Probably brute force protection, since not every account has 2FA enabled. I can understand it, but I agree it is really annoying.
But it shows even for 2FA enabled accounts. Change that stupidity to require recaptcha OR 2FA at step 2.
But before logging in there is no way to know whether the account you are about to login with has 2FA enabled right?
Quite good compromise between usability and anti-bruteforce protection is to allow few (like 1 or 2) bad attempts per account or per IP address without captcha.
That way most people won't see the captcha all year long, as they usually enter the correct password and still it will make any bruteforcing difficult (even with large botnets and lots of IP's, bruteforcers will run out of these "free" attempts rather quickly)...