This detection rule identifies instances where a new owner is assigned to an application registration within an Azure AD and Office 365 tenant. It utilizes O365 audit logs, specifically targeting events tied to modifications in owner assignments within the Azure Active Directory workload. The significance of this activity lies in the potential control that a new application owner might obtain over the application’s configurations and permissions. If such action is performed by an unauthorized actor, the consequences may include unauthorized data access, privilege escalation, or the alteration of the application’s behavior and operations to serve malicious purposes. The detection mechanism involves querying O365 management activity logs for specific operations relating to the assignment of application owners, providing an alert when such an event is recorded.