@CoasterKaty 

When I look through the debug data I can see the client is the webclient, when I lookup the Connectivity_LocalSite ip it resolves to Microsofts subnets, it is also evident in those debug logs that the webclient runs on VMs in Microsofts infrastructure quite fascinating reading really.

I did take the IP and look it up on cloud app security just to confirm my suspicions. 

I might log a ticket is MS support to see if there's a way I can resolve a web client anonymous user back to a real IP.

In your case were students using the full app?

@Zer0 Ah that's annoying, when I had a look through it must have been a desktop client user I had picked on as that value was lookup up as an ISP. 

In my case they were using an iPhone called "Name's iPhone" so it was obvious who it was (as the names weren't all that common), and the IP addresses matched.

@Zer0 Hello, sorry for the late reply! I've been experiencing issues not getting notifications when someone replies to my posts. So I'm chasing them down manually.

If your org. choose to keep the "Anonymous users can join a meeting" enabled, which is a Teams Meeting setting, you must ensure that the meeting organizers are using proper lobby settings. It can be controlled with policy or per-meeting using the meeting options (meaning you don't control the anon meeting setting but instead use lobby settings so anon users cannot attend).

It's described in detail here Keeping students safe while using Teams for distance learning - Office Support (microsoft.com) under "Prevent anonymous users from joining".