20210601 1707 resolve merge conflict

MicrosoftDocs · Jun 2, 2021 · b4219dd · b4219dd
2 parents 9ab487e + 75767f1
commit b4219dd
Show file tree

Hide file tree

Showing 354 changed files with 2,690 additions and 1,147 deletions.
diff --git a/azure-sql/accelerated-database-recovery.md b/azure-sql/accelerated-database-recovery.md
@@ -3,13 +3,13 @@ title: Accelerated database recovery
 titleSuffix: Azure SQL 
 description: Accelerated database recovery provides fast and consistent database recovery, instantaneous transaction rollback, and aggressive log truncation for databases in the Azure SQL portfolio. 
 ms.service: sql-database
-ms.subservice: high-availability
+ms.subservice: backup-restore
 ms.custom: sqldbrb=4
 ms.devlang: 
 ms.topic: conceptual
-author: stevestein
-ms.author: sstein
-ms.reviewer: 
+author: kfarlee
+ms.author: kfarlee
+ms.reviewer: mathoma
 ms.date: 05/19/2020
 ---
 # Accelerated Database Recovery in Azure SQL 

diff --git a/azure-sql/azure-hybrid-benefit.md b/azure-sql/azure-hybrid-benefit.md
@@ -4,11 +4,11 @@ titleSuffix: Azure SQL Database & SQL Managed Instance
 description: Use existing SQL Server licenses for Azure SQL Database and SQL Managed Instance discounts.
 services: sql-database
 ms.service: sql-db-mi
-ms.subservice: features
+ms.subservice: service-overview
 ms.custom: sqldbrb=4
 ms.topic: conceptual
-author: stevestein
-ms.author: sstein
+author: MashaMSFT
+ms.author: mathoma
 ms.reviewer: sashan, moslake
 ms.date: 02/16/2021
 ---

diff --git a/azure-sql/azure-sql-iaas-vs-paas-what-is-overview.md b/azure-sql/azure-sql-iaas-vs-paas-what-is-overview.md
@@ -3,13 +3,13 @@ title: "What is Azure SQL?"
 description: "Learn about the different options within the Azure SQL family of services: Azure SQL Database, Azure SQL Managed Instance, and SQL Server on Azure VM." 
 services: sql-database
 ms.service: sql-database
-ms.subservice: service
+ms.subservice: service-overview
 ms.custom: sqldbrb=4
 ms.devlang: 
 ms.topic: overview
 keywords: SQL Server cloud, SQL Server in the cloud, PaaS database, cloud SQL Server, DBaaS, IaaS
-author: stevestein
-ms.author: sstein
+author: MashaMSFT
+ms.author: mathoma
 ms.reviewer: 
 ms.date: 07/27/2020
 ---

diff --git a/azure-sql/database/active-geo-replication-configure-portal.md b/azure-sql/database/active-geo-replication-configure-portal.md
@@ -7,9 +7,9 @@ ms.subservice: high-availability
 ms.custom: sqldbrb=1
 ms.devlang: 
 ms.topic: tutorial
-author: anosov1960
-ms.author: sashan
-ms.reviewer: mathoma, sstein
+author: BustosMSFT
+ms.author: robustos
+ms.reviewer: mathoma
 ms.date: 02/13/2019
 ---
 # Tutorial: Configure active geo-replication and failover in the Azure portal (Azure SQL Database)

diff --git a/azure-sql/database/active-geo-replication-overview.md b/azure-sql/database/active-geo-replication-overview.md
@@ -7,9 +7,9 @@ ms.subservice: high-availability
 ms.custom: sqldbrb=1
 ms.devlang: 
 ms.topic: conceptual
-author: anosov1960
-ms.author: sashan
-ms.reviewer: mathoma, sstein
+author: BustosMSFT
+ms.author: robustos
+ms.reviewer: mathoma
 ms.date: 04/28/2021
 ---
 
@@ -19,8 +19,11 @@ ms.date: 04/28/2021
 Active geo-replication is an Azure SQL Database feature that allows you to create readable secondary databases of individual databases on a server in the same or different data center (region).
 
 > [!NOTE]
-> Active geo-replication for Azure SQL Hyperscale [is now in public preview](https://aka.ms/hsgeodr). Current limitations include: only one geo-secondary in the same or a different region, only forced failover supported, restore database from geo-secondary not supported, using a geo-secondary as the source database for Database Copy, or as the primary for another geo-secondary is not supported.
-
+> Active geo-replication for Azure SQL Hyperscale is [now in public preview](https://aka.ms/hsgeodr). Current limitations include: only one geo-secondary in the same or a different region, forced and planned failover not currently supported, restore database from geo-secondary not supported, using a geo-secondary as the source database for Database Copy, or as the primary for another geo-secondary is not supported.
+> In the case you need to make the geo secondary writable, you can do so by breaking the geo-replication link with the steps below:
+> 1. Make the secondary database a read-write standalone database using the cmdlet [Remove-AzSqlDatabaseSecondary](/powershell/module/az.sql/remove-azsqldatabasesecondary). Any data changes committed to the primary but not yet replicated to the secondary will be lost. These changes could be recovered when the old primary is available, or in some cases by restoring the old primary to the latest available point in time.
+> 2. If the old primary is available, delete it, then set up geo-replication for the new primary (a new secondary will be seeded). 
+> 3. Update connection strings in your application accordingly.
 
