This detection rule identifies potential ransomware activity within Microsoft 365 by monitoring uploads of files that may be infected with ransomware. It leverages alerts from Microsoft Cloud App Security, which reports instances when a user uploads files flagged as suspicious or potentially harmful. The rule is triggered by events originating from the Security Compliance Center, particularly focusing on events categorized under 'Potential ransomware activity' that have a status of 'success'. Given the increasing threats posed by ransomware, this rule plays a critical role in enhancing security posture by ensuring that potentially malicious uploads are detected and addressed promptly. The rule is currently in a testing phase and has been developed for integration with Microsoft 365's threat management services.