Aside from the default current login policy, could additional ones also be created?
It seems a bit Draconian and old fashioned to have a single policy enforced on all users when some would benefit from having easier access.
Clearly it makes sense that MFA users need to enter login details every time and not store things for security.
However, for non-MFA users such as trusted accounts these could then be allowed to save details to get quicker and easier connection without any additional steps to systems that are not critical or that do not have sensitive info.
