Regarding the following statement, do the policies need to be applied to users of said devices which are not enrolled? I noticed that I can target users -> device without MAM policies being applied to them however I don't have any volunteers to test having company data wiped off their device.
Just as the link you posted is telling you... selective wipe... not the whole device only the company data (protected with app protection) Did you happen to have taken a look at the ms-docs when configuring app protection policies?
And as also stated in that same doc, you can Target app protection policies based on device management state. So you can enroll managed and unmanaged devices in to mam just as I am also mentioning here