Please explain how to do this in the most user-friendly way possible.
Nowadays everything is encrypted: Your users browsing websites will do that over HTTPS and their browsers/operating systems will use DoH or DoT for address resolution. MikroTik's products are not suitable for what you want.
You should look at other vendors (but they will involve installing additional software or root certificates on your users' device, and that's not user-friendly).
The easiest (but not foolproof) method would be to use a pi-hole to log all DNS requests. Doesn't give you any more insight into what they are doing on the web sites, but you'll have a list of all of the sites that were requested.
Noting that DNS will have a lot of noise as when you visit a site with share badges for Facebook, Instagram, Reddit etc the browser will call out to those services to load the icons and the javascript associated
And don't forget about ODoH (Oblivious DNS over HTTPS) such as Apple's iCloud Relay.
Side note: there are some serious privacy implications associated with monitoring stuff like this, especially if you are in the EU where you will need to communicate clearly to the users on the network that they are being monitored and to what ends.
InfraErik, so only the chinese and russians are allowed to monitor peoples traffic? 
Oh, you can monitor all you want, you just need to document clearly what you're storing and for what (justifiable) use. This of course only applies if you're a business.