This detection rule monitors changes to the allowed domain settings within Office 365 SharePoint. Such changes are particularly critical in environments utilizing Azure Active Directory B2B collaboration, as they enable external users to access internal resources. Unauthorized modifications to these settings may expose sensitive information or allow unapproved users to gain access. The rule captures events related to the SharingPolicyChanged operation in SharePoint and extracts relevant details on modified properties indicating alterations to the AllowDomainList. Security teams should be alerted to these changes to mitigate risks associated with unauthorized access and data breaches.