The Azure Kubernetes Admission Controller rule detects the execution of admission controllers within Azure Kubernetes environments. Admission controllers serve as gatekeepers, intercepting requests sent to the Kubernetes API server and allowing for modifications based on defined behavior via admission webhooks. Both MutatingAdmissionWebhook and ValidatingAdmissionWebhook types can be leveraged by attackers for malicious purposes, including maintaining persistent access within the cluster by modifying pod deployments or intercepting sensitive information such as access credentials or secrets. These attacks typically utilize two operations: writing configurations for mutating and validating webhooks, allowing adversaries to control pod creation and API requests effectively. The detection logic targets specific operations related to admission registration and configuration updates in Azure's Kubernetes services, providing critical insights into potential malicious activity.