This detection rule identifies modifications made to access levels of Google Workspace applications, a critical component of the Zero Trust model employed by BeyondCorp Enterprise. Changes to access levels can indicate unauthorized attempts by attackers seeking to simplify access to sensitive resources within the Google Workspace ecosystem. Monitoring for such events is essential for maintaining the integrity of access control measures in the environment. The rule specifically triggers on the administrative event ('CHANGE_APPLICATION_SETTING') where the setting name begins with 'ContextAwareAccess', allowing the detection of any potentially harmful changes. Understanding the context of these access changes is crucial, as legitimate administrative actions may also trigger this rule, underscoring the importance of thorough analysis and correlation with other events to minimize false positives.