diff --git a/queries/Shortest Paths from Owned Azure Users to Azure Keyvaults.yml b/queries/Shortest Paths from Owned Azure Users to Azure Keyvaults.yml
index 8c0e010..773ed08 100644
--- a/queries/Shortest Paths from Owned Azure Users to Azure Keyvaults.yml	
+++ b/queries/Shortest Paths from Owned Azure Users to Azure Keyvaults.yml	
@@ -7,8 +7,9 @@ category: Shortest Paths
 description: Return shortest paths from Owned Azure Users to Azure Keyvaults to check for attack vectors.
 query: |-
   MATCH p = shortestPath((n:AZUser)-[:AZ_ATTACK_PATHS*..]->(g:AZKeyVault))
-  WHERE m.system_tags CONTAINS 'owned'
+  WHERE ((n:Tag_Owned) OR COALESCE(n.system_tags, '') CONTAINS 'owned')
   RETURN p
-revision: 1
+revision: 2
 resources: 
 acknowledgements: Daniel Scheidt, @theluemmel
+
diff --git a/queries/Shortest Paths from Owned Azure Users to Azure VMs.yml b/queries/Shortest Paths from Owned Azure Users to Azure VMs.yml
index f8e86a9..e1bb37e 100644
--- a/queries/Shortest Paths from Owned Azure Users to Azure VMs.yml	
+++ b/queries/Shortest Paths from Owned Azure Users to Azure VMs.yml	
@@ -7,8 +7,9 @@ category: Shortest Paths
 description: Return shortest paths from Owned Azure Users to Azure VMs to check for attack vectors.
 query: |-
   MATCH p = shortestPath((m:AZUser)-[:AZ_ATTACK_PATHS*..]->(n:AZVM))
-  WHERE m.system_tags CONTAINS 'owned'
+  WHERE ((m:Tag_Owned) OR COALESCE(m.system_tags, '') CONTAINS 'owned')
   RETURN p
-revision: 1
+revision: 2
 resources: 
 acknowledgements: Daniel Scheidt, @theluemmel
+