Looking to change our port-security config from 'shutdown' to either 'restrict' or 'protect'. Any advice?

So at our org, all endpoint switchports (on Cisco switches) have port-security enabled, stick MAC enabled, max MAC addresses set to 1, and with violation-mode set to 'shutdown'. This causes a lot of tickets from people who have decided to move connections around and end up triggering port-sec and err-disabling the port. I was considering changing the violation-mode to 'restrict', which (from my understanding) would drop traffic from an offending MAC address, but would mean that the original device could be connected back to the switchport and work, with IT still getting a notification that there's been a port-sec violation. Does this sound right? Any advice?