Well if MS are offering to do that...
...then they are well-equipped to pull the plug on rogue IoT devices. I suppose they can only do that though if the device is subscribed.
I've said before that block-holders of MAC addresses should pay in to a fund which polices the IoT landscape and shuts down rogues devices by applying some kind of ARP poisoning technique to the LAN they are on. Perhaps MS can assume this role, if they can be trusted with it.