This rule is designed to detect attempts at brand impersonation that specifically target Microsoft through phishing emails or messages that utilize the Microsoft logo and include language indicative of credential theft. It checks for messages from unsolicited senders, ensuring that any received content contains attachments that are either of specific image types or PDF files. The detection logic employs machine learning techniques for image recognition to verify if the message screenshot displays Microsoft's branding. Additionally, natural language understanding classifiers analyze the communication for signs of credential theft intent with medium to high confidence levels.