You could set the admin account to only be allowed to access from certain systems (the stores themselves, the MMPs) or only from within your network.
That would make it impossible to log in to the MMP as admin from any other source. If the admin cannot authenticate at the MMP (from that source), then it cannot attempt to proxauth.
See "Configuring Client Access to POP, IMAP, and HTTP Services" in the Admin Guide:
And the mailAllowedServiceAccess attribute in the Schema Reference:
and possibly related/useful:
How to Setup Proxy Authentication (ProxyAuth) for the MMP (Doc ID 1682414.1)