Password Spray Alerts on Autopatch configured accounts

We have had several alerts over the last month related to these accounts created by enrolling and setting up Windows Autopatch in intune

mailto:email address removed for privacy reasons
email address removed for privacy reasons
mailto:email address removed for privacy reasons

We have azure sentinel configured:

Incident title: MS-A950: [RBA] IPC - Alert for mailto:email address removed for privacy reasons
Incident severity: Medium
Incident description: Initial analysis does not indicate a successful malicious state change, entity information will be used in aggregate with additional correlations bv_src_user: mailto:email address removed for privacy reasons bv_event_count: 1 bv_src_ip: * 20.69.86.184 bv_signature: * Password Spray bv_src_country: * US bv_src_region: * Washington bv_http_user_agent: * Analysis: * score: 0 * Previous History: False * Blocked by Policy: False * Locked Account: False * Succesfull Signin: False * New Country: True * New State: True * New Org IP: True * Failed MFA: False * New Client: False * Excluded User: False * Zscaler IP: False MITRE: T1078 Category: Azure Identity Protection tag: RBA tag: Non-MDR tag: v2.0

We don't have these accounts excluded from Multifactor authentication. Not sure if they need to be. But since these accounts were created when we enrolled in Autopatch, and don't have the passwords but these accounts have the following azure roles: Intune Administrator, Security Reader and User Administrator, I am concern that these account are getting hit with password spray activity?

Should the be happening?