This detection rule focuses on monitoring rare subscription-level operations performed in Microsoft Azure. It identifies and alerts on access grants made from previously unseen source IP addresses. The rule is particularly important for detecting unusual activities that may indicate compromise or misuse of Azure resources. It monitors specific actions related to common Azure resources such as database accounts, media services, cognitive service accounts, and network security groups. By focusing on these rare operations, organizations can better detect potential unauthorized access and improve their security posture in the Azure environment.