Target Keep Me Signed In (KMSI) using Conditonal Access
It would be nice to target KMSI to certain circumstances rather than all or none using Conditional Access. For example, if the device is compliant or hybrid joined, offer KMSI. Or offer KMSI for a low-risk third-party web app. Or never offer it for elevated Azure/M365 roles.
Considering it is not offered until after a user auths, I think this should be possible?