Absolutely. I’m convinced that any company that asks employees to use their own devices simply doesn’t understand cybersecurity.
Best case would be giving employees a choice of hardware and software from a list of compatible products, but of course that’s expensive and more work for the business so it seldom happens.