We mitigate this by disabling non-phishing resistant MFA factors in the tenant. You can achieve some of the Conditional Access MFA controls using the new MFA options and user groups, but it is not the same and doing it well requires a little more planning and sanity checking.
