This rule detects changes to specific advanced security settings within Office 365, and is important for identifying potentially malicious activity that can compromise a tenant's security posture. The detection focuses on alterations in anti-phishing, Safe Link, Safe Attachment, and malware protection settings, which are crucial for safeguarding against unauthorized access and data exfiltration. By analyzing the Office 365 Universal Audit Log, the rule searches for operations that set, disable, create, or remove these critical security features. If an attacker modifies these settings, it can significantly reduce monitoring capabilities and increase the risk of attacks going undetected.