The reason other devices can see each other on the campus network is because all the clients are on the same "subnet" or area of the network, in which case there is no filtering.
NetBIOS, Bonjour and other discovery services use the "broadcast" ip of the network to advertise the machine's presence. So, let's say the campus network internal range is 10.0.0.0-10.0.255.255. They would send packets to 10.0.255.255, to advertise the presence of the device to the rest of the network. Essentially, they keep sending a message that says "I'm Here! I'm this device!" to everyone on the LAN.
Restrictions for broadcast-based services like NetBIOS and Bonjour can be put in place at the switch level, provided layer-3 capable "managed switches" are used. There are many ways to handle this, IT can make it so each device can only communicate with itself, or to a subset of the network (e.g. an individual VLAN). The broadcast for the domain can also be disabled entirely, but either approach might cause issues for users trying to get things to work like chromecast etc.
Often this requires fine-tuned rules. For example, the MAC address of the Apple TV can be set to a static IP reservation. Then, this static IP can be allowed to receive traffic from certain other devices, but not others -- so only authorized IPs may send video traffic. As you can see however, this is cumbersome to maintain and many network administrators just leave the network open internally.
As a side note, out of the box many WiFi access points support restriction of clients so they cannot communicate with other machines also connected to the network, only the internet.