This rule is designed to detect unauthorized modifications to storage settings within Microsoft Azure, specifically through REST operations that control Table, Blob, and File service resources. Adversaries may attempt to manipulate storage configurations, including logging and metrics settings, to evade detection or hinder security monitoring. The rule utilizes specific operation names (SetBlobServiceProperties, SetFileServiceProperties, SetTableServiceProperties) to identify relevant changes. It starts by calling cloud data functions tailored for Azure storage events, then employs regular expression (regex) to clean the source IP addresses. The captured data is organized into a table format that includes various fields such as user IDs, account information, and event details. The results are further aggregated by time and source IP to provide insights into potential anomalies. Key techniques this rule addresses include defense evasion related to modifying cloud infrastructure and impairing defenses by disabling logging capabilities.