There is no general answer to this, as each environment is different.
Though, what I can tell is that I was running docker in enterprise environments for years without requiring or using macvlan at all. My experience is that usualy either people comming from a vm background or home users feel they absolutly need macvlan.
I always ask myself what my objective is, what my options are, and what provides the cleanest solution with the least effort.
Personaly, I prefere a reverse proxy like Traefik as entrypoint for all incomming https over macvlan any time. I am neither keen to learn ips nor ports of my applications. I just want to access my services without having to memorize useless stuff.
For instance one of the feature of Traefik are domain based or path based reverse proxy rules, attached as container labels to the target service, which get added/removed in traffic whenever the service is started/stopped.
How I use it in my homelab:
I have several public domains, which point a *. subdomain to my WAN ip. I forward port 443 to my Swarm Cluster where Traefik listens on port 443. Traefik keeps track on managing wildcard letsencrypt certificates for my domains and forwarding the traffic to the right backend container. I just have to add new subdomains to my container labels and that’s all I need to make another container accessible for the outside world.
Of course this could be done purely internal with a dns server you run in your network, like unbound or pihole - both allow to create entries for individual domain names.