The problem is when corporate policy considers that the device you work with essentially belongs to them and can be managed remotely or audited at any moment.
If you're using work profile and the company doesn't literally own the phone, there's not much they can do.
Remote management (such as remotely doing a factory reset) only impacts the work profile. I think the only thing they can do outside of the work profile is check what version of Android you're on to see if you have the latest updates
