The O365 Anonymous Link Used detection rule is designed to identify when anonymous sharing links in SharePoint Online or OneDrive for Business are being accessed. These links can expose shared content to external users without requiring authentication, creating vulnerabilities for sensitive data exfiltration. The rule leverages cloud data collections from Office 365 to monitor actions associated with these links, ensuring that any unauthorized access can be promptly detected and managed. By examining various event properties such as user, source IP, and event details, it enables security teams to respond to potential security incidents involving the misuse of anonymous links, mitigating risks associated with unmonitored external access to data.