diff --git a/rules/cloud/m365/microsoft365_activity_by_terminated_user.yml b/rules/cloud/m365/microsoft365_activity_by_terminated_user.yml
index 037dcd00c..5b2e2df98 100644
--- a/rules/cloud/m365/microsoft365_activity_by_terminated_user.yml
+++ b/rules/cloud/m365/microsoft365_activity_by_terminated_user.yml
@@ -20,4 +20,4 @@ falsepositives:
     - Unknown
 level: medium
 tags:
-    - attack.impact
\ No newline at end of file
+    - attack.impact
diff --git a/rules/cloud/m365/microsoft365_activity_from_anonymous_ip_addresses.yml b/rules/cloud/m365/microsoft365_activity_from_anonymous_ip_addresses.yml
index 697d6f8dc..a46219e10 100644
--- a/rules/cloud/m365/microsoft365_activity_from_anonymous_ip_addresses.yml
+++ b/rules/cloud/m365/microsoft365_activity_from_anonymous_ip_addresses.yml
@@ -21,4 +21,4 @@ falsepositives:
 level: medium
 tags:
     - attack.command_and_control
-    - attack.t1573
\ No newline at end of file
+    - attack.t1573
diff --git a/rules/cloud/m365/microsoft365_activity_from_infrequent_country.yml b/rules/cloud/m365/microsoft365_activity_from_infrequent_country.yml
index 8e155919a..3d7862fad 100644
--- a/rules/cloud/m365/microsoft365_activity_from_infrequent_country.yml
+++ b/rules/cloud/m365/microsoft365_activity_from_infrequent_country.yml
@@ -21,4 +21,4 @@ falsepositives:
 level: medium
 tags:
     - attack.command_and_control
-    - attack.t1573
\ No newline at end of file
+    - attack.t1573
diff --git a/rules/cloud/m365/microsoft365_activity_from_ip_addresses.yml b/rules/cloud/m365/microsoft365_activity_from_ip_addresses.yml
deleted file mode 100644
index ac34cd56a..000000000
--- a/rules/cloud/m365/microsoft365_activity_from_ip_addresses.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-title: Microsoft 365 - Activity from anonymous IP addresses
-id: d8b0a4fe-07a8-41be-bd39-b14afa025d95
-status: experimental
-description: Detects when a Microsoft Cloud App Security reported 
-author: Austin Songer @austinsonger
-date: 2021/08/23
-references:
-    - https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
-    - https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
-logsource:
-    category: 
-    service: m365
-detection:
-    selection:
-        eventSource: SecurityComplianceCenter
-        eventName: "Activity from anonymous IP addresses"
-        status: success
-    condition: selection
-falsepositives:
-    - 
-level: medium
-tags:
-    - attack.initial_access
-    - 
\ No newline at end of file
diff --git a/rules/cloud/m365/microsoft365_from_suspicious_ip_addresses.yml b/rules/cloud/m365/microsoft365_from_suspicious_ip_addresses.yml
index 4ade854ae..8c703557d 100644
--- a/rules/cloud/m365/microsoft365_from_suspicious_ip_addresses.yml
+++ b/rules/cloud/m365/microsoft365_from_suspicious_ip_addresses.yml
@@ -21,4 +21,4 @@ falsepositives:
 level: medium
 tags:
     - attack.command_and_control
-    - attack.t1573
\ No newline at end of file
+    - attack.t1573
diff --git a/rules/cloud/m365/microsoft365_suspicious_inbox_forwarding.yml b/rules/cloud/m365/microsoft365_suspicious_inbox_forwarding.yml
index e583f123c..7910c62c9 100644
--- a/rules/cloud/m365/microsoft365_suspicious_inbox_forwarding.yml
+++ b/rules/cloud/m365/microsoft365_suspicious_inbox_forwarding.yml
@@ -21,4 +21,4 @@ falsepositives:
 level: low
 tags:
     - attack.exfiltration
-    - attack.t1020
\ No newline at end of file
+    - attack.t1020
diff --git a/rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml b/rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml
index 906cd1006..3ba0e3267 100644
--- a/rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml
+++ b/rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml
@@ -21,4 +21,3 @@ falsepositives:
 level: medium
 tags:
     - attack.exfiltration
-    
\ No newline at end of file