Merge pull request #116229 from MashaMSFT/fix3

rmca14 · web-flow · commit 2803ce5b0535 · 2020-05-22T14:15:34.000-07:00
fixing things
diff --git a/articles/azure-sql/database/always-encrypted-azure-key-vault-configure.md b/articles/azure-sql/database/always-encrypted-azure-key-vault-configure.md
@@ -14,15 +14,15 @@ ms.reviewer:
 ms.date: 04/23/2020
 ---
 # Configure Always Encrypted using Azure Key Vault 
-[!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
+[!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb-sqlmi.md)]
 
-This article shows you how to secure sensitive data in Azure SQL Database with data encryption using the [Always Encrypted Wizard](/sql/relational-databases/security/encryption/always-encrypted-wizard) in [SQL Server Management Studio (SSMS)](/sql/ssms/sql-server-management-studio-ssms). It also includes instructions that will show you how to store each encryption key in Azure Key Vault.
+This article shows you how to secure sensitive data for your database in Azure SQL Database or Azure SQL Managed Instance with data encryption using the [Always Encrypted Wizard](/sql/relational-databases/security/encryption/always-encrypted-wizard) in [SQL Server Management Studio (SSMS)](/sql/ssms/sql-server-management-studio-ssms). It also includes instructions that will show you how to store each encryption key in Azure Key Vault.
 
 Always Encrypted is a data encryption technology that helps protect sensitive data at rest on the server, during movement between client and server, and while the data is in use. Always Encrypted ensures that sensitive data never appears as plaintext inside the database system. After you configure data encryption, only client applications or app servers that have access to the keys can access plaintext data. For detailed information, see [Always Encrypted (Database Engine)](https://msdn.microsoft.com/library/mt163865.aspx).
 
 After you configure the database to use Always Encrypted, you will create a client application in C# with Visual Studio to work with the encrypted data.
 
-Follow the steps in this article and learn how to set up Always Encrypted for Azure SQL Database. In this article you will learn how to perform the following tasks:
+Follow the steps in this article and learn how to set up Always Encrypted for your database in Azure SQL Database or SQL Managed Instance. In this article you will learn how to perform the following tasks:
 
 - Use the Always Encrypted wizard in SSMS to create [Always Encrypted keys](https://msdn.microsoft.com/library/mt163865.aspx#Anchor_3).
   - Create a [column master key (CMK)](https://msdn.microsoft.com/library/mt146393.aspx).
@@ -34,14 +34,15 @@ Follow the steps in this article and learn how to set up Always Encrypted for Az
 
 
 - An Azure account and subscription. If you don't have one, sign up for a [free trial](https://azure.microsoft.com/pricing/free-trial/).
+- A database in [Azure SQL Database](single-database-create-quickstart.md) or [Azure SQL Managed Instance](../managed-instance/instance-create-quickstart.md).
 - [SQL Server Management Studio](https://msdn.microsoft.com/library/mt238290.aspx) version 13.0.700.242 or later.
 - [.NET Framework 4.6](https://msdn.microsoft.com/library/w0x726c2.aspx) or later (on the client computer).
 - [Visual Studio](https://www.visualstudio.com/downloads/download-visual-studio-vs.aspx).
 - [Azure PowerShell](/powershell/azure/overview) or [Azure CLI](/cli/azure/install-azure-cli)
 
-## Enable your client application to access SQL Database 
+## Enable client application access
 
-You must enable your client application to access SQL Database by setting up an Azure Active Directory (AAD) application and copying the *Application ID* and *key* that you will need to authenticate your application.
+You must enable your client application to access SQL Database or SQL Managed Instance by setting up an Azure Active Directory (AAD) application and copying the *Application ID* and *key* that you will need to authenticate your application.
 
 To get the *Application ID* and *key*, follow the steps in [create an Azure Active Directory application and service principal that can access resources](../../active-directory/develop/howto-create-service-principal-portal.md).
 
@@ -98,28 +99,14 @@ az keyvault set-policy --name $vaultName --key-permissions get, list, sign, unwr
 
 * * *
 
-## Create a blank SQL database
 
-1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Go to **Create a resource** > **Databases** > **SQL Database**.
-3. Create a **Blank** database named **Clinic** on a new or existing server. For detailed directions about how to create a database in the Azure portal, see [Your first Azure SQL Database](single-database-create-quickstart.md).
+## Connect with SSMS
 
-    ![Create a blank database](./media/always-encrypted-azure-key-vault-configure/create-database.png)
-
-You will need the connection string later in the tutorial, so after you create the database, browse to the new  Clinic database and copy the connection string. You can get the connection string at any time, but it's easy to copy it in the Azure portal.
-
-1. Go to **SQL databases** > **Clinic** > **Show database connection strings**.
-2. Copy the connection string for **ADO.NET**.
-
-    ![Copy the connection string](./media/always-encrypted-azure-key-vault-configure/connection-strings.png)
-
-## Connect to the database with SSMS
-
-Open SSMS and connect to the server with the Clinic database.
+Open SQL Server Managed Studio (SSMS) and connect to the server or managed with your database.
 
