From 579d2f30643a16eb8fc1e04ada63ad7fff9e2718 Mon Sep 17 00:00:00 2001
From: Michalis Michalos <mmihalos@gmail.com>
Date: Tue, 29 Jul 2025 08:57:54 +0300
Subject: [PATCH] Update query-enterprise-exposure-graph.md

In the *Show all users logged in to more than one critical device* query provided, while it is described that results should provide devices with criticality above 4, the condition in the query is wrong (< instead of >).
---
 exposure-management/query-enterprise-exposure-graph.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exposure-management/query-enterprise-exposure-graph.md b/exposure-management/query-enterprise-exposure-graph.md
index c2a23cabca..49de49cb64 100644
--- a/exposure-management/query-enterprise-exposure-graph.md
+++ b/exposure-management/query-enterprise-exposure-graph.md
@@ -205,7 +205,7 @@ This query results in a list of users logged into more than one critical device,
 let IdentitiesAndCriticalDevices = ExposureGraphNodes
 | where
  // Critical Device
- (set_has_element(Categories, "device") and isnotnull(NodeProperties.rawData.criticalityLevel) and NodeProperties.rawData.criticalityLevel.criticalityLevel < 4)
+ (set_has_element(Categories, "device") and isnotnull(NodeProperties.rawData.criticalityLevel) and NodeProperties.rawData.criticalityLevel.criticalityLevel > 4)
  // or identity
  or set_has_element(Categories, "identity");
 ExposureGraphEdges