This rule aims to identify instances where administrators grant highly privileged delegated permissions or application permissions (known as app roles) in Azure environments. Such permissions can enable applications to perform actions on behalf of users, which can be exploited if assigned inappropriately. The rule focuses on detecting log entries that specifically indicate an app role assignment to a service principal, which is a security identity used by applications to access Azure resources. Given the potential for abuse in misconfigured delegated permissions, the rule has a high severity level, marking it as critical for security operations in cloud environments. Careful monitoring is advised, especially in scenarios where application permissions are being modified or increased in scope. The detection is based on properties within the audit log messages, ensuring that teams can swiftly respond to potential unauthorized changes to application permissions in their Azure cloud services.