diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index c3fb5b0a6075..ea1ca4f7a75e 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -36,6 +36,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Filebeat*
 
+- [Azure Logs] Fix authentication_processing_details parsing in sign-in logs. {issue}34330[34330] {pull}34478[34478]
 
 
 *Heartbeat*
diff --git a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml
index 04d614ed132d..3a34337f35a6 100644
--- a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml
+++ b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml
@@ -174,20 +174,16 @@ processors:
       field:
         - azure.signinlogs.properties.location
       ignore_missing: true
-  - foreach:
-      field: azure.signinlogs.properties.authentication_processing_details
-      ignore_missing: true
-      processor:
-        set:
-          field: '_tmp.{{{_ingest._value.key}}}'
-          copy_from: _ingest._value.value
-  - set:
-      if: ctx?._tmp != null
-      field: azure.signinlogs.properties.authentication_processing_details
-      copy_from: _tmp
-  - remove:
-      field: _tmp
-      ignore_missing: true
+  - script:
+      description: "Turns the authentication_processing_details array elements into key/value pairs. For example, the array element ``{key: 'key1', value: 'value1'}`` becomes ``{key1: 'value1'}``."
+      lang: painless
+      source: |
+        def tmp = [:];
+        for (item in ctx.azure.signinlogs.properties.authentication_processing_details) {
+            tmp[item.key] = item.value;
+        }
+        ctx.azure.signinlogs.properties.authentication_processing_details = tmp;
+      if: ctx.azure?.signinlogs?.properties?.authentication_processing_details != null && ctx.azure.signinlogs.properties.authentication_processing_details instanceof List
   - set:
       field: event.kind
       value: event