diff --git a/rules/google-workspace/google_workspace_mfa_enforcement_disabled.toml b/rules/google-workspace/google_workspace_mfa_enforcement_disabled.toml
index e3425b9b4..238657064 100644
--- a/rules/google-workspace/google_workspace_mfa_enforcement_disabled.toml
+++ b/rules/google-workspace/google_workspace_mfa_enforcement_disabled.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/11/17"
 maturity = "production"
-updated_date = "2021/05/10"
+updated_date = "2021/07/21"
 
 [rule]
 author = ["Elastic"]
@@ -42,6 +42,6 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ENFORCE_STRONG_AUTHENTICATION and gsuite.admin.new_value:false
+event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ENFORCE_STRONG_AUTHENTICATION and (gsuite.admin.new_value:false or google_workspace.admin.new_value:false)
 '''
 
diff --git a/rules/google-workspace/google_workspace_policy_modified.toml b/rules/google-workspace/google_workspace_policy_modified.toml
index 82d866fc3..40f32e080 100644
--- a/rules/google-workspace/google_workspace_policy_modified.toml
+++ b/rules/google-workspace/google_workspace_policy_modified.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/11/17"
 maturity = "production"
-updated_date = "2021/05/10"
+updated_date = "2021/07/21"
 
 [rule]
 author = ["Elastic"]
@@ -51,6 +51,14 @@ event.dataset:(gsuite.admin or google_workspace.admin) and
     "Password Management - Enforce password policy at next login" or
     "Password Management - Minimum password length" or
     "Password Management - Maximum password length"
+  ) or
+  google_workspace.admin.setting.name:(
+    "Password Management - Enforce strong password" or
+    "Password Management - Password reset frequency" or
+    "Password Management - Enable password reuse" or
+    "Password Management - Enforce password policy at next login" or
+    "Password Management - Minimum password length" or
+    "Password Management - Maximum password length"
   )
 '''
 
diff --git a/rules/google-workspace/mfa_disabled_for_google_workspace_organization.toml b/rules/google-workspace/mfa_disabled_for_google_workspace_organization.toml
index ec34c9be9..bfe16810c 100644
--- a/rules/google-workspace/mfa_disabled_for_google_workspace_organization.toml
+++ b/rules/google-workspace/mfa_disabled_for_google_workspace_organization.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/11/17"
 maturity = "production"
-updated_date = "2021/05/10"
+updated_date = "2021/07/21"
 
 [rule]
 author = ["Elastic"]
@@ -41,6 +41,6 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:(ENFORCE_STRONG_AUTHENTICATION or ALLOW_STRONG_AUTHENTICATION) and gsuite.admin.new_value:false
+event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:(ENFORCE_STRONG_AUTHENTICATION or ALLOW_STRONG_AUTHENTICATION) and (gsuite.admin.new_value:false or google_workspace.admin.new_value:false)
 '''