From 9d34cc2f1f290cd4929e9b6462fe1a3b3a292d3b Mon Sep 17 00:00:00 2001
From: Emma <138881774+eroll-chorus@users.noreply.github.com>
Date: Wed, 9 Aug 2023 17:00:51 +0100
Subject: [PATCH] Update TargetResource logic for UserAssignedPrivilegedRole

---
 .../Analytic Rules/UserAssignedPrivilegedRole.yaml         | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Solutions/Azure Active Directory/Analytic Rules/UserAssignedPrivilegedRole.yaml b/Solutions/Azure Active Directory/Analytic Rules/UserAssignedPrivilegedRole.yaml
index 744587d8f27..0786b454ecf 100644
--- a/Solutions/Azure Active Directory/Analytic Rules/UserAssignedPrivilegedRole.yaml	
+++ b/Solutions/Azure Active Directory/Analytic Rules/UserAssignedPrivilegedRole.yaml	
@@ -26,9 +26,8 @@ query: |
   | where ActivityDisplayName has_any ("Add eligible member to role", "Add member to role")
   | mv-apply TargetResource = TargetResources on 
     (
-        where TargetResource.type =~ "User"
-        | extend Target = tostring(TargetResource.userPrincipalName)
-        | extend Target = iff(TargetResources.type == "ServicePrincipal", tostring(TargetResources.displayName), Target),
+        where TargetResource.type in~ ("User", "ServicePrincipal")
+        | extend Target = iff(TargetResource.type =~ "ServicePrincipal", tostring(TargetResource.displayName), tostring(TargetResource.userPrincipalName)),
                  props = TargetResource.modifiedProperties
     )
   | mv-apply Property = props on 
@@ -56,5 +55,5 @@ entityMappings:
         columnName: InitiatorName
       - identifier: UPNSuffix
         columnName: InitiatorUPNSuffix
-version: 1.0.5
+version: 1.0.6
 kind: Scheduled