diff --git a/rules/cloud/azure/azure_federation_modified.yml b/rules/cloud/azure/azure_federation_modified.yml
index 37b7f5858..f5b0eee44 100644
--- a/rules/cloud/azure/azure_federation_modified.yml
+++ b/rules/cloud/azure/azure_federation_modified.yml
@@ -7,7 +7,7 @@ date: 2021/09/06
 references:
     - https://attack.mitre.org/techniques/T1078/
 logsource:
-  service: azure.activitylogs
+  service: azure.signinlogs
 detection:
     selection:
         properties.message: Set federation settings on domain