How to manage 2FA for shared AppleIDs at a medium sized business

I am wondering what solution may be identified for my company I work at that uses a shared Apple ID for all common/utility Apple devices.

In recent updates Apple prompts you once daily to enable 2FA. This does not work for my company as we own multiple Apple products and multiple IT staff is responsible for managing them. For example, we have 2 offices and 6 conference rooms between them. Each conference room has an iPad with the ZoomRooms app for conference control. Any end user who picks up the device is prompted with the morning's "Would you like to enable 2FA?" prompt. A simple affirmative "yes" button press and now it is enabled across all devices.

We have tried 2FA and it wouldn't be a problem if the 6-digit code went to all devices but it doesn't. It goes to one "authorized" device that Apple picks at random. The trouble with this is the account is logged in on some end-users laptops at home. Our company AppleID is used to prep each new laptop distribution as an AppleID is required for app store downloads (i.e. Citrix Gateway VPN).

Ideally we wouldn't use the AppleID at all, but it is required for the app store on iPads, MacBooks and AppleTVs. In total we have roughly 30 devices at the company.

I am aware of an enterprise model that Apple offers but any paid model really doesn't make sense just to avoid the frustrations of 2FA on a conference room iPad or an executive office AppleTV.

2FA is currently disabled. When you disable it you are required to change the password. The trouble is any one of 30+ devices can reenable with a quick press of the enroll button followed by a difficult disenrollment/password change process to follow.

There must be other companies that have utility/common space Apple products in the same boat. Help!?