diff --git a/global_helpers/global_helpers_test.py b/global_helpers/global_helpers_test.py
index 10a71d671..f57b725b8 100755
--- a/global_helpers/global_helpers_test.py
+++ b/global_helpers/global_helpers_test.py
@@ -2439,5 +2439,33 @@ def test_pantherflow_investigation(self):
         self.assertEqual(p_b_h.pantherflow_investigation(event), query)
 
 
+class TestEmailRegex(unittest.TestCase):
+    def test_email_regex(self):
+        email_regex = p_b_h.EMAIL_REGEX
+        valid_emails = [
+            "asfe@acme.com",
+            "afef-awef@feaf.efaef.aef-aefc.org",
+            "ifjlid%fesfdj+123@gmail.com",
+            "a@b.co",
+            "alfij.fjii-fjids+123@fsjd-sdf-sjkj.co.co.co.uk",
+        ]
+        invalid_emails = [
+            "asfe@acme",
+            "dff@.com",
+            "a@b",
+            "a@b.",
+            "a@b.c",
+            "a@b.c.",
+            "a@b.c.c",
+            "asdf?2d@gmail.com",
+            "asdf@",
+            "a.b@g&g.com",
+        ]
+        for email in valid_emails:
+            self.assertTrue(email_regex.match(email))
+        for email in invalid_emails:
+            self.assertFalse(email_regex.match(email))
+
+
 if __name__ == "__main__":
     unittest.main()
diff --git a/global_helpers/panther_base_helpers.py b/global_helpers/panther_base_helpers.py
index d541883c5..4f3260939 100644
--- a/global_helpers/panther_base_helpers.py
+++ b/global_helpers/panther_base_helpers.py
@@ -24,6 +24,8 @@ class PantherUnexpectedAlert(Exception):
 #      Generic Helpers    #
 # # # # # # # # # # # # # #
 
+EMAIL_REGEX = re.compile(r"[\w.+%-]+@[\w.-]+\.[a-zA-Z]{2,}")
+
 
 def deep_get(dictionary: dict, *keys, default=None):
     """Safely return the value of an arbitrarily nested map
diff --git a/packs/msft_graph.yml b/packs/msft_graph.yml
index a669f0d3f..c96b38dab 100644
--- a/packs/msft_graph.yml
+++ b/packs/msft_graph.yml
@@ -9,6 +9,7 @@ PackDefinition:
     - Microsoft365.MFA.Disabled
     - Microsoft365.Exchange.External.Forwarding
     # Globals
+    - panther_base_helpers
     - panther_msft_helpers
     - panther_config
     - panther_config_defaults
diff --git a/packs/zoom.yml b/packs/zoom.yml
index 9b3fdc469..81f4cb9e0 100644
--- a/packs/zoom.yml
+++ b/packs/zoom.yml
@@ -15,7 +15,6 @@ PackDefinition:
     # Data Models used in these detections
     - Standard.Zoom.Operation
     # Globals used in these detections
-
-
+    - panther_base_helpers
     - panther_event_type_helpers
     - panther_zoom_helpers
diff --git a/rules/microsoft_rules/microsoft365_external_sharing.py b/rules/microsoft_rules/microsoft365_external_sharing.py
index 259f109b2..49f23d969 100644
--- a/rules/microsoft_rules/microsoft365_external_sharing.py
+++ b/rules/microsoft_rules/microsoft365_external_sharing.py
@@ -1,10 +1,9 @@
 import re
 from fnmatch import fnmatch
 
+from panther_base_helpers import EMAIL_REGEX
 from panther_msft_helpers import m365_alert_context
 
-email_regex = re.compile(r"([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\.[A-Z|a-z]{2,})+")
-
 ALLOWED_DOMAINS = ["mycompany.com", "alloweddomain.com"]  # should be in lowercase
 
 ALLOWED_USERS = ["exception@outsider.com"]  # should be in lowercase
@@ -28,7 +27,7 @@ def rule(event):
         target = event.get("TargetUserOrGroupName", "")
         if target.lower() in ALLOWED_USERS:
             return False
-        if re.fullmatch(email_regex, target):
+        if re.fullmatch(EMAIL_REGEX, target):
             if target.split("@")[1].lower() not in ALLOWED_DOMAINS:
                 return True
     return False
diff --git a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.py b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.py
index e026fe303..a0453b43d 100644
--- a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.py
+++ b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.py
@@ -1,12 +1,14 @@
 import re
 
+from panther_base_helpers import EMAIL_REGEX
+
 PRIVILEGED_ROLES = ("Admin", "Co-Owner", "Owner", "Billing Admin")
 
 
 def extract_values(event):
     operator = event.get("operator", "<operator-not-found>")
     operation_detail = event.get("operation_detail", "")
-    email = re.search(r"[\w.+-c]+@[\w-]+\.[\w.-]+", operation_detail)[0] or "<email-not-found>"
+    email = re.search(EMAIL_REGEX, operation_detail)[0] or "<email-not-found>"
     fromto = re.findall(r"from ([-\s\w]+) to ([-\s\w]+)", operation_detail) or [
         ("<from-role-not-found>", "<to-role-not-found>")
     ]
diff --git a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml
index 507a72724..cbbfbc6e2 100644
--- a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml
+++ b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml
@@ -11,7 +11,7 @@ Tests:
       action: Batch Update
       category_type: User
       operation_detail: "Change Role  - homer.simpson@duff.io: from User to Co-Owner"
-      operator: admin@duff.io
+      operator: admin-test%1223+123@duff.dev.co
       time: "2022-07-05 20:28:48"
     Name: Admin Promotion Event
   - ExpectedResult: false
@@ -59,7 +59,7 @@ Tests:
       action: SCIM API - Update
       category_type: User
       operation_detail: "Edit User homer.simpson@duff.co  - Change Type: from Basic to Licensed"
-      operator: admin@duff.co
+      operator: admin-test%1223+123@duff.dev.co
       time: "2022-07-01 22:05:22"
     Name: Other Event
 DedupPeriodMinutes: 60