diff --git a/rules/cloud/azure/azure_unusual_authentication_interruption.yml b/rules/cloud/azure/azure_unusual_authentication_interruption.yml
index 3ce409cf1..397ea2b05 100644
--- a/rules/cloud/azure/azure_unusual_authentication_interruption.yml
+++ b/rules/cloud/azure/azure_unusual_authentication_interruption.yml
@@ -10,13 +10,13 @@ logsource:
   product: azure
   service: azure.signinlogs
 detection:
-  selection:
+  selection1:
     ResultType: 50097
     ResultDescription: 'Device authentication is required'
-  selection:
+  selection2:
     ResultType: 50155
     ResultDescription: 'DeviceAuthenticationFailed'
-  selection:
+  selection3:
     ResultType: 50158
     ResultDescription: 'ExternalSecurityChallenge - External security challenge was not satisfied'
     condition: selection1 or selection2 or selection3