At my college dorm's Wi-Fi network, one device can play to any other network-connected, YouTube-enabled device on that network. Apple devices can also AirPlay to the one Apple TV connected here.
How would the IT Staff here make the visibility from one device to another zero? In other words, how would a member of IT make it so some device can't tell the TV is there and start randomly playing videos to it?
The reason other devices can see each other on the campus network is because all the clients are on the same "subnet" or area of the network, in which case there is no filtering.
NetBIOS, Bonjour and other discovery services use the "broadcast" ip of the network to advertise the machine's presence. So, let's say the campus network internal range is 10.0.0.0-10.0.255.255. They would send packets to 10.0.255.255, to advertise the presence of the device to the rest of the network. Essentially, they keep sending a message that says "I'm Here! I'm this device!" to everyone on the LAN.
Restrictions for broadcast-based services like NetBIOS and Bonjour can be put in place at the switch level, provided layer-3 capable "managed switches" are used. There are many ways to handle this, IT can make it so each device can only communicate with itself, or to a subset of the network (e.g. an individual VLAN). The broadcast for the domain can also be disabled entirely, but either approach might cause issues for users trying to get things to work like chromecast etc.
Often this requires fine-tuned rules. For example, the MAC address of the Apple TV can be set to a static IP reservation. Then, this static IP can be allowed to receive traffic from certain other devices, but not others -- so only authorized IPs may send video traffic. As you can see however, this is cumbersome to maintain and many network administrators just leave the network open internally.
As a side note, out of the box many WiFi access points support restriction of clients so they cannot communicate with other machines also connected to the network, only the internet.
Network-connected devices are meant to talk to each other. That's why you connect them to a network. For proper network functionality, devices need to see each other, in order to agree on things like names, IP addresses, and routes. You should focus on endpoint security and protect the device(s). For example, you can set a password or require device verification on many AirPlay devices:
