diff --git a/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml b/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml
index eefc98fb4..2edd8b372 100644
--- a/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml
+++ b/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml
@@ -2,7 +2,7 @@
 creation_date = "2020/11/30"
 integration = ["o365"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/05/24"
 
 [rule]
 author = ["Elastic", "Willem D'Haese", "Austin Songer"]
@@ -41,7 +41,9 @@ query = '''
 event.dataset:o365.audit and event.provider:(AzureActiveDirectory or Exchange) and
   event.category:authentication and event.action:(UserLoginFailed or PasswordLogonInitialAuthUsingPassword) and
   not o365.audit.LogonError:(UserAccountNotFound or EntitlementGrantsNotFound or UserStrongAuthEnrollmentRequired or
-                             UserStrongAuthClientAuthNRequired or InvalidReplyTo)
+                             UserStrongAuthClientAuthNRequired or InvalidReplyTo or SsoArtifactExpiredDueToConditionalAccess or
+                             PasswordResetRegistrationRequiredInterrupt or SsoUserAccountNotFoundInResourceTenant or
+                             UserStrongAuthExpired)
 '''