 1. Open SSMS. (Go to **Connect** > **Database Engine** to open the **Connect to Server** window if it isn't open.)
 
-2. Enter your server name and credentials. The server name can be found on the SQL database blade and in the connection string you copied earlier. Type the complete server name, including *database.windows.net*.
+2. Enter your server name  or instance name and credentials. 
 
     ![Copy the connection string](./media/always-encrypted-azure-key-vault-configure/ssms-connect.png)
 
@@ -130,7 +117,7 @@ If the **New Firewall Rule** window opens, sign in to Azure and let SSMS create
 In this section, you will create a table to hold patient data. It's not initially encrypted--you will configure encryption in the next section.
 
 1. Expand **Databases**.
-2. Right-click the **Clinic** database and click **New Query**.
+2. Right-click the database and click **New Query**.
 3. Paste the following Transact-SQL (T-SQL) into the new query window and **Execute** it.
 
 ```sql
@@ -222,7 +209,7 @@ Run these two lines of code in the Package Manager Console:
 
 ## Modify your connection string to enable Always Encrypted
 
-This section  explains how to enable Always Encrypted in your database connection string.
+This section explains how to enable Always Encrypted in your database connection string.
 
 To enable Always Encrypted, you need to add the **Column Encryption Setting** keyword to your connection string and set it to **Enabled**.
 
@@ -604,7 +591,7 @@ Then add the *Column Encryption Setting=enabled* parameter during your connectio
 
 ## Next steps
 
-After you create a database that uses Always Encrypted, you may want to do the following:
+After your database is configured to use Always Encrypted, you may want to do the following:
 
 - [Rotate and clean up your keys](https://msdn.microsoft.com/library/mt607048.aspx).
 - [Migrate data that is already encrypted with Always Encrypted](https://msdn.microsoft.com/library/mt621539.aspx).
diff --git a/articles/azure-sql/database/always-encrypted-certificate-store-configure.md b/articles/azure-sql/database/always-encrypted-certificate-store-configure.md
@@ -14,15 +14,15 @@ ms.reviwer:
 ms.date: 04/23/2020
 ---
 # Configure Always Encrypted using Windows certificate store
-[!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
+[!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb-sqlmi.md)]
 
-This tutorial shows you how to secure sensitive data in Azure SQL Database with database encryption by using the [Always Encrypted Wizard](/sql/relational-databases/security/encryption/always-encrypted-wizard) in [SQL Server Management Studio (SSMS)](https://msdn.microsoft.com/library/hh213248.aspx). It also shows you how to store your encryption keys in the Windows certificate store.
+This tutorial shows you how to secure sensitive data in a database in Azure SQL Database or Azure SQL Managed Instance with database encryption using the [Always Encrypted Wizard](/sql/relational-databases/security/encryption/always-encrypted-wizard) in [SQL Server Management Studio (SSMS)](https://msdn.microsoft.com/library/hh213248.aspx). It also shows you how to store your encryption keys in the Windows certificate store.
 
 Always Encrypted is a data encryption technology that helps protect sensitive data at rest on the server, during movement between client and server, and while the data is in use, ensuring that sensitive data never appears as plaintext inside the database system. After you encrypt data, only client applications or app servers that have access to the keys can access plaintext data. For detailed information, see [Always Encrypted (Database Engine)](https://msdn.microsoft.com/library/mt163865.aspx).
 
 After configuring the database to use Always Encrypted, you will create a client application in C# with Visual Studio to work with the encrypted data.
 
-Follow the steps in this article to learn how to set up Always Encrypted for Azure SQL Database. In this article, you will learn how to perform the following tasks:
+Follow the steps in this article to learn how to set up Always Encrypted for SQL Database or SQL Managed Instance. In this article, you will learn how to perform the following tasks:
 
 * Use the Always Encrypted wizard in SSMS to create [Always Encrypted Keys](https://msdn.microsoft.com/library/mt163865.aspx#Anchor_3).
   * Create a [Column Master Key (CMK)](https://msdn.microsoft.com/library/mt146393.aspx).
@@ -35,31 +35,25 @@ Follow the steps in this article to learn how to set up Always Encrypted for Azu
 For this tutorial, you'll need:
 
 * An Azure account and subscription. If you don't have one, sign up for a [free trial](https://azure.microsoft.com/pricing/free-trial/).
+- A database in [Azure SQL Database](single-database-create-quickstart.md) or [Azure SQL Managed Instance](../managed-instance/instance-create-quickstart.md).
 * [SQL Server Management Studio](https://msdn.microsoft.com/library/mt238290.aspx) version 13.0.700.242 or later.
 * [.NET Framework 4.6](https://msdn.microsoft.com/library/w0x726c2.aspx) or later (on the client computer).
 * [Visual Studio](https://www.visualstudio.com/downloads/download-visual-studio-vs.aspx).
 
-## Create a blank SQL database
+## Enable client application access
 
-1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Click **Create a resource** > **Data + Storage** > **SQL Database**.
-3. Create a **Blank** database named **Clinic** on a new or existing server. For detailed instructions about creating a database in the Azure portal, see [Your first Azure SQL Database](single-database-create-quickstart.md).
+You must enable your client application to access SQL Database or SQL Managed Instance by setting up an Azure Active Directory (AAD) application and copying the *Application ID* and *key* that you will need to authenticate your application.
 
