This is a bit off topic, but at least the "stay logged in" prompt can be removed with a Conditional Access Policy in Azure. Just create (or update) a policy with Session control > Persistent browser session > Always Persistent. Once this is set, user...
Same here. Using MFA NPS servers as workaround which increases the complexity and effort of the whole system a lot. SAML with SBL would be very much appreciated.