As the MobiControl device agent is just a normal app, it does not have permission to directly write to any file/folder of the system/kernel or of other apps.  Many such write operations are possible because the device agent can request via different MDM API's  the sytem/kernel to do them for the agent.  

 

If you use ADB or other ways to root the device, or change the read/write permissions of protected directories or modifying contents of sensitive system files (include any files in /system/etc),  you can be leaving security loophole(s) for hackers/malware to exploit.     No commerical MDM/EMM software vendor will guarantee performance/security and provide technical support if a device is found to be partially/completely rooted by their customer intentionally.  I personally would not recommend any of my customers to do it.  In fact, I always recommend my customers not to forget deploying feature-control policy to disallow ADB at all times.

 

However, if your customers are Unix/Linux/Android experts and they know what they are doing and the possible security consequence(s),  they can decide themselves whether to go ahead doing whatever they want with adb.   If they need to modify /system/etc/hosts, I guess they are likely trying to solve problem related to host-name/IP of the local/other devices to make connection/routing possible/smoother.  It MAY not do too much harm if the file is modified once and the permissions of no other system file/directories are modified.  However, if what they want to do requires permanently changing the read/write permission of all files under /system/etc, then there are likely big security concerns.