I noticed that the current VPN usage rule is set to 'no VPN' by default, and using a VPN triggers an escalation notification. While we can add an 'expected rule', it seems too broad, as it applies to either the account or the organization. It would be beneficial to have more granular settings, such as assigning rules per identity instead of the entire organization. Additionally, it would be helpful to differentiate between approved service providers, like reputable VPNs, and others.