Probably the safest way to do this is to plug your work phone in a physically secure location and use scrcpy to interact with it over a remote desktop session to the pc/mac hosting it.

Can't do that. Breaks privacy barriers.

How does a VM not break privacy barriers?

I’m realizing I’m arguing in an implicit feature that isn’t being explicitly discussed.

I would expect this service to eventually offer an enterprise feature. Having my employer fully control a VM does not break any data barriers.

Maybe it means he is not allowed to send work data to personal devices?

Right, but then I am sure the company not going to allow him to run on some random company’s VMs.