This detection rule identifies unauthorized attempts to invite guest users within Azure environments. Specifically, it is triggered when a user without the necessary permissions tries to send an invitation to an external user. The rule analyzes Azure audit logs for specific conditions where the invitation message indicates an attempt to 'Invite external user' and corresponds with a status of 'failure'. This monitoring is essential for maintaining security, as unauthorized guest invitations can lead to potential security risks such as data breaches or unauthorized access. By detecting these failed invitation attempts, organizations can enforce compliance with security policies and improve oversight of access management.