This detection rule identifies instances where admin consent is granted to applications within an Azure Active Directory (AAD) tenant, leveraging Azure AD audit logs for events that fall under the 'ApplicationManagement' category. Such consent allows applications access to potentially sensitive organizational data across the tenant, posing a significant security risk; it could enable attackers to perform data exfiltration or unauthorized activities if they gain control of the application. The rule focuses on the 'Consent to application' operation within AAD and filters logs for cases where the consent type is 'AllPrincipals'. It generates alert counts and timings for occurrences grouped by the acting user and the related application, allowing for further investigation of unusual activities within AAD.