Limit Client Push Accounts by Collection
To maintain consistency with Microsoft's Securing Privileged Access guidelines, an option to limit client push accounts to a specific collection would be ideal. This collection can further be limited to specific machines, specific domains, etc. For example, a client push account that is intended for Tier1 systems should not be used for Tier2 systems. By having the option to limit to a collection, a Tier1 client push account can only be used when performing client push on Tier1 systems. The same example applies for Tier0 versus Tier1 and Tier2.
Brandon Hilgeman commented
I will upvote this, but I would prefer an exclusion collection instead. Let us turn on Site Wide Client Push for everything, but exclude certain collections.