How about moving key security controls such as the RDP Properties to the tenant level, possibly with Conditional Access policies. This would allow customers to enable controls and have them follow the user around environments, rather than enforcement at the Host Pool level as it is achieved today. I realize some exceptions will exist where the the Host Pool level is preferred, but as a general rule large Enterprise deployments of Azure Virtual Desktop would benefit from some 'top level down' policies (without us having to rely on GPO).