This detection rule is focused on identifying when an application is granted specific permissions within Microsoft services such as Microsoft Graph, Exchange, Sharepoint, or Azure Active Directory (Azure AD). The rule triggers when audit logs indicate that an application has received either delegated permissions or app role assignments. It seeks to highlight potentially malicious activities where an app may be acquiring unnecessary privileges that could lead to unauthorized access or data breaches. The detection conditions check for specific log messages indicating permission grants. While legitimate applications may require such permissions, this rule is essential for monitoring any unauthorized or excessive permission assignments that could compromise security. It is classified under credential access techniques and leans toward a high severity level given the potential impact of such permissions on an organization's security posture.