This detection rule identifies activities originating from IP addresses classified as anonymous proxies within the Microsoft Cloud App Security framework. When users are detected operating from such IP addresses, the rule generates alerts based on events logged in the Security Compliance Center. The primary purpose is to monitor potential unauthorized access attempts that may be attempting to obfuscate their identity while interacting with the platform. The rule is currently in a test status, indicating ongoing validation of its effectiveness and accuracy. It is noteworthy that while this rule is useful for identifying suspicious behaviors, it may also generate false positives for legitimate users utilizing VPNs for additional privacy or security. The monitoring leverages predefined events specifically designated to track interactions that contradict expected behavior patterns in the Microsoft environment.