This detection rule identifies when an external guest user is invited to an Azure Active Directory (AD) within an Office 365 environment, utilizing the Universal Audit Log (UAL). With Azure's B2B collaboration feature, internal users can invite external users, which can pose a security risk if not monitored adequately. The rule focuses on Azure AD events, primarily targeting activities where an operation indicates an addition of users with specific properties highlighting them as guests. This aligns with discussions from the BlackHat 2022 conference, underscoring the importance of vigilance against potential unauthorized access through external accounts. Security teams should be aware that legitimate administrative activities may generate false positives.