NMAP scan is triggered for only new endpoints because of the following reasons:
1. The information collected directly from the endpoint by scanning them is not expected to change over a period of time.
2. NMAP can cause a serious performance and memory issue if run for every authentication that happens for an endpoint. Especially in deployments where there are more than a hundred thousand endpoints and on top of that considering re-authentications configure etc. this could potentially bring down the nodes.
3. Having said, that an NMAP scan is triggered again for an endpoint if the profile of the endpoint significantly changes. (Ex: IP Phone to a Telepresence device)etc.