks who do a bad job, it's probably a good thing to lock down and there's probably a business reason to do so that the head of the company approved. If that's not the case, then you can probably go over IT's head to make whatever you'd want to have happen on a PC that you can freely do in wild wild west Mac land be allowed to happen. IT works in service of the company first, and then its users. If it is doing something counter to both directives, unless the business culture where you work is so toxic, you should be able to overrule any draconian directive that you have a valid reason for hating. Otherwise, the fear of not having control of computers you don't even own personally is, sorry to say, ridiculous. If you need it to do your job, at the end of the day, it's IT's job to make sure you get it, whether they lock it down or not.
(5) Windows 10 has come a long way and, when it all comes down to it, it's not dissimilar to macOS. Instead of a dock, you have the task bar. Instead of Launchpad, you have the start menu. The home folder structure between the two OSes are practically identical, which makes virtually any practical task you'd want to perform between the two differing in only minute differences that only your IT department would care about and a couple aesthetic differences. I get that it's preference based, but the idea that you can't do something in Windows and can in macOS is asinine unless it's a program that ONLY runs in macOS (and these days, that description doesn't apply to that many programs).
(6) IT itself is undergoing a radical shift between being about what users can't do to being about what users can do. Apple's platforms are spearheading this with MDM technologies, but Microsoft is following rather quickly. If the type of "IT gives you the sandbox and you choose what you do or don't do within that sandbox" tech lifestyle is what you really want at work, then that's something that will inevitably be a cross-platform thing at your place of work.
Thank you very much for the time you took to craft your reply. I do wish that our IT department was more like you describe here.