[Rule Tuning] Align Microsoft Graph Email Access /me Path Predicate

[raylee-hawkins]

Summary

• Aligns the Microsoft Graph email access rule's /me path predicate with the /me/... mail paths referenced in the rule description and investigation guidance.
• Updates the predicate from /v1.0/me/*cc to /v1.0/me/*.
• Keeps the existing mail / messages / inbox constraints in place.
• Does not add data sources or change rule logic beyond this path predicate tuning.

Validation

Local validation passed:

• python -m detection_rules validate-rule rules/integrations/azure/collection_graph_email_access_by_unusual_public_client_via_graph.toml
• python -m detection_rules test - 232 passed, 19 skipped

Scope

• One TOML rule only.
• No runtime signal claim.
• No production or customer claim.

Related

• Related to [Meta] Data Exploration for Detections - Microsoft Graph Activity Logs #3645
• Follow-up context from [New Rule] Suspicious Email Access by First-Party Application via Microsoft Graph #4704

[raylee-hawkins]

Looks like the Add PR Guidelines Comment workflow failed because the PR does not currently have one of the guideline labels the workflow expects.

This PR is a rule tuning change. Could a maintainer apply the Rule: Tuning label so the guideline requirement is satisfied?

Local validation is listed in the PR summary.