Threat Actors may register a device to Threat Actors-controlled account. Devices may be registered in a multifactor authentication (MFA) system, which handles authentication to the network, or in a device management system, which handles device access and compliance.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.