diff --git a/src/pentesting-cloud/azure-security/az-device-registration.md b/src/pentesting-cloud/azure-security/az-device-registration.md
index 91771070a..bac04d6c2 100644
--- a/src/pentesting-cloud/azure-security/az-device-registration.md
+++ b/src/pentesting-cloud/azure-security/az-device-registration.md
@@ -95,7 +95,7 @@ and then PATCH the information of the searchableDeviceKey:
 It's possible to get an access token from a user via **device code phishing** and abuse the previous steps to **steal his access**. For more information check:
 
 {{#ref}}
-az-lateral-movement-cloud-on-prem/az-phishing-primary-refresh-token-microsoft-entra.md
+az-lateral-movement-cloud-on-prem/az-primary-refresh-token-prt.md
 {{#endref}}
 
 <figure><img src="../../images/image (37).png" alt=""><figcaption></figcaption></figure>