There is always a discussion on protecting Power BI access, enabling MFA, conditional access etc.
This is very much possible. Please refer this article.
I have attached a PPTwith screenshots of how this works (infact, I have taken it from iGrid’s Azure Subscription)
Using certain configuration, you can even block access for users, when they are not at work.
Infact, you can have such a configuration done for every O365 product.
You would require Azure AD Premium P1 for this and different plans are here: https://www.microsoft.com/en-us/cloud-platform/azure-active-directory-pricing
This could approximately cost $6/user/month.