It's mainly beside nmap detection is a feature of most IDS so it's bound to raise some red flags.

Same with even doing packet sniffing. It can be detected when using wireshark because it does reverse DNS lookups for each ip it sees in its default configuration.

I had legit reasons for it at work so I always mentioned it to the network guys before ding stuff like this. We also had a firewalled lab network. We did get some pushback once when some scans leaked out to the office network. But it was their fault for having the firewall open.