While you're hundred percent right, the problem here is detachment. For example, many companies' security and procurement teams operate at the top. Downstream teams around the globe have no clue what's coming, it's not in their budget to purchase and manage 2FA devices (this is more complicated than one might think) and I've never once seen the upstream teams own the whole process, despite the obvious connection.
As a regular employee, I am just unlikely to refuse the employer's silent requirement to use my own device to log in into their systems. Hell, some companies have even started promoting BYOD (Bring Your Own Device), which is wrong on so many levels.
i might be mistaken but i think a lot of the compliance standards go along the lines of do not mix personal and business equipment; to me this includes Phones - and it really should include a separate vlan (at least) for distributed employees.
if you run network analysis you can at least see how much data flows between that device from the router level (and also keeps your personal stuff segregated from work stuff, regardless of any software on business machine). it also keeps your nice centrally managed work system from inadvertently accessing your own personal systems; i dont want my work apple/ms sending all the network-spam to my personal stuff and vice versa.
Also think of solar winds and such, if your work system is compromised by a supply chain attack (seeing they are higher targets), you also dont want your other devices at home to be on the radar to be compromised too
That allows the line between self-owned work and employer-owned work to be thin/non-existent.
That can make it a lot easier for your employer to own your personal projects.
Don't do it. Don't use your corporate laptop for personal things, and don't use your personal equipment for corporate things.
If they want to use 2FA, they need to provide the 2FA device.