This detection rule focuses on the monitoring of Azure activity logs to track occurrences where permissions are granted to accounts within an Azure environment. Specifically, it identifies instances where users grant access to other users on Azure resources, as indicated by the keyword 'Microsoft.Authorization/roleAssignments/write'. The alert mechanism triggers when a new or previously unseen source IP address is detected performing this action, allowing for the quick identification of potentially unauthorized or malicious access attempts. This rule is critical for maintaining the security of Azure resources, as it helps organizations detect and respond to unusual activities that could indicate compromise or policy violations regarding permissions and user access management.