The 'Primary Refresh Token Access Attempt' rule is designed to detect unauthorized or suspicious access attempts to the Primary Refresh Token (PRT) resource within Azure environments. PRT is critical for maintaining user sessions and managing authentication tokens. Detecting access to this resource is crucial, as it could signify an attempt at lateral movement within an organization or potential credential theft, both of which are high-risk security incidents. The detection conditions are based on identifying specific risk event types related to attempted access, and due to the low frequency of these events, each detection is treated as a high-priority alert. The identified risk events can serve as indicators of a compromised account or targeted attack, making immediate remediation essential whenever such attempts are logged.