This detection rule identifies potential phishing attempts that use Microsoft branding, particularly through the inclusion of QR codes in messages from unsolicited senders. By analyzing the structure and content of the message, including attachments and the email header information, the rule flags those that attempt to impersonate Microsoft with various lures. This encompasses a range of tactics such as using QR codes directing users to malicious sites, images that contain branding elements like logos, and specific phrases linked to authentication urgency (e.g., 'Authenticate', '2FA', 'QR code'). The rule is comprehensive, targeting multiple vectors of attack associated with credential phishing, and employs methods like Computer Vision for image analysis and thorough scrutiny of sender profiles to assess the legitimacy of the communication.