This detection rule aims to identify configurations in Azure Active Directory applications that allow for authentication from external tenants, which can lead to potential data breaches or unauthorized access. The rule analyzes the Office 365 Universal Audit Log for activities associated with Azure Active Directory applications, specifically focusing on the operations responsible for adding or updating application configurations. It checks for changes in the `AvailableToOtherTenants` property, which, when set to true, indicates that the application is accessible by users from different Azure AD tenants. The detection framework evaluates the modifications of this property and utilizes several statistics to summarize the activity associated with these changes, including the source IP address and timestamps of when these modifications were made. The rule is designed to trigger alerts if an application is configured to allow external tenant access, potentially highlighting risky configurations that need to be reviewed or remediated.