I have a work phone and a personal phone, both using the same Apple ID account. I noticed that the searches from my personal phone are showing in the browser history of the work provided phone.
Can my employer see this history even though it was done from my home on my personal wifi and personal cell phone? The work phone has an exchange email account set up to access my work emails if that matters.
I'd assume your browser history gets synced because you're using Safari with iCloud syncing, or something like that.
If you're worried about that, you should be able to turn of Safari's syncing feature on both phones. Or maybe (I haven't used Safari in ages, so I don't know if it exists on Safari, but I assume so) use private browsing mode; I'd assume nothing you do in private browsing mode would leave your phone.
Finally, you could use two different Apple IDs, one for your work phone and one for your private phone. Seems like that would be the smartest thing.
Still, even if you continue syncing your browser activities, your employer shouldn't have access to it unless they have access to the account the apple id belongs to. If you're using your own private apple id, and not a company-provided one, and you did a factory-reset on your work phone before returning it, I'd assume the danger was minimal.
This is a hard question, there are a multitude of Mobile Device Management (MDM) vendors out there, some of them implement features like installing root certs for traffic decryption. Now if it is only the exchange account that was added to your phone (along with vanilla Apple MDM policy), then your employer shouldn't know of your browser history.
If they added an MDM App the story is different, this wouldn't be a full grown feature of an MDM because it's not on scope for a MDM solution, but there are ways to extract this information either trough traffic decryption, or by extracting files from your phone, in a nutshell, It can be done but definitely not in a point and click fashion.
Now, make sure you either remove your apple account or wipe the device before returning it, apple accounts make for a great way to sync data, it works too well so if you forget to remove it, you won't really notice that someone may be watching your every move reading all your e-mails etc before something wrong happens, my advice is not to mix your personal/work stuff but since that is not always possible, just protect your personal information as it doesn't fall under the security scope of your organization.
Can my employer see this history even though it was done from my home on my personal wifi and personal cell phone?
Yes, potentially. Any information that touches your work phone can in theory be viewed by your employer. It is not sure that they will actually collect the information, or that anyone will see it, but it is technically possible for them to do so.
So how would that happend? They could either do TLS interception on the work network, and read the browser history as it is synced to the phone. Or they could have some kind of monitoring software installed on the phone that reads it after it is synced.
Browsing on your private phone on your home network is less likely to be monitored than browsing on your work phone. But it is possible. To get rid of that possibility, make sure that your home browsing history never touches your work phone. Pascal has some good suggestions for how to do that.
