Thanks for posting a good question!
Apologies for the delay.
If I understand your question correctly. While notifying Microsoft of pen testing activities is no longer required users must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.
You may refer this document from Qualys which outlines detailed information about the requirement/POC.
Note: This post contains a third-party site for your reference & convenience to you only and is not controlled by Microsoft.
You can use this reference guide if your Website is hosted on Azure App Service with Security Center
If you have any further questions, please let us know we would be happy to assist you.