Can monitoring for the "device registration trick" be added to ITDR for when a user falls for a phishing scam and enters their M365 credentials. Then in Entra, the user has multiple new Devices added to their account in a very short space of time.