This detection rule identifies when an Azure Storage Account is deleted, an action that may indicate malicious activity by adversaries seeking to disrupt operations, destroy evidence, or cause denial of service. The rule specifically targets successful deletion events logged in Azure activity logs, a critical operation that removes all associated data, including blobs, files, queues, and tables. Such deletions can suggest attempts to cover tracks after data exfiltration or as part of destructive attacks. Key investigation steps include reviewing user activities around the deletion, correlating the event timing with other suspicious actions, and checking against organizational change management processes. The rule also takes into account potential false positives from legitimate administrative deletions and encourages thorough investigation and response protocols to mitigate risks.