In case of iOS devices, when an app is distributed using Mobile Device Manager Plus it is considered as a corporate app. This ensures that the data from this app cannot be shared with the apps that are not managed by Mobile Device Manager Plus. This means that the corporate data in these apps are completely secure. Whereas, when Office 365 apps like MS Word are distributed to devices, these apps by default behave as personal apps. This means that the restrictions applied on these apps will not work.
Along with distributing the apps to devices, we can distribute certain configurations to the apps. These configurations dictate the apps to treat which accounts as personal and which as corporate accounts. In the case of Office 365 apps, along with the app, the User Principal Name details are also distributed to the devices. So, when the user configures the app, if the User Principle Name matches the one distributed by MDM, then the app treats this said account as a work account, else it is a personal one. If it is considered as a corporate account, then all the selected restrictions will be applied to the apps as configured in Azure portal described below.
Follow the steps given here to distribute app configurations to devices: