This detection rule is designed to monitor and identify changes to the external guest policies within Azure Active Directory (AD) particularly regarding B2B collaboration. By leveraging Office 365 Universal Audit Logs, the rule specifically triggers when an update policy operation occurs on the B2B Management Policy. The detection captures the previous and new values of specific properties related to the allowed domains for guest users and provides a clear distinction between what has been added or removed. The importance of this detection lies in the potential security risks associated with unauthorized changes in external guest policies, which can lead to unauthorized access to sensitive company resources. Historical instances of exploitation in BlackHat 2022 highlight the relevance of closely monitoring such changes. This rule not only identifies who made the changes but also summarizes the action taken alongside timestamps for accountability.