This rule detects the event when a Zoom user disables the organization’s setting that automatically signs users out after a specified period of inactivity. This setting is crucial for maintaining security as it ensures that users are logged out when not actively using the application, reducing the risk of unauthorized access. The rule is configured to monitor updates in account settings, specifically focusing on the security control that manages automatic sign-out functionality. When the setting is toggled from 'On' to 'Off', indicating the automatic sign-out feature has been disabled, the rule triggers an alert. This rule operates within a defined deduplication period to prevent multiple alerts for the same event. It requires a single triggered log event to initiate a response, allowing security teams to promptly verify the intent behind this change. The severity is marked as medium, indicating the need for attention but not immediate threat status.