"CA010: Block access for unknown or unsupported device platform" actual policy is excluding Linux (preview), whilst the description only says : Android,iOS,Windows,macOS. This an actual risk because there are no other (default/template) policies limiting Linux's use.
"CA014: Use application enforced restrictions for unmanaged devices" actual policy does not exclude compliant/managed devices, so applies to all.
"CA001: Require multi-factor authentication for admins" I would argue that any privileged access above User / Guest / External should have MFA
"CA013: Require compliant or hybrid Azure AD joined device or multi-factor authentication for all users" has client apps configurered, but that leaves legacy auth open for use. Better not select any client apps and thus targeting all apps?
How to submit this to Microsoft?