All files access vs. "Work-related files"

To complete onboarding of my Android Work Profile, I need to setup MS Defender for Endpoint on my personal Android device. Defender continually prompts me for "All files access" permission, which I understand https://developer.android.com/training/data-storage/manage-all-files -- including Downloads, random user-created file directories, and even other apps' data directories.

However, the https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide that "On devices with a Work Profile, Defender for Endpoint only scans work-related files."

This prompts a handful of privacy questions:

•  Is there a more exhaustive definition of what constitutes a work-related file?
• Is there some safeguard in place to avoid scanning other files that are not "work-related"?
• Do other actions besides scanning take place? If so, do those actions include files besides those deemed "work-related"?
• Is any information about my non-"work-related" data collected and/or transmitted by MSDefender? For example, names/paths/extensions of files or directories?