This feature operates by monitoring DHCP broadcast requests. When a new device attempts to join the network, it sends out a DHCP message to request an IP address. WiFi Guard is programmed to anticipate this message and initiates a scan on the device as soon as it attempts to obtains an IP.
With this feature, you can expect instantaneous detection for the majority of new devices. However, it is important to note that this doesn't entirely negate the necessity for periodic scanning. There is always a chance that the broadcast message may be lost or not sent at all, especially in scenarios where a device with a static IP address is trying to connect to the network.
Therefore, for a better protection, both the instant detection and the periodic scanning are important.