This detection rule monitors the assignment of high-risk permissions related to the Azure AD Graph API, specifically targeting permissions that allow broad access to Azure AD configurations and resources. It identifies the assignment of permissions such as Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and RoleManagement.ReadWrite.Directory through the 'Update application' operations logged in Azure AD AuditLogs. Given the critical nature of these permissions, unauthorized assignments can lead to significant security vulnerabilities, necessitating prompt investigation upon detection. The implementation requires the ingestion of Azure AD events into Splunk, utilizing the respective data source and configurations for effective monitoring.