As a best practice, the registration of new users should be somewhat controlled or limited (i.e. using Captcha) to avoid being hijacked by malicious actors and prevent consuming an uncontrolled amount of licenses.

This rule detects instances in which new users are created programmatically without any control or safeguard.

Did this answer your question?