The rule 'Zendesk Mobile App Access Modified' is designed to detect changes in account settings related to mobile app access within Zendesk. Specifically, the rule identifies when a user has enabled or disabled mobile app access, which can have implications for account security and data integrity. The detection leverages audit logs from Zendesk, capturing key attributes such as the actor's identity, the action taken (enabled/disabled), the source type, and a description of the change. By monitoring these actions, the rule helps to ensure that unauthorized mobile access is prevented. The rule is classified with a medium severity rating, indicating that while the activity is not immediately critical, it has the potential to impact security posture. Given that mobile access could facilitate unauthorized operations if improperly assigned, this monitoring becomes essential in a risk management context. Related MITRE ATT&CK tactics include 'Valid Accounts' under TA0003:T1078, highlighting the importance of watching for account modifications that could influence mobility and accessibility within the Zendesk environment. To support incident response, the rule references Zendesk's official documentation to help users understand the implications of the settings being monitored.