This detection rule monitors the rate of failed authentication attempts in Azure sign-in logs. It is triggered when there is a notable increase—specifically, a 10% rise in sign-ins that result in failure. The condition for this rule checks sign-in events categorized with a 'Status' of 'failure' and assesses if their count has increased relative to previous data, denoting a potential security threat such as brute force or credential stuffing attacks. This rule is particularly significant as it ensures that organizations can proactively address unauthorized access attempts, thereby enhancing their security posture against user account compromise.