Yep or else none of this could happen. I work at a company that we need at least two methods to authenticate you to remove MFA through the admin console so this wouldn’t have happened.
Is this a part of your company’s product or internal tooling, or is this 2FA part of a software you use? If it’s the latter, please give a recommendation if it’s good!