MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/howto-sspr-deployment.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/howto-sspr-deployment.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/active-directory-jwt-claims-customization.md
Lines changed: 57 additions & 58 deletions b/‎articles/active-directory/develop/active-directory-jwt-claims-customization.md
Lines changed: 57 additions & 58 deletions
diff --git a/‎articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app.md
Lines changed: 12 additions & 19 deletions b/‎articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app.md
Lines changed: 12 additions & 19 deletions
diff --git a/‎articles/active-directory/fundamentals/concept-secure-remote-workers.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/concept-secure-remote-workers.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/identity-protection/concept-identity-protection-risks.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/identity-protection/concept-identity-protection-risks.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/reports-monitoring/howto-use-recommendations.md
Lines changed: 4 additions & 1 deletion b/‎articles/active-directory/reports-monitoring/howto-use-recommendations.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/app-service/app-service-configure-premium-tier.md
Lines changed: 12 additions & 20 deletions b/‎articles/app-service/app-service-configure-premium-tier.md
Lines changed: 12 additions & 20 deletions
@@ -70,7 +70,7 @@ For more information about pricing, see [Azure Active Directory pricing](https:/
 
 ### Guided walkthrough
 
-For a guided walkthrough of many of the recommendations in this article, see the [Plan your self-service password reset deployment](https://go.microsoft.com/fwlink/?linkid=2221600) guide.
+For a guided walkthrough of many of the recommendations in this article, see the [Plan your self-service password reset deployment](https://go.microsoft.com/fwlink/?linkid=2221501) guide when signed in to the Microsoft 365 Admin Center.  To review best practices without signing in and activating automated setup features, go to the [M365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2221600).
 
 ### Training resources
 
 
@@ -144,6 +144,7 @@ Run the install commands.
 
 ```dotnetcli
 dotnet add package Microsoft.Identity.Web.MicrosoftGraph
+dotnet add package Microsoft.Graph
 ```
 
 #### Package Manager Console
@@ -153,6 +154,7 @@ Open the project/solution in Visual Studio, and open the console by using the **
 Run the install commands.
 ```powershell
 Install-Package Microsoft.Identity.Web.MicrosoftGraph
+Install-Package Microsoft.Graph
 ```
 
 ### Example
@@ -162,9 +164,9 @@ using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using Azure.Identity;
-using Microsoft.Graph.Core;
-using System.Net.Http.Headers;
+using Microsoft.Extensions.Logging;
+using Microsoft.Graph;
+using Azure.Identity;
 
 ...
 
@@ -178,27 +180,18 @@ public async Task OnGetAsync()
     var credential = new ChainedTokenCredential(
         new ManagedIdentityCredential(),
         new EnvironmentCredential());
-    var token = credential.GetToken(
-        new Azure.Core.TokenRequestContext(
-            new[] { "https://graph.microsoft.com/.default" }));
 
-    var accessToken = token.Token;
-    var graphServiceClient = new GraphServiceClient(
-        new DelegateAuthenticationProvider((requestMessage) =>
-        {
-            requestMessage
-            .Headers
-            .Authorization = new AuthenticationHeaderValue("bearer", accessToken);
+    string[] scopes = new[] { "https://graph.microsoft.com/.default" };
 
-            return Task.CompletedTask;
-        }));
+    var graphServiceClient = new GraphServiceClient(
+        credential, scopes);
 
-    // MSGraphUser is a DTO class being used to hold User information from the graph service client call
     List<MSGraphUser> msGraphUsers = new List<MSGraphUser>();
     try
     {
-        var users =await graphServiceClient.Users.Request().GetAsync();
-        foreach(var u in users)
+        //var users = await graphServiceClient.Users.Request().GetAsync();
+        var users = await graphServiceClient.Users.GetAsync();
+        foreach (var u in users.Value)
         {
             MSGraphUser user = new MSGraphUser();
             user.userPrincipalName = u.UserPrincipalName;
@@ -209,7 +202,7 @@ public async Task OnGetAsync()
             msGraphUsers.Add(user);
         }
     }
-    catch(Exception ex)
+    catch (Exception ex)
     {
         string msg = ex.Message;
     }
 
