You can also add other phone numbers to your 2FA preferences, although I can understand if that's annoying for your colleagues if everyone is getting an SMS on every login.
Could you have people adding multiple phone numbers to the 2FA process and then allow someone to set their preferred, whitelisted number for the SMS?
I need to grant access to a second account to purchase services on my behalf. Does your solution of granting domain modification access work in that case or are we going to have to deal with the SMSes?
Also, is there a plan to upgrade the internal tools that don't much the newer public design? It's pretty jarring.
With the existing 2FA, you can set a primary or disable a number without deleting it. This could work for what you're describing.