Fixes basedon Shain's feedback

Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.kql

@@ -6,12 +6,9 @@ description: |
   To further reduce results the query performs a prevalence check on the lowest used IP's country, only keeping IP's where the country is unusual for the tenant (dynamic ranges)
   Finally the user accounts activity within Teams logs is checked for suspicious commands (modifying user privilages or admin actions) during the period the suspicious IP was active.'
 requiredDataConnectors:
-  - connectorId: AzureActiveDirectory
+  - connectorId: Office365
     dataTypes:
-      - SigninLogs
-  - connectorId: CustomConnector
-    dataTypes:
-      - TeamsData
+      - OfficeActivity
 tactics:
   - InitialAccess
   - Persistance
@@ -105,4 +102,4 @@ query: |
   //Filter on suspicious actions
   | extend activitySummary = pack(tostring(StartTime), pack("Operation",tostring(Operation), "OperationTime", OperationTime))
   | summarize make_bag(activitySummary) by UserPrincipalName, SuspiciousIP, SuspiciousLoginCountry, SuspiciousCountryPrevalence
-  | extend IPCustomEntity = SuspiciousIP, AccountCustomEntity = UserPrincipalName
+  | extend IPCustomEntity = SuspiciousIP, AccountCustomEntity = UserPrincipalName