It gets worse. In US most of the bigger corps institute some sort of means to authenticate you via cellphone, which means that if you want to be remote, phone is effectively a necessity ( which one usually does ). Only a year ago, it was still possible to avoid having to have a cell ( although that meant you had to be in person -- an interesting trade off in itself ).

Anyway, I hate the now.

At my last workplace, I somehow managed to get away with only Microsoft Authenticator on my phone, with no actual remote management capabilities enabled. That's pretty much exactly where I draw the line: if I have to have a device to perform work functions, the workplace needs to supply it. I'm not going to put work data on my personal machines, and I'm definitely not letting a third party root my phone for me "for sekhurity", and apply work policies on my personal device. I'm okay with work 2FA on my phone, but only without MDM, as an exception for where otherwise there's no reason for me to have a work phone.

Work with your IT dept.

A company I previously worked for had a policy that if you had any company data on your phone, they had the right to force you to unlock it and look through it (not sure if they ever actually did but it was in the employee handbook). When IT tried introducing a system that required me to Auth with my phone I refused, citing the policy, and they helped me setup a workaround Yubikey.

Might not be possible everywhere but worth a shot. Also always helps to make friends in IT.

Ask for your corporation to give you a corporate phone.

I have one for that reason, and it lives in the office alongside my work issued laptop.

Most places can issue you with a physical token instead, like a Yubikey.

It's just unusual, so the first line in helpdesk don't always know about it. And people seldom want to start a battle with the bureaucracy on their first day on the job...