This detection rule aims to identify instances where guest users are invited to a tenant environment by individuals who are not on an approved inviter list. The rule specifically monitors Azure audit logs, focusing on events categorized under User Management. By filtering out events initiated by approved guest inviters and concentrating on those initiated by any other users, it safeguards against unauthorized access and maintains strict control over guest user interactions within the tenant. This is crucial for ensuring compliance with organizational policies and preventing potential breaches. The rule is marked with a medium severity level to indicate a noteworthy threat that necessitates attention but is not classified as critical.