def rule(event):
    if (
        event.deep_get("failure_status_reason", default="")
        == "Microsoft.online.Security.userConsentBlockedForRiskyAppsExceptions"
    ):
        return True
    return False
