diff --git a/rules/cloud/azure/azure_device_or_configuration_deleted.yml b/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
similarity index 57%
rename from rules/cloud/azure/azure_device_or_configuration_deleted.yml
rename to rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
index 4156aa7d4..c5136d769 100644
--- a/rules/cloud/azure/azure_device_or_configuration_deleted.yml
+++ b/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
@@ -1,7 +1,7 @@
-title: Azure Device or Configuration Deleted
+title: Azure Device or Configuration Modified or Deleted
 id: 46530378-f9db-4af9-a9e5-889c177d3881
-description: Identifies when a device or device configuration in azure is deleted.
-author: Austin Songer
+description: Identifies when a device or device configuration in azure is modified or deleted.
+author: Austin Songer @austinsonger
 status: experimental
 date: 2021/09/03
 references:
@@ -13,11 +13,13 @@ detection:
         properties.message: 
             - Delete device
             - Delete device configuration
+            - Update device
+            - Update device configuration
     condition: selection
 level: medium
 tags:
     - attack.impact
 falsepositives:
- - Device or device configuration being deleted may be performed by a system administrator. 
+ - Device or device configuration being modified or deleted may be performed by a system administrator. 
  - Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. 
- - Device or device configuration deleted from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
+ - Device or device configuration modified or deleted from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.