diff --git a/rules/cloud/azure/activity_logs/azure_app_credential_modification.yml b/deprecated/cloud/azure_app_credential_modification.yml
similarity index 86%
rename from rules/cloud/azure/activity_logs/azure_app_credential_modification.yml
rename to deprecated/cloud/azure_app_credential_modification.yml
index e38f45ef8..178873087 100644
--- a/rules/cloud/azure/activity_logs/azure_app_credential_modification.yml
+++ b/deprecated/cloud/azure_app_credential_modification.yml
@@ -1,12 +1,12 @@
 title: Azure Application Credential Modified
 id: cdeef967-f9a1-4375-90ee-6978c5f23974
-status: test
+status: deprecated
 description: Identifies when a application credential is modified.
 references:
     - https://www.cloud-architekt.net/auditing-of-msi-and-service-principals/
 author: Austin Songer @austinsonger
 date: 2021-09-02
-modified: 2022-10-09
+modified: 2025-10-17
 tags:
     - attack.impact
 logsource:
@@ -14,7 +14,7 @@ logsource:
     service: activitylogs
 detection:
     selection:
-        properties.message: 'Update application - Certificates and secrets management'
+        properties.message: 'Update application – Certificates and secrets management'
     condition: selection
 falsepositives:
     - Application credential added may be performed by a system administrator.