I read this recently for sysadmins at Google and Microsoft that have access to absolute core services like authentication, which does make sense to keep these airgapped
This sounds like a misunderstanding of the model. Usually these companies have facilities that allow core teams to recover if prod gets completely fucked e.g. auth is broken so we need to bypass it. Those facilities are typically on separate, dedicated networks but that doesn’t mean the people who would use them operate in that environment day to day.