No modern MDM solution allows a company to access your personal data on BYOD. That’s why containerization of work profiles exist. Anything else would be a massive privacy scandal.
Company-owned devices, though, do have that level of access when MDM enrolled.
You’re talking about MDM in Intune which is only used on corporate owned devices. MAM is used for personal devices and does not have device administration access. It’s in the name - Mobile Application Management.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-planning-guide#personal-devices-vs-organization-owned-devices