Add references to rules (microsoft_rules)

rules/microsoft_rules/microsoft365_brute_force_login_by_user.yml

@@ -4,6 +4,7 @@ DisplayName: "Microsoft365 Brute Force Login by User"
 Enabled: true
 Filename: microsoft365_brute_force_login_by_user.py
 Runbook: Analyze the IP they came from and actions taken before/after.
+Reference: https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/access-denied-when-connect-to-office-365
 Severity: Medium
 Tests:
     - ExpectedResult: true

rules/microsoft_rules/microsoft365_external_sharing.yml

@@ -4,6 +4,7 @@ DisplayName: "Microsoft365 External Document Sharing"
 Enabled: true
 Filename: microsoft365_external_sharing.py
 Runbook: Check the document metadata to ensure it is not a sensitive document.
+Reference: https://support.microsoft.com/en-us/topic/manage-sharing-with-external-users-in-microsoft-365-small-business-2951a85f-c970-4375-aa4f-6b0d7035fe35#:~:text=Top%20of%20Page-,Turn%20external%20sharing%20on%20or%20off,-The%20ability%20to
 Severity: Low
 Tests:
     - ExpectedResult: false

rules/microsoft_rules/microsoft365_mfa_disabled.yml

@@ -4,6 +4,7 @@ DisplayName: "Microsoft365 MFA Disabled"
 Enabled: true
 Filename: microsoft365_mfa_disabled.py
 Runbook: Depending on company policy, either suggest or require the user re-enable two step verification.
+Reference: https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
 Severity: Low
 Tests:
     - ExpectedResult: false

rules/microsoft_rules/microsoft_exchange_external_forwarding.yml

@@ -3,6 +3,7 @@ Description: Detects creation of forwarding rule to external domains
 DisplayName: "Microsoft Exchange External Forwarding"
 Enabled: true
 Filename: microsoft_exchange_external_forwarding.py
+Reference: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-policies-external-email-forwarding?view=o365-worldwide
 Severity: High
 Tests:
     - ExpectedResult: true