MFA KQL query to detect events where a user account was created more than 90 days ago, and it works as expected when run manually. However, the query doesn’t seem to work when configured in a scheduled rule

We have written an MFA KQL query to detect events where a user account was created more than 90 days ago, and it works as expected when run manually. However, the query doesn’t seem to work when configured in a scheduled rule. Could you please help us resolve this issue?

let NewUsers = IdentityInfo     | where AccountCreationTime >= ago(90d)     | summarize LatestEntry=max(TimeGenerated) by AccountUPN     | project AccountUPN; AuditLogs | where OperationName contains "User registered"     or OperationName contains "Add passkey"     or OperationName contains "User deleted"     or OperationName contains "User changed"     or OperationName contains "User updated"  | where OperationName != "User started password reset" | where Result == "success" | where ResultDescription !contains "User started" | where ResultDescription !contains "User registered all required security info"  | where ResultDescription !contains "User registered phone method" | where isnotempty(ResultDescription) | where TimeGenerated >= ago(15m) //| where ResultDescription !contains "User registered all required security info" | extend userPrincipalName_ = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName) | extend InitiatorUPN = tolower(tostring(InitiatedBy.user.userPrincipalName)) | extend FromIP = tostring(InitiatedBy.user.ipAddress)  | extend TargetUPN = tostring(TargetResources[0].userPrincipalName) | extend InitiatorID = tostring(InitiatedBy.user.id) | extend ResultDescription = strcat(ResultDescription, ".") | where TargetUPN !in (NewUsers)  | summarize     ModifiedAccounts = make_set(TargetUPN, 100),     Start = min(TimeGenerated),     End = max(TimeGenerated),     Actions = make_set(OperationName, 10)     by InitiatorID, InitiatorUPN, FromIP, ResultDescription, TargetUPN