This analytic rule aims to detect the assignment of read permissions to mailbox folders in an Office 365 environment. It taps into the `o365_management_activity` data source and specifically monitors the `ModifyFolderPermissions` and `AddFolderPermissions` operations. Notably, it excludes permission modifications for Calendar, Contacts, and Person Metadata objects to minimize false positives. The rule is critical as unauthorized read permissions can lead to significant data leaks or data breaches, compromising sensitive organizational communications. The implementation involves using Splunk with the appropriate add-on to ingest Office 365 management activity events.