-    ![Create a blank database](./media/always-encrypted-certificate-store-configure/create-database.png)
+To get the *Application ID* and *key*, follow the steps in [create an Azure Active Directory application and service principal that can access resources](../../active-directory/develop/howto-create-service-principal-portal.md).
 
-You will need the connection string later in the tutorial. After the database is created, go to the new **Clinic** database and copy the connection string. You can get the connection string at any time, but it's easy to copy it when you're in the Azure portal.
 
-1. Click **SQL databases** > **Clinic** > **Show database connection strings**.
-2. Copy the connection string for **ADO.NET**.
 
-    ![Copy the connection string](./media/always-encrypted-certificate-store-configure/connection-strings.png)
+## Connect with SSMS
 
-## Connect to the database with SSMS
-
-Open SSMS and connect to the server with the Clinic database.
+Open SQL Server Managed Studio (SSMS) and connect to the server or managed with your database.
 
 1. Open SSMS. (Click **Connect** > **Database Engine** to open the **Connect to Server** window if it is not open).
-2. Enter your server name and credentials. The server name can be found on the **SQL database** blade and in the connection string you copied earlier. Type the complete server name including *database.windows.net*.
+2. Enter your server name and credentials.
 
     ![Copy the connection string](./media/always-encrypted-certificate-store-configure/ssms-connect.png)
 
diff --git a/articles/azure-sql/database/automation-manage.md b/articles/azure-sql/database/automation-manage.md
@@ -13,7 +13,7 @@ ms.reviewer: carlrab
 ms.date: 03/12/2019
 ---
 # Managing Azure SQL Database using Azure Automation
-[!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
+[!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb.md)]
 
 This guide will introduce you to the Azure Automation service, and how it can be used to simplify management of databases in Azure SQL database.
 
diff --git a/articles/azure-sql/database/doc-changes-updates-release-notes.md b/articles/azure-sql/database/doc-changes-updates-release-notes.md
@@ -23,7 +23,7 @@ Documentation for Azure SQL Database and Azure SQL Managed Instance has been spl
 
 We've done this because some features and functionality vary greatly between a single database and managed instance, and it's become increasingly more of a challenge to explain complex nuances between Azure SQL Database and Azure SQL Managed Instance in individual 'shared' articles.
 
-This clarification between the different Azure SQL products should simplify and streamline the process of working with SQL in Azure, whether that be a single managed database in Azure SQL Database, a fully-fledged managed instance hosting multiple databases in Azure SQL Managed Instance, or the familiar on-premises SQL Server product but hosted on a virtual machine in Azure.
+This clarification between the different Azure SQL products should simplify and streamline the process of working with the SQL Server database engine in Azure, whether that be a single managed database in Azure SQL Database, a fully-fledged managed instance hosting multiple databases in Azure SQL Managed Instance, or the familiar on-premises SQL Server product but hosted on a virtual machine in Azure.
 
 Consider that this is a work in progress and not every document has been updated yet. For example, Transact-SQL (T-SQL) statements, stored procedures, and many features shared between Azure SQL Database and Azure SQL Managed Instance are not yet complete, so please bear with us!
 
diff --git a/articles/azure-sql/toc.yml b/articles/azure-sql/toc.yml
@@ -146,6 +146,12 @@
         href: database/transparent-data-encryption-byok-configure.md 
       - name: Store vulnerability scans in storage
         href: database/sql-database-vulnerability-assessment-storage.md
+      - name: Always Encrypted
+        items: 
+        - name: Use the Azure key vault
+          href: database/always-encrypted-azure-key-vault-configure.md
+        - name: Use the certificate store
+          href: database/always-encrypted-certificate-store-configure.md
 
   
     - name: Monitor & tune
@@ -236,6 +242,7 @@
         href: database/service-tiers-prs.md     
 
   - name: Quickstarts
+    href: database/quickstart-content-reference-guide.md
     items:
     - name: Create database
       items:
@@ -348,7 +355,7 @@
         - name: Azure SQL Auditing
           href: database/auditing-overview.md
         - name: Audit log format
-          href: database/audit-log-format.md          
+          href: database/audit-log-format.md
         - name: Network access controls
           href: database/network-access-controls-overview.md
         - name: DNS aliases
@@ -491,12 +498,6 @@
         href: database/firewall-configure.md
       - name: vNet endpoints - PowerShell
         href: database/scripts/vnet-service-endpoint-rule-powershell-create.md
-      - name: Always Encrypted
-        items: 
-        - name: Use the certificate store
-          href: database/always-encrypted-certificate-store-configure.md
-        - name: Use the Azure key vault
-          href: database/always-encrypted-azure-key-vault-configure.md
 
     - name: Business continuity
       items: 
@@ -697,6 +698,7 @@
     - name: Release notes
       href: database/doc-changes-updates-release-notes.md?&tabs=managed-instance
   - name: Quickstarts
+    href: managed-instance/quickstart-content-reference-guide.md
     items:
     - name: Create 
       items:
