This analytic rule monitors instances where users in an Office 365 environment grant consent to applications requesting file permissions associated with OneDrive and SharePoint. It utilizes the O365 audit logs, specifically tracking OAuth application consent events, which can reveal potentially malicious activity when permissions are granted to applications. The rule highlights that granting permissions such as 'Files.Read', 'Files.Read.All', and similar scopes can pose significant security risks if the application is malicious or overly permissive. If such behavior is detected, it requires immediate investigation to confirm the application's legitimacy and identify any related risks, as it could lead to data breaches or unauthorized manipulation of sensitive information.