@@ -34,7 +34,7 @@ This guide assumes that your cloud only or hybrid identities have been establish
 
 ### Guided walkthrough
 
-For a guided walkthrough of many of the recommendations in this article, see the [Set up Azure AD](https://go.microsoft.com/fwlink/?linkid=2221308) guide.
+For a guided walkthrough of many of the recommendations in this article, see the [Set up Azure AD](https://go.microsoft.com/fwlink/?linkid=2224193) guide when signed in to the Microsoft 365 Admin Center.  To review best practices without signing in and activating automated setup features, go to the [M365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2221308).
 
 ## Guidance for Azure AD Free, Office 365, or Microsoft 365 customers.
 
 
@@ -68,6 +68,7 @@ Premium detections are visible only to Azure AD Premium P2 customers. Customers
 | Activity from anonymous IP address | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/cloud-app-security/anomaly-detection-policy#activity-from-anonymous-ip-addresses). This detection identifies that users were active from an IP address that has been identified as an anonymous proxy IP address. |
 | Suspicious inbox forwarding | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/cloud-app-security/anomaly-detection-policy#suspicious-inbox-forwarding). This detection looks for suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address. |
 | Mass Access to Sensitive Files | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/defender-cloud-apps/investigate-anomaly-alerts#unusual-file-access-by-user). This detection looks at your environment and triggers alerts when users access multiple files from Microsoft SharePoint or Microsoft OneDrive. An alert is triggered only if the number of accessed files is uncommon for the user and the files might contain sensitive information|
+| Verified threat actor IP | Real-time | This risk detection type indicates sign-in activity that is consistent with known IP addresses associated with nation state actors or cyber crime groups, based on Microsoft Threat Intelligence Center (MSTIC).|
 
 #### Nonpremium sign-in risk detections
 
 
@@ -72,6 +72,9 @@ Each recommendation provides the same set of details that explain what the recom
 
 - The **Impacted resources** table contains a list of resources identified by the recommendation. The resource's name, ID, date it was first detected, and status are provided. The resource could be an application or resource service principal, for example. 
 
+> [!NOTE]
+> In the Azure portal the impacted resources are limited to a maximum of 50 resources. To view more resources, you should use the expand query parameter at the end of your API query on Microsoft graph. For example: Get: https://graph.microsoft.com/beta/directory/recommendations?$expand=impactedResources
+
 ## How to update a recommendation
 
 To update the status of a recommendation or a related resource, sign in to Azure using a least-privileged role for updating a recommendation.
@@ -136,4 +139,4 @@ For more information, see the [Microsoft Graph documentation for recommendations
 ## Next steps
 
 - [Review the Azure AD recommendations overview](overview-recommendations.md)
-- [Learn about Service Health notifications](overview-service-health-notifications.md)
+- [Learn about Service Health notifications](overview-service-health-notifications.md)
@@ -4,29 +4,26 @@ description: Learn how to better performance for your web, mobile, and API app i
 keywords: app service, azure app service, scale, scalable, app service plan, app service cost
 ms.assetid: ff00902b-9858-4bee-ab95-d3406018c688
 ms.topic: article
-ms.date: 03/21/2022
+ms.date: 04/06/2023
 ms.custom: seodec18, devx-track-azurecli, devx-track-azurepowershell
 
 ---
 
 # Configure PremiumV3 tier for Azure App Service
 
-The new **PremiumV3** pricing tier gives you faster processors, SSD storage, and quadruple the memory-to-core ratio of the existing pricing tiers (double the **PremiumV2** tier). With the performance advantage, you could save money by running your apps on fewer instances. In this article, you learn how to create an app in **PremiumV3** tier or scale up an app to **PremiumV3** tier.
+The new **PremiumV3** pricing tier gives you faster processors, SSD storage, memory-optimized options, and quadruple the memory-to-core ratio of the existing pricing tiers (double the **PremiumV2** tier). With the performance and memory advantage, you could save money by running your apps on fewer instances. In this article, you learn how to create an app in **PremiumV3** tier or scale up an app to **PremiumV3** tier.
 
 ## Prerequisites
 
-To scale-up an app to **PremiumV3**, you need to have an Azure App Service app that runs in a pricing tier lower than **PremiumV3**, and the app must be running in an App Service deployment that supports PremiumV3.
+To scale-up an app to **PremiumV3**, you need to have an Azure App Service app that runs in a pricing tier lower than **PremiumV3**, and the app must be running in an App Service deployment that supports **PremiumV3**. Additionally the App Service deployment must support the desired SKU within **PremiumV3**.
 
 <a name="availability"></a>
 
 ## PremiumV3 availability
 
 The **PremiumV3** tier is available for both native and custom containers, including both Windows containers and Linux containers.
 
-> [!NOTE]
-> Any Windows containers running in the **Premium Container** tier during the preview period continue to function as is, but the **Premium Container** tier will continue to remain in preview. The **PremiumV3** tier is the official replacement for the **Premium Container** tier. 
-
-**PremiumV3** is available in some Azure regions and availability in additional regions is being added continually. To see if it's available in your region, run the following Azure CLI command in the [Azure Cloud Shell](../cloud-shell/overview.md):
+**PremiumV3** as well as specific **PremiumV3** SKUs are available in some Azure regions and availability in additional regions is being added continually. To see if a specific **PremiumV3** offering is available in your region, run the following Azure CLI command in the [Azure Cloud Shell](../cloud-shell/overview.md) (substitute _P1v3_ with the desired SKU):
 
 ```azurecli-interactive
 az appservice list-locations --sku P1V3
@@ -40,16 +37,16 @@ The pricing tier of an App Service app is defined in the [App Service plan](over
 
 When configuring the App Service plan in the <a href="https://portal.azure.com" target="_blank">Azure portal</a>, select **Pricing tier**. 
 
-Select **Production**, then select **P1V3**, **P2V3**, or **P3V3**, then click **Apply**.
+Select **Production**, then select **P0V3**, **P1V3**, **P2V3**, **P3V3**, **P1mV3**, **P2mV3**, **P3mV3**, **P4mV3**, or **P5mV3**, then click **Apply**.
 
 ![Screenshot showing the recommended pricing tiers for your app.](media/app-service-configure-premium-tier/scale-up-tier-select.png)
 
 > [!IMPORTANT] 
-> If you don't see **P1V3**, **P2V3**, and **P3V3** as options, or if the options are greyed out, then **PremiumV3** likely isn't available in the underlying App Service deployment that contains the App Service plan. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
+> If you don't see any of **P0V3**, **P1V3**, **P2V3**, **P3V3**, **P1mV3**, **P2mV3**, **P3mV3**, **P4mV3**, and **P5mV3** as options, or if some options are greyed out, then either **PremiumV3** or an individual SKU within **PremiumV3** isn't available in the underlying App Service deployment that contains the App Service plan. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
 
 ## Scale up an existing app to PremiumV3 tier
 
-Before scaling an existing app to **PremiumV3** tier, make sure that **PremiumV3** is available. For information, see [PremiumV3 availability](#availability). If it's not available, see [Scale up from an unsupported resource group and region combination](#unsupported).
+Before scaling an existing app to **PremiumV3** tier, make sure that both **PremiumV3** as well as the specific SKU within **PremiumV3** are available. For information, see [PremiumV3 availability](#availability). If it's not available, see [Scale up from an unsupported resource group and region combination](#unsupported).
 
 Depending on your hosting environment, scaling up may require extra steps. 
 
@@ -59,7 +56,7 @@ In the left navigation of your App Service app page, select **Scale up (App Serv
 
 ![Screenshot showing how to scale up your app service plan.](media/app-service-configure-premium-tier/scale-up-tier-portal.png)
 
-Select **Production**, then select **P1V3**, **P2V3**, or **P3V3**, then click **Apply**.
+Select **Production**, then select **P0V3**, **P1V3**, **P2V3**, **P3V3**, **P1mV3**, **P2mV3**, **P3mV3**, **P4mV3**, or **P5mV3**, then click **Apply**.
 
 ![Screenshot showing the recommended pricing tiers for your app.](media/app-service-configure-premium-tier/scale-up-tier-select.png)
 
@@ -69,33 +66,28 @@ If your operation finishes successfully, your app's overview page shows that it'
 
 ### If you get an error
 
-Some App Service plans can't scale up to the PremiumV3 tier if the underlying App Service deployment doesn’t support PremiumV3. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
+Some App Service plans can't scale up to the **PremiumV3** tier, or to a newer SKU within **PremiumV3**, if the underlying App Service deployment doesn’t support the requested **PremiumV3** SKU. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
 
 <a name="unsupported"></a>
 
 ## Scale up from an unsupported resource group and region combination
 
-If your app runs in an App Service deployment where **PremiumV3** isn't available, or if your app runs in a region that currently does not support **PremiumV3**, you need to re-deploy your app to take advantage of **PremiumV3**.  You have two options:
+If your app runs in an App Service deployment where **PremiumV3** isn't available, or if your app runs in a region that currently does not support **PremiumV3**, you need to re-deploy your app to take advantage of **PremiumV3**. Alternatively newer **PremiumV3** SKUs may not be available, in which case you also need to re-deploy your app to take advantage of newer SKUs within **PremiumV3**. You have two options:
 
-- Create an app in a new resource group and with a new App Service plan. When creating the App Service plan, select a **PremiumV3** tier. This step ensures that the App Service plan is deployed into a deployment unit that supports **PremiumV3**. Then, redeploy your application code into the newly created app. Even if you scale the App Service plan down to a lower tier to save costs, you can always scale back up to **PremiumV3** because the deployment unit supports it.
+- Create an app in a new resource group and with a new App Service plan. When creating the App Service plan, select the desired **PremiumV3** tier. This step ensures that the App Service plan is deployed into a deployment unit that supports **PremiumV3** as well as the specific SKU within **PremiumV3**. Then, redeploy your application code into the newly created app. Even if you scale the new App Service plan down to a lower tier to save costs, you can always scale back up to **PremiumV3** and the desired SKU within **PremiumV3** because the deployment unit supports it.
 - If your app already runs in an existing **Premium** tier, then you can clone your app with all app settings, connection strings, and deployment configuration into a new resource group on a new app service plan that uses **PremiumV3**.
 
     ![Screenshot showing how to clone your app.](media/app-service-configure-premium-tier/clone-app.png)
 
     In the **Clone app** page, you can create an App Service plan using **PremiumV3** in the region you want, and specify the app settings and configuration that you want to clone.
 
-
-## Moving from Premium Container to Premium V3 SKU
-
-The Premium Container SKU will be retired on **30th June 2022**.  You should move your applications to the **Premium V3 SKU** ahead of this date. Use the clone functionality in the Azure App Service CLI experience to [move your application from your Premium Container App Service Plan to a new Premium V3 App Service plan](https://aka.ms/pcsku). 
-
 ## Automate with scripts
 
 You can automate app creation in the **PremiumV3** tier with scripts, using the [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/).
 
 ### Azure CLI
 
-The following command creates an App Service plan in _P1V3_. You can run it in the Cloud Shell. The options for `--sku` are P1V3, _P2V3_, and _P3V3_.
+The following command creates an App Service plan in _P1V3_. You can run it in the Cloud Shell. The options for `--sku` are _P0V3_, _P1V3_, _P2V3_, _P3V3_, _P1mV3_, _P2mV3_, _P3mV3_, _P4mV3_, and _P5mV3_.
 
 ```azurecli-interactive
 az appservice plan create \