Yes. People have alerts set up on portscanning, both inbound (to detect recon attempts) and outbound (to detect compromised/abusive internal hosts). There are lots of legitimate reasons to do large-scale network surveys, but you have to be careful about them, because they are also strong abuse signals --- meaning: when providers go after people who are port scanning, more often than not it turns out that the port scanning source was in fact clearly abusive.
While not an issue any longer (well, at least for those without data caps -- man do I hate those!), ~30 years ago I worked for a network equipment manufacturer as an integrator/tester/3rd level support guy (yes, it was a small company) and was testing our IP stack.
I got the (not so) bright idea of running continuous pings to random IP addresses (changing them every couple days) to verify stability and identify possible memory leaks.
One of the addresses was someone in Australia who was charged by the byte (or packet...it was a long time ago) and after a day or two, we received some very angry telephone calls from them. Oops.
This person (and rightly so) felt I was abusing their internet link, even though I didn't know or care about them or the contents of their network.
Like I said, this isn't (or at least not for the most part) an issue any more, nor is it something more intrusive than port scanning, but it points up the idea that "abuse" is not a black and white thing.
Run port scans against my IP addresses and the absolute worst that might happen is me scanning you right back (yes, I know, that sort of thing is generally frowned upon. So sue me -- nobody has yet).
Run those same scans against government/military sites and you may well soon have a knock (or a battering ram) on your door.
You'll often trip security/abuse systems since the traffic looks (and in many cases - is) the same as abusive traffic. If you go and trip those unannounced then there is usually even less sympathy to exclude you than if you ask if they can be bothered to exclude you before you go and start scanning.
Because your incompetent enterprise hired incompetent contractors (on an eye watering day rate) to migrate firewall rules from an old firewall to a new one, and they did so by running an incompetently-implemented automated tool in an in incompetent manner such that 4000 'allow' rules were moved over but that the source and destination address were set to 0.0.0.0/0...
There are two "they"s involved in the conversation but generally when using someone else's stuff the more apt question is "why should I have an expectation I can use their stuff however I want without limit".
For the "they" of your provider, who is held accountable for allowing abusive traffic, the goal is to provide you outbound connectivity but to do that they also need to ensure they don't get de-peered or their network ranges blocked for hosting abusive traffic. Even for things which don't transit a 4th party there is negative incentive to let your customers abuse each other just because the addresses are reachable. This almost always results in automated systems with limited incentive for good uses of port scanning to be allowed.
For the "they" of the end system is (most likely) they didn't make the entire system available to you, just some select services for use in a certain way (e.g. loading their website). Doing that does not provide them an obligation to continuously allow all traffic received at the address to be processed and it's very likely they'll just block you entirely as another layer of defense.
This is not how authorization to use other people's services work. In practice you're vanishingly unlikely (in the US at least) to get into legal trouble for port scanning, but if you take this logic to its conclusion --- a service exposes some capability without authentication, ergo you're authorized to use it --- you very definitely can get prosecuted.
It's not different in any way. "Corporation doesn't like it when you do it" is apparently the number one cause of "trouble". Especially in the US where they can bankrupt you with legal fees even if they have no actual leg to stand on. Less so in other countries.
Anyone can be bankrupted by corporations over literally any bullshit claim. They can afford to lose in court and still win because their objective never was to win in the first place, it was to burn your money through legal fees. It's essentially abuse of the legal system by the rich to keep the poors in line.
Big companies with deep pockets will even bankrupt other companies this way. For an example, look at how Sony sued playstation emulator companies over the most bullshit claims possible, got an injunction, killed their profits and then it didn't matter that they lost in court afterwards. In my country, the judge would have estimated the profits the smaller player lost as a result of Sony's frivolous lawsuit and forced them to pay it all back on top of the legal fees.
Welcome to the age-old conversation which can well be analog'd as why would someone leave the front door of their house open if they didn't want you walking in? Or checking door knobs?
You didn't understand my comment. It's not about the specific thing (be it nmap or some other tool), it's about the intention behind using the tool.
The administrator of the network didn't intend to allow port scanning, but there were no technical measures (firewalls) to prevent it, and you did port scanning => you're wrong.
The writer of the access control software intended to have no bugs, but a bug slipped in to allow you to exploit it => you're wrong.
I scanned a school network once and printed about 40 pages of http request on every printer. I think turned out you just send anything on 9100 and it prints. I think it was nmap trying to detect the host with a query.
Why?