It would be great if we can specify a group or users that are excluded from managed policies (CA). For example the CIPP user should be excluded internally (if you use CIPP) and also a Break Glass Admin Account which is excluded from all policies should also be an option to set.