There is a lot written on MDM policy including references to using CDATA. Here is a real life example of a policy ( InternetExplorer\AllowAddons ) written with CDATA vs. encoded:
CDATA is much easier to read so if your MDM supports it, obviously you would want to use it. My personal experience is the VMWare Workspace One supports CDATA.
Please comment if the MDM that you use, supports CDATA also!