Thanks, Sameer. That helps with regards to how to disable the functionality.
With regards to your notes, you disregard the fact that I do not have, or never will have, full control over my employees' habits. I only have control over my device. Via the enterprise LP I can force 2-factor authentication, I can force automatic log-off policies, I can force complex passwords, but I cannot enforce my employees to lock their laptops/workstations immediately when they step away. I can only encourage them to. If a nefarious character walks up to an employee's unlocked laptop or workstation and sits down, they have 1) likely gained access to a device that can access the employee's email via Mail app or Outlook, 2) likely have access to the same PC where the OTP was generated [since we are a talking a work device using work provided enterprise LP], 3) likely have access to the profile the OTP was created on [since we are a talking a work device using work provided enterprise LP], and 4 now gained access - likely restricted - to our shared company passwords and vault (I hide passwords care of a LP policy for shared accounts, but that doesn't save all vectors of attack).
The OTP functionality makes sense for personal users who control their own device and future, but should not be used as an opt-in for enterprise users. I am providing my employees with LastPass access to gain controlled, shared web access for enterprise use. My company enterprise LP admin has control over resetting their their enterprise access password (right?). If they lose their password, then my company admin will reset it. IMO they don't need it locally.
I hope I don't come across as argumentative, but this is an important distinction between personal and enterprise use cases.