 > [!NOTE]
 > Active geo-replication is not supported by Azure SQL Managed Instance. For geographic failover of instances of SQL Managed Instance, use [Auto-failover groups](auto-failover-group-overview.md).

diff --git a/azure-sql/database/active-geo-replication-security-configure.md b/azure-sql/database/active-geo-replication-security-configure.md
@@ -7,9 +7,9 @@ ms.subservice: high-availability
 ms.custom: sqldbrb=1
 ms.devlang: 
 ms.topic: how-to
-author: anosov1960
-ms.author: sashan
-ms.reviewer: mathoma, sstein
+author: BustosMSFT
+ms.author: robustos
+ms.reviewer: mathoma
 ms.date: 12/18/2018
 ---
 # Configure and manage Azure SQL Database security for geo-restore or failover

diff --git a/azure-sql/database/adonet-v12-develop-direct-route-ports.md b/azure-sql/database/adonet-v12-develop-direct-route-ports.md
@@ -7,9 +7,9 @@ ms.subservice: development
 ms.custom: "sqldbrb=1, devx-track-dotnet"
 ms.devlang:
 ms.topic: reference
-author: stevestein
-ms.author: sstein
-ms.reviewer: genemi
+author: VanMSFT
+ms.author: vanto
+ms.reviewer: mathoma
 ms.date: 06/11/2020
 ---
 # Ports beyond 1433 for ADO.NET 4.5

diff --git a/azure-sql/database/advance-notifications.md b/azure-sql/database/advance-notifications.md
@@ -3,13 +3,13 @@ title: Advance notifications (Preview) for planned maintenance events
 description: Get notification before planned maintenance for Azure SQL Database.
 services: sql-database
 ms.service: sql-db-mi
-ms.subservice: service
+ms.subservice: service-overview
 ms.custom: 
 ms.devlang: 
 ms.topic: how-to
-author: stevestein
-ms.author: sstein
-ms.reviewer: 
+author: scott-kim-sql
+ms.author: scottkim
+ms.reviewer: mathoma
 ms.date: 03/02/2021
 ---
 # Advance notifications for planned maintenance events (Preview)

diff --git a/azure-sql/database/alerts-insights-configure-portal.md b/azure-sql/database/alerts-insights-configure-portal.md
@@ -7,9 +7,9 @@ ms.subservice: performance
 ms.custom: sqldbrb=1
 ms.devlang: 
 ms.topic: how-to
-author: aamalvea
-ms.author: aamalvea
-ms.reviewer: wiassaf, sstein
+author: AlainDormehlMSFT
+ms.author: aldorme
+ms.reviewer: mathoma, wiassaf
 ms.date: 05/04/2020
 ---
 # Create alerts for Azure SQL Database and Azure Synapse Analytics using the Azure portal

diff --git a/azure-sql/database/always-encrypted-azure-key-vault-configure.md b/azure-sql/database/always-encrypted-azure-key-vault-configure.md
@@ -5,7 +5,7 @@ keywords: data encryption, encryption key, cloud encryption
 services: sql-database
 ms.service: sql-database
 ms.subservice: security
-ms.custom: sqldbrb=1, devx-track-azurecli
+ms.custom: sqldbrb=1, devx-track-azurecli, devx-track-azurepowershell
 ms.devlang: 
 ms.topic: how-to
 author: VanMSFT

diff --git a/azure-sql/database/always-encrypted-enclaves-configure-attestation.md b/azure-sql/database/always-encrypted-enclaves-configure-attestation.md
@@ -10,7 +10,8 @@ ms.topic: how-to
 author: jaszymas
 ms.author: jaszymas
 ms.reviwer: vanto
-ms.date: 01/15/2021
+ms.date: 05/01/2021 
+ms.custom: devx-track-azurepowershell
 ---
 
 # Configure Azure Attestation for your Azure SQL logical server
@@ -26,19 +27,11 @@ To use Azure Attestation for attesting Intel SGX enclaves used for [Always Encry
 
 1. Create an [attestation provider](../../attestation/basic-concepts.md#attestation-provider) and configure it with the recommended attestation policy.
 
-2. Grant your Azure SQL logical server access to your attestation provider.
+2. Determine the attestation URL and share it with application administrators.
 
 > [!NOTE]
 > Configuring attestation is the responsibility of the attestation administrator. See [Roles and responsibilities when configuring SGX enclaves and attestation](always-encrypted-enclaves-plan.md#roles-and-responsibilities-when-configuring-sgx-enclaves-and-attestation).
 
