This detection rule monitors user activity in an Azure Active Directory (Azure AD) environment for events where users grant consent to OAuth applications. The detection leverages Azure AD audit logs to identify when users approve application permissions, which can pose significant security risks. If a malicious actor successfully gets a consent granted, it can lead to unauthorized access to sensitive organizational resources and data. The search query filters for successful consent grants and collects relevant metadata about the application permissions granted. Prominent indicators of compromise prompt immediate investigation to assess the legitimacy of the consent, potential abuse, and to ensure that organizational security policies are not being violated.