If you have a BYOD policy, your employer probably installs an MDM (mobile device management) solution to your phone. This allows access to company resources like email, but almost certainly also installs a “trusted root certificate” to your phone, meaning you can access internal company data encrypted with their own TLS certificates.
Why not join the Wi-Fi? With advanced internal firewalls, your employer could present your phone with decrypted web pages you visit that have been re-signed and trusted by the certificate they placed on your phone, and intercept your web traffic and browsing despite you seeing a lock in Safari, or using an https website.
WhatsApp, Signal and many other apps are safe from this as they use “pinned certificates”, meaning they won't send data unless they are talking to a genuine connection not decrypted by a firewall's certificate your phone trusts – but websites and other apps are likely not secure from this attack.
This is incredibly unlikely to happen to many, but judging by the low ball bosses we hear on this sub, I don't put it past a couple employers to try this on… don't join work Wi-Fi!