I made a similar suggestion to utilize mdmlocalmanagement.dll to enforce CSPs.
The only issue is that this method can enable/disable local management, and set things. However, I have not found a way to “get” data. So detection would be a learning curve of its own.