This detection rule is designed to identify instances where an end user grants consent to an application within the Azure environment. It focuses on scenarios in which the consent is given without administrative privileges, highlighting potential unauthorized access to sensitive applications or data. The detection mechanism relies on monitoring Azure audit logs for records where the ConsentContext property indicates that the consent has not been provided by an admin (i.e., ConsentContext.IsAdminConsent is set to false). The low severity level indicates that while such events could be legitimate, they warrant monitoring to prevent misuse of consent to applications that might lead to credential access or other security risks. Understanding the implications of end user consent in Azure is critical as unauthorized consent could facilitate potential data breaches, making this rule an essential part of the security operations set in place to counter such threats.