Apple 2FA authentication is about protecting the AppleID itself. Since your AppleID defines your accounts for all Apple services (iCloud, iMessage, FaceTime, etc), 2FA is about protecting the login ID (your AppleID) you use with those Apple online services. Once enabled, it applies equally to all devices you’ve signed your AppleID into iCloud on. It has nothing to do with any particular device you use with your AppleID, and it does nothing to protect any actual device you own or use.
Signing an AppleID into iCloud will make each device a trusted device for that AppleID. Thus all devices will simultaneously get a 2FA code when one is needed for that AppleID. 2FA codes are sent via encrypted iCloud notifications to all trusted devices signed into iCloud using that AppleID.
But to emphasize, 2FA is about protecting your AppleID - the login ID you use with Apple online service accounts. It is not at all about protecting devices, and it is not device specific.
And it is required when using certain services offered by Apple via their online services, such as messages in iCloud, iCloud Keychain, Apple Pay, Home Kit, and if you have an Apple Card. Since your online data with those services is accessed via logging in with your AppleID, the point of 2FA is to make it more difficult for a hacker to crack your AppleID and use it on their devices to access your data stored or sync’d via Apple’s online services.
