This rule is designed to detect phishing attempts that use brand impersonation, specifically targeting Microsoft. It identifies messages containing the Microsoft logo or text that raises suspicion—often indicative of a scam. The rule also checks for links in the body of the message that exhibit open redirect behavior, which further signifies a potential phishing attempt. If the message includes attachments, it analyzes their content to see if they feature Microsoft branding or suspicious phrases often associated with phishing schemes. The rule considers the organizational domains to filter out legitimate communications. The severity of the rule is set to high due to the potential risk of compromise through Business Email Compromise (BEC) and fraud tactics. The detection exploits multiple methods, including computer vision and natural language understanding, to ensure comprehensive analysis and accurate threat identification.