Why does my Azure Resource Manager show many calls to different kinds of resources when I don't have any resources?

Question

I have an empty tenant on Azure. I have a Pay-as-you-go subscription. I have Microsoft Defender for the Cloud enabled for Azure Resource Manager so resources are protected when I do add them. Nothing else in my tenant. No resource groups therefore no resources to manage.

My tenant has been empty for several months. A few months ago I noticed I was getting charged $0.01 a month for protecting my empty tenant. Sure, I could have turned off Microsoft Defender for the Cloud and gone back to my regularly scheduled life, but where is the fun in that? There was a mystery afoot, by gad, and I needed to get some answers.

I opened a ticket with Billing and they provided the details that it was the API calls issued by Microsoft Defender for the Cloud for Resource Manager that incurred the charge. I am charged $4/1M API calls. So, somehow, I had made approximately 2,500 calls to monitor zero resources in a given month. I was supplied the details that showed that indeed approximately 2,500 calls had been made. But, I asked my good friend in Billing, what was being monitored? He engaged another specialist who pointed me to Azure Monitor, where I can look at the metrics for Azure Resource Monitor (ARM).

Thrilling! Who knew that I can see how well ARM is performing? Not I. If you go into Azure Monitor, select Metrics, then choose Azure Resource Manager as your resource to measure, you are then given the choice between Traffic and Latency. If you choose Traffic, you can Count your traffic between ARM and the resources it manages. If you then choose Apply Splitting and Split by Resource Type you can see all of the resources that ARM has been trafficking with and how many times it has trafficked. Extraordinary!

Here is what it looks like for an empty resource group for the past 30 days:

Look at all of the calls made to things that I do not have and have not had in my tenant for the past 30 days: VMs! Managed Clusters! Servers! Server Farms!

Like Robert Hooke peering through a microscope and seeing cells, a hidden world was revealed to me! Do I own some kind of microscopic server farm unasked for and only seen through the lens of Azure Monitor Metrics!?

Sadly, we had exhausted the expertise of my friends in the Azure Billing department. Their plaintive cries for help from Azure engineers are going sadly unanswered since it is only a Billing question. I will not open a $29 support ticket to solve a $0.01 per month problem.

So, my friends, I turn to you.

What am I getting charged for if I have nothing to protect?
Am I actually seeing traffic going from ARM to actual resources?
If so, where are these invisible resources?

I eagerly await your reply.