Question about passwordless phone sign-in credential in Audit-MFAChangesforPrivlegedUsers.kql

[ep3p]

Hello, I have found the event OperationName == "Add passwordless phone sign-in credential".

In my case I was not able to associate this event the other events that appear in this query, like for example User registered security info.

Additionally I only found a Update user event where the property SearchableDeviceKey is modified.

But, for the specific account of this event, the portal "Authentication methods" > "User registration details" shows "Microsoft Passwordless phone sign-in" as "Methods Registered".

Please, I wanted to know if you observe the event Add passwordless phone sign-in credential to go associated with another event like "... security info", or if, on the contrary, the event OperationName == "Add passwordless phone sign-in credential" should be added to a query like this one, to check MFA changes.