Attempting to use IPv6 with managed addresses internally; need help

[pasha-19]

I have successfully setup IPv6 DHCP server using both DNSmasq and Kea DHCPv6 (different interfaces/vlans not at the same time).  Both assign the desired managed address and two more preferred addresses.  However my windows PC in addition to my managed address shows addresses with my ULA prefix and I guess a MAC or DUID generated last 4 hextets for the address.  The Router addresses given are IPv6 Link Local addresses (fe80::/10).  I am attempting to write firewall rules and acl rules on a switch.  These non-managed addresses using my prefix and the link local addresses used after DHCP has assigned a managed address are preventing me from knowing about my device based on my established subnets based on managed DHCP and static address assignments.  I know a link-local address is part of the IPv6 DHCP process and that is not my problem.  I was hoping that after the DHCP assigned a managed IP address or manual static assigned IP addresses by me; the subsequent traffic can hopefully be forced to use the managed address and not link-local or the mac/duid generated value preceded by my chosen ULA address based prefix a /64.  Does anyone know how to encourage the use of my managed addresses over the other UNMANAGED addresses?  Is this possible, does anyone have any suggestions?