Companies already do device-by-device interventions for all sorts of other security policy issues, from making sure machines aren't going to spread malware to ensuring that USB drives can't be used to exfiltrate data. If a company's employees want to bring their own devices on-site, they can have the company's root cert installed; that's the cost of using your own device on the company's network. That's not an unprecedented policy.
...and it doesn't even matter if the employee-owned devices don't have the employer CA certificate installed; their traffic still gets MITMed and DLPed just fine. It's just that they don't get an (incorrect) indication that their session hasn't been MITMed, which if it is a problem at all, is a problem for the employee.
There are lots of applications that use HTTPS under the covers that will break if certificate validation fails, so not having the root cert installed does "break" those devices.
(There are unfortunately even more apps that use HTTPS under the covers that appear not to care whether certs validate).