MDM enables enterprises to control how the phones they own behave. If anything it makes it more secure, if an enterprise were to only allow allowlisted apps to run on it.
The only issue is BYOD via MDM (when it's not via "Work Profile"), which is somewhat scary from a user perspective, especially from how hard it is to tell what permissions they might be able to spring on you at any time.
I assume they can spy on anything, that's why I refuse to do any kind of BYOD that requires MDM enrollment. It's also one IT mistake away from wiping out my personal data from my own property.
Company's Outlook, Teams, MS Authenticator and Slack on my personal phone? Ehhhh fine.
The second IT requires a profile it's the second I'm uninstalling anything company related from my phone. They can give me a company phone, or I will only access work related things from their laptop.
Happened twice to me, one time I got a company phone, the other, computer only.
And then some colleagues even paid out-of-pocket to upgrade their Android phones once IT dictated their OS were out of support. No way.