Any experiences with MS intune on the android VM?

I’m considering replacing my daily driver with a sailfish device, but my work secures all access with MS Intune. It optionally uses the “work profile” feature of android, and uses android APIs to ensure the device isn’t rooted, and meets some basic security requirements (e.g. MS Defender installed, authentication requirements, etc).

Does anyone else in the community have experience with this kind of setup? How constrained is the android VM used for android apps, and can I ensure a single VM environment for a set of apps like my work apps? Or should I expect to double boot, or just deal with a second device?

Just deal with a second device, I don’t think you have any other option honestly. As you already mentioned it checks if the device has been rooted. In my case I still use SailfishOS as daily driver for private stuff, I just bring a (company provided) work phone with me in the office.