This detection rule monitors for instances of device registration or joining activities to Azure services where Multi-Factor Authentication (MFA) was not utilized. Device registration is a critical component of identity and access management, particularly in cloud environments, where unauthorized device access can lead to security breaches. The rule specifically targets events where the device registration service processes requests that succeed under conditional access but do not meet the MFA requirement. By focusing on the exclusion of MFA, the rule aims to identify potentially malicious access attempts that evade standard security posture. The rule has been classified with a medium severity level due to the inherent risk of device compromises when MFA is bypassed. False positives might arise from legitimate scenarios where devices are added without MFA due to specific organizational policies or established exceptions.