This detection rule identifies instances where a GSuite Workspace Admin has disabled the enforcement of strong passwords within the organization's security settings. This action poses a high risk as it could potentially expose the system to unauthorized access and increase vulnerability to account breaches. The rule monitors for specific logs of administrative actions related to security settings changes. If strong password enforcement is turned off, it indicates a potentially deliberate weakening of security protocols which needs further investigation. The detection is based on activity logs that record the emailing actor, the change made, and the settings' old and new values.