allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection)

I mean, basically any device will send a DHCPDISCOVER broadcast on 255 when it connects, to see if there is a DHCP server on the network. Unless you’re running your entire network on pre-configured static addresses and have your router set up to intercept all broadcast messages (and treat the broadcasting device as hostile), any device plugging into the network would automatically broadcast a message anyways.

And honestly, if you’re being that paranoid about your network, you’d probably be better off just using port security and a MAC whitelist instead. It would save you a lot of time with manually configuring IP addresses. That way any threat actor would only be able to connect if they already knew a whitelisted MAC. And gentle device discovery can also be automated without obvious brute force “ping every IP in the subnet at the same time, and blatantly scan common ports on responding IPs” network scans. They’ll take longer, (and passive scans may miss some devices) but they wouldn’t trip the rudimentary “watch for any device firing ping requests out to every single IP” scan detection. Passive scans can be particularly difficult to detect.