I have very little faith in apple in this respect.
For clarity, just install little snitch on your machine, and watch what happens with your system. Even without being signed in with an apple id and everything turned off, apple phones home all the time.
You can block 17.0.0.0 at the router, opening up only the notification servers. CDNs are a bit harder, but can be done with dnsmasq allow/deny of wildcard domains. Apple has documentation on network traffic from their devices, https://support.apple.com/en-us/101555
I have very little faith in apple in this respect.
For clarity, just install little snitch on your machine, and watch what happens with your system. Even without being signed in with an apple id and everything turned off, apple phones home all the time.