diff --git a/detection-rules/link_microsoft_low_reputation.yml b/detection-rules/link_microsoft_low_reputation.yml
index 95c91a63b02..67b83e08151 100644
--- a/detection-rules/link_microsoft_low_reputation.yml
+++ b/detection-rules/link_microsoft_low_reputation.yml
@@ -71,7 +71,7 @@ source: |
        and any(ml.logo_detect(.).brands, strings.starts_with(.name, "Microsoft"))
    )
    or strings.istarts_with(strings.replace_confusables(body.current_thread.text), "Microsoft ")
-   or regex.icontains(strings.replace_confusables(body.current_thread.text), '(?:^|\n)[o0O]ff[il1]ce\b')
+   or regex.imatch(strings.replace_confusables(body.current_thread.text), '[\n\s]*[o0O]ff[il1]ce\b.*')
    or any(ml.logo_detect(beta.message_screenshot()).brands,
           strings.starts_with(.name, "Microsoft")
    )