One of the biggest banks in the US forces staff and contractors alike to install a proprietary 2fa app on their personal devices. if you can get a company phone, you can't finish activating the MDM, to install the company 2fa app, without first using that 2fa app on your personal device. Even a company yubikey can't be activated without the 2fa appp, which again, you can't get on a company device without first installing it on your personal device.