This detection rule identifies potential instances of Microsoft impersonation through messages that contain links to Microsoft-hosted logos. The detection criteria are based on several factors: the sender's display name must be entirely in uppercase letters; the sender's email domain should not belong to known Microsoft domains, such as microsoft.com or microsoftsupport.com; and the message body must include a link with a display text that is also in all caps (for instance, 'CLICK', 'DOWNLOAD', etc.). Moreover, it checks if the link directs to a Microsoft logo image hosted on microsoft.com. The rule also considers the sender's profile to ascertain that they are a first-time communicator or have a history of malicious or spammy behavior without any documented false positives. In summary, this rule is designed to uncover phishing attempts masquerading as Microsoft communications, leveraging social engineering tactics to manipulate users into acting on the malicious links.