diff --git a/rules/cloud/azure/azure_kubernetes_cronjob.yml b/rules/cloud/azure/azure_kubernetes_cronjob.yml
index 14b801150..fe86dc939 100644
--- a/rules/cloud/azure/azure_kubernetes_cronjob.yml
+++ b/rules/cloud/azure/azure_kubernetes_cronjob.yml
@@ -15,10 +15,13 @@ logsource:
 detection:
     selection1:
           properties.message: MICROSOFT.KUBERNETES/CONNECTEDCLUSTERS/BATCH/CRONJOBS/WRITE
+    selection2: 
           properties.message: MICROSOFT.KUBERNETES/CONNECTEDCLUSTERS/BATCH/JOBS/WRITE
+    selection3:
           properties.message: MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/BATCH/CRONJOBS/WRITE
+    selection4:
           properties.message: ICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/BATCH/JOBS/WRITE
-    condition: selection1
+    condition: selection1 or selection2 or selection3 or selection4
 level: medium
 tags:
     - attack.persistence