-## Requirements
-
-The Azure SQL logical server and the attestation provider must belong to the same Azure Active Directory tenant. Cross-tenant interactions aren't supported. 
-
-The Azure SQL logical server must have an Azure AD identity assigned to it. As the attestation administrator you need to obtain the Azure AD identity of the server from the Azure SQL Database administrator for that server. You will use the identity to grant the server access to the attestation provider. 
-
-For instructions on how to create a server with an identity or assign an identity to an existing server using PowerShell and Azure CLI, see [Assign an Azure AD identity to your server](transparent-data-encryption-byok-configure.md#assign-an-azure-active-directory-azure-ad-identity-to-your-server).
-
 ## Create and configure an attestation provider
 
 An [attestation provider](../../attestation/basic-concepts.md#attestation-provider) is a resource in Azure Attestation that evaluates [attestation requests](../../attestation/basic-concepts.md#attestation-request) against [attestation policies](../../attestation/basic-concepts.md#attestation-request) and issues [attestation tokens](../../attestation/basic-concepts.md#attestation-token). 
@@ -87,62 +80,21 @@ For instructions for how to create an attestation provider and configure with an
 
 ## Determine the attestation URL for your attestation policy
 
-After you've configured an attestation policy, you need to share the attestation URL, referencing the policy, administrators of applications that use Always Encrypted with secure enclaves in Azure SQL Database. Application administrators or/and application users will need to configure their apps with the attestation URL, so that they can run statements that use secure enclaves.
-
-### Use PowerShell to determine the attestation URL
-
-Use the following script to determine your attestation URL:
-
-```powershell
-$attestationProvider = Get-AzAttestation -Name $attestationProviderName -ResourceGroupName $attestationResourceGroupName 
-$attestationUrl = $attestationProvider.AttestUri + "/attest/SgxEnclave"
-Write-Host "Your attestation URL is: " $attestationUrl 
-```
+After you've configured an attestation policy, you need to share the attestation URL with administrators of applications that use Always Encrypted with secure enclaves in Azure SQL Database. The attestation URL is the `Attest URI` of the attestation provider containing the attestation policy, which looks like this: `https://MyAttestationProvider.wus.attest.azure.net`.
 
 ### Use Azure portal to determine the attestation URL
 
-1. In the Overview pane for your attestation provider, copy the value of the Attest URI property to clipboard. An Attest URI should look like this: `https://MyAttestationProvider.us.attest.azure.net`.
-
-2. Append the following to the Attest URI: `/attest/SgxEnclave`. 
-
-The resulting attestation URL should look like this: `https://MyAttestationProvider.us.attest.azure.net/attest/SgxEnclave`
-
-## Grant your Azure SQL logical server access to your attestation provider
+In the Overview pane for your attestation provider, copy the value of the `Attest URI` property to clipboard. 
 
-During the attestation workflow, the Azure SQL logical server containing your database calls the attestation provider to submit an attestation request. For the Azure SQL logical server to be able to submit attestation requests, the server must have a permission for the `Microsoft.Attestation/attestationProviders/attestation/read` action on the attestation provider. The recommended way to grant the permission is for the administrator of the attestation provider to assign the Azure AD identity of the server to the Attestation Reader role for the attestation provider, or its containing resource group.
-
-### Use Azure portal to assign permission
-
-To assign the identity of an Azure SQL server to the Attestation Reader role for an attestation provider, follow the general instructions in [Assign Azure roles using the Azure portal](../../role-based-access-control/role-assignments-portal.md). When you are in the **Add role assignment** pane:
-
-1. In the **Role** drop-down, select the **Attestation Reader** role.
-1. In the **Select** field, enter the name of your Azure SQL server to search for it.
-
-See the below screenshot for an example.
-
-![attestation reader role assignment](./media/always-encrypted-enclaves/attestation-provider-role-assigment.png)
-
-> [!NOTE]
-> For a server to show up in the **Add role assignment** pane, the server must have an Azure AD identity assigned - see [Requirements](#requirements).
-
-### Use PowerShell to assign permission
-
-1. Find your Azure SQL logical server.
+### Use PowerShell to determine the attestation URL
 
-```powershell
-$serverResourceGroupName = "<server resource group name>"
-$serverName = "<server name>" 
-$server = Get-AzSqlServer -ServerName $serverName -ResourceGroupName $serverResourceGroupName 
-```
-
-2. Assign the server to the Attestation Reader role for the resource group containing your attestation provider.
+Use the `Get-AzAttestation` cmdlet to retrieve the attestation provider properties, including AttestURI.
 
 ```powershell
-$attestationResourceGroupName = "<attestation provider resource group name>"
-New-AzRoleAssignment -ObjectId $server.Identity.PrincipalId -RoleDefinitionName "Attestation Reader" -ResourceGroupName $attestationResourceGroupName
+Get-AzAttestation -Name $attestationProviderName -ResourceGroupName $attestationResourceGroupName
 ```
 
-For more information, see [Assign Azure roles using Azure PowerShell](../../role-based-access-control/role-assignments-powershell.md#assign-role-examples).
+For more information, see [Create and manage an attestation provider](../../attestation/quickstart-powershell.md#create-and-manage-an-attestation-provider).
 
 ## Next Steps