This detection rule monitors the assignment of high-privilege roles within Office 365, including critical roles such as Exchange Administrator, SharePoint Administrator, and Global Administrator. By analyzing O365 audit logs, the rule identifies events where these roles are granted to either user accounts or service accounts. Given the extensive permissions these roles confer, such an action can indicate potential security risks. Granting these roles without proper oversight could enable attackers to manipulate, delete, or access sensitive data, essentially compromising the security of the entire Office 365 environment. The detection query filters O365 management activities by specifically looking for the operation 'Add member to role', and it checks the relevant modified property values to capture high-privilege role assignments.