diff --git a/Azure Services/Azure Active Directory Logs/Alerts/README b/Azure Services/Microsoft Entra ID Logs/Alerts/README
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Alerts/README
rename to Azure Services/Microsoft Entra ID Logs/Alerts/README
diff --git a/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Priviliged Identity Management requests and approvals.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Priviliged Identity Management requests and approvals.kql
new file mode 100644
index 00000000..d987e7ab
--- /dev/null
+++ b/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Priviliged Identity Management requests and approvals.kql	
@@ -0,0 +1,31 @@
+// Author: Expecho
+// Display name: Privileged Identity Management activations and approvals
+// Description: View Privileged Identity Management role activations and approvals
+// Categories: Audit
+// Resource types: Microsoft Entra ID
+// Topic: Audit
+
+AuditLogs
+| where TimeGenerated > ago(30d)
+| where LoggedByService == "PIM"
+| where OperationName == "Add member to role completed (PIM activation)"
+| project 
+    TimeGenerated, 
+    Reason = ResultReason, 
+    Result, 
+    Requestor = Identity, 
+    Category,
+    Role = tostring(TargetResources[0].displayName), 
+    ResourceName = tostring(TargetResources[3].displayName), 
+    ResourceType = tostring(TargetResources[3].type), 
+    Start = iif(Category == "GroupManagement", todatetime(AdditionalDetails[2].value), todatetime(AdditionalDetails[3].value)),
+    End = iif(Category == "GroupManagement", todatetime(AdditionalDetails[3].value), todatetime(AdditionalDetails[4].value)), 
+    CorrelationId
+| join kind=leftouter  (
+    AuditLogs
+        | where TimeGenerated > ago(30d)
+        | where LoggedByService == "PIM"
+        | where OperationName == "Add member to role request approved (PIM activation)"
+        | project CorrelationId, Approval = ResultDescription, Approver = Identity, Approved = Result) 
+    on CorrelationId
+| distinct TimeGenerated, Requestor, Reason, Approver, Approval, Category, Role, ResourceName, ResourceType, Start, End
\ No newline at end of file
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioned objects by day.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioned objects by day.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioned objects by day.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioned objects by day.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioning actions for the last week.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioning actions for the last week.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioning actions for the last week.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioning actions for the last week.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioning errors.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioning errors.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Audit/Provisioning errors.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Audit/Provisioning errors.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Security/Inactive Service Principals.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Security/Inactive Service Principals.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Security/Inactive Service Principals.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Security/Inactive Service Principals.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Security/Most active IP Addresses.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active IP Addresses.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Security/Most active IP Addresses.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active IP Addresses.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Security/Most active Managed Identities.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active Managed Identities.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Security/Most active Managed Identities.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active Managed Identities.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Security/Most active Service Principals.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active Service Principals.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Security/Most active Service Principals.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Security/Most active Service Principals.kql
diff --git a/Azure Services/Azure Active Directory Logs/Queries/Security/Users with multiple cities.kql b/Azure Services/Microsoft Entra ID Logs/Queries/Security/Users with multiple cities.kql
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Queries/Security/Users with multiple cities.kql
rename to Azure Services/Microsoft Entra ID Logs/Queries/Security/Users with multiple cities.kql
diff --git a/Azure Services/Azure Active Directory Logs/Workbooks/README b/Azure Services/Microsoft Entra ID Logs/Workbooks/README
similarity index 100%
rename from Azure Services/Azure Active Directory Logs/Workbooks/README
rename to Azure Services/Microsoft Entra ID Logs/Workbooks/README
diff --git a/Azure Services/Azure Active Directory/Alerts/README b/Azure Services/Microsoft Entra ID/Alerts/README
similarity index 100%
rename from Azure Services/Azure Active Directory/Alerts/README
rename to Azure Services/Microsoft Entra ID/Alerts/README
diff --git a/Azure Services/Azure Active Directory/Queries/README b/Azure Services/Microsoft Entra ID/Queries/README
similarity index 100%
rename from Azure Services/Azure Active Directory/Queries/README
rename to Azure Services/Microsoft Entra ID/Queries/README
diff --git a/Azure Services/Azure Active Directory/Workbooks/README b/Azure Services/Microsoft Entra ID/Workbooks/README
similarity index 100%
rename from Azure Services/Azure Active Directory/Workbooks/README
rename to Azure Services/Microsoft Entra ID/Workbooks/README