adding a rate-limit to DEP API requests to prevent mass device data harvesting, or the use of modern authentication support via SAML or Auth 2.0 as part of the DEP enrollment process.