diff --git a/rules/integrations/azure/initial_access_entra_id_oauth_auth_code_grant_unusual_app_resource_user.toml b/rules/integrations/azure/initial_access_entra_id_oauth_auth_code_grant_unusual_app_resource_user.toml
index bfde9e8b5..84bf8f56d 100644
--- a/rules/integrations/azure/initial_access_entra_id_oauth_auth_code_grant_unusual_app_resource_user.toml
+++ b/rules/integrations/azure/initial_access_entra_id_oauth_auth_code_grant_unusual_app_resource_user.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/12/17"
 integration = ["azure"]
 maturity = "production"
-updated_date = "2025/12/17"
+updated_date = "2026/01/20"
 
 [rule]
 author = ["Elastic"]
@@ -103,7 +103,6 @@ event.dataset: "azure.signinlogs" and
                 "27922004-5251-4030-b22d-91ecd9a37ea4" or
                 "4813382a-8fa7-425e-ab75-3b753aab3abb" or
                 "ab9b8c07-8f02-4f72-87fa-80105867a763" or
-                "d3590ed6-52b3-4102-aeff-aad2292ab01c" or
                 "872cd9fa-d31f-45e0-9eab-6e460a02d1f1" or
                 "af124e86-4e96-495a-b70a-90f90ab96707" or
                 "2d7f3606-b07d-41d1-b9d2-0d0c9296a6e8" or
@@ -116,7 +115,6 @@ event.dataset: "azure.signinlogs" and
                 "57336123-6e14-4acc-8dcf-287b6088aa28" or
                 "57fcbcfa-7cee-4eb1-8b25-12d2030b4ee0" or
                 "66375f6b-983f-4c2c-9701-d680650f588f" or
-                "9ba1a5c7-f17a-4de9-a1f1-6178c8d51223" or
                 "a40d7d7d-59aa-447e-a655-679a4107e548" or
                 "a569458c-7f2b-45cb-bab9-b7dee514d112" or
                 "b26aadf8-566f-4478-926f-589f601d9c74" or