diff --git a/rules/integrations/azure/persistence_azure_conditional_access_policy_modified.toml b/rules/integrations/azure/persistence_azure_conditional_access_policy_modified.toml
index ef3b874a3..fc6635d00 100644
--- a/rules/integrations/azure/persistence_azure_conditional_access_policy_modified.toml
+++ b/rules/integrations/azure/persistence_azure_conditional_access_policy_modified.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/09/01"
 maturity = "production"
-updated_date = "2021/07/20"
+updated_date = "2022/02/20"
 integration = "azure"
 
 [rule]
@@ -30,11 +30,7 @@ type = "query"
 
 query = '''
 event.dataset:(azure.activitylogs or azure.auditlogs) and
-  (
-    azure.activitylogs.operation_name:"Update policy" or
-    azure.auditlogs.operation_name:"Update policy"
-  ) and
-  event.outcome:(Success or success)
+event.action:"Update conditional access policy" and event.outcome:(Success or success)
 '''