This detection rule monitors changes in security settings related to Zoom meetings within an organization's account. Specifically, it looks for whether a user has altered the requirement that mandates all meetings be secured with a single security option. The rule triggers when there is an update in a user's security settings, particularly changing the setting from 'On' (required) to 'Off' (not required). This could indicate potential unauthorized access or misconfiguration that could expose meetings to security risks, hence it is classified as a medium severity rule. The expected log entries are designed to capture relevant actions by users in accordance with this rule's parameters, ensuring that changes to sensitive security settings are scrutinized. The rule not only aims to detect these settings but also requires a follow-up to validate whether the action taken was done with legitimate business intent and was authorized by reviewing logs associated with the operation. Deduplication is enforced for 60 minutes to minimize repeated alerts for the same incident.