It kind of makes sense for them to do that if your device is stolen, but I still just don't like handing over control of my device like that.
They typically also enforce other annoying policies, such as not allowing rooted devices, not allowing swipe patterns and requiring a PIN/password. The VMWare one even required that all browsing went through their shitty browser app (and presumably they got all my history).
Again, some of this makes sense from an enterprise point of view, but as a user it's annoying and feels invasive.
I once watched an employer go from unwilling to adopt MDM to requiring it for accessing substantive systems on personal devices. The CEO lost his phone, and suddenly appreciated what MDM was good for.
Users were given a choice: MDM, sandboxed if they had a device with modern technology, or no significant access on personal devices. A lot of users had phones that didn't offer sandboxing, so myself and several others found ourselves explaining quite often that there literally was no option available where remote wipe wasn't possible. If they didn't like that, well, they didn't actually need access from their phones, so...
Anyway. I'm quite glad Apple is starting to actually catch up a bit.