In most places where I've worked, to access some of the more important production database servers, even as a sysadmin, it is required to login to a MFA protected VPN and then RDP into a gateway server or VM. I never considered it an inconvenience. But it's good not only for security, it's also good from a disaster recovery perspective, because if I lose for forget my laptop, I can always login via VPN to the secure production gateway from any PC and have all the tools and connectivity required to get essential tasks done.
Our work laptops, the surface area where all of our web browsing, email, and development occurs, we should considered these things as un-trusted thin clients.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho