Update serviceprincipalriskdetection.md

JarbasHorst · web-flow · commit ba21524ff000 · 2024-10-16T08:28:29.000+02:00
diff --git a/api-reference/beta/resources/serviceprincipalriskdetection.md b/api-reference/beta/resources/serviceprincipalriskdetection.md
@@ -44,7 +44,7 @@ For more information about risk events, see [Microsoft Entra ID Protection](/azu
 |lastUpdatedDateTime|DateTimeOffset|Date and time when the risk detection was last updated.|
 |location|[signInLocation](signinlocation.md)|Location from where the sign-in was initiated. |
 |requestId|String|Request identifier of the sign-in activity associated with the risk detection. This property is `null` if the risk detection isn't associated with a sign-in activity. Supports `$filter` (`eq`).|
-|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned `hidden`. <br/>The possible values are: `none`, `hidden`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license are returned `hidden`. <br/>The possible values are: `none`, `hidden`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
 |riskEventType|String|The type of risk event detected. The possible values are: `investigationsThreatIntelligence`, `generic`, `adminConfirmedServicePrincipalCompromised`, `suspiciousSignins`, `leakedCredentials`, `anomalousServicePrincipalActivity`, `maliciousApplication`, `suspiciousApplication`, `suspiciousAPITraffic`.|
 |riskLevel|riskLevel|Level of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license are returned `hidden`. The possible values are: `low`, `medium`, `high`, `hidden`, `none`.|
 |riskState|riskState|The state of a detected risky service principal or sign-in activity. The possible values are: `none`, `dismissed`, `atRisk`, `confirmedCompromised`.|
