Merge branch '20220126-applies-to-asa' of https://www.github.com/williamdassafmsft/azure-docs-pr into 20220126-applies-to-asa

WilliamDAssafMSFT · WilliamDAssafMSFT · commit 2c52542a9e0e · 2022-02-11T16:29:00.000-08:00
diff --git a/articles/azure-sql/database/authentication-aad-service-principal.md b/articles/azure-sql/database/authentication-aad-service-principal.md
@@ -6,18 +6,15 @@ ms.subservice: security
 ms.topic: conceptual
 author: GithubMirek
 ms.author: mireks
-ms.reviewer: kendralittle, vanto, mathoma
+ms.reviewer: kendralittle, vanto, mathoma, wiassaf
 ms.date: 12/15/2021
 ---
 
 # Azure Active Directory service principal with Azure SQL
 
-[!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
+[!INCLUDE[appliesto-sqldb-sqlmi-asa-dedicated-only](../includes/appliesto-sqldb-sqlmi-asa-dedicated-only.md)]
 
-Azure Active Directory (Azure AD) supports user creation in Azure SQL Database (SQL DB) on behalf of Azure AD applications (service principals).
-
-> [!NOTE]
-> This functionality is already supported for SQL Managed Instance.
+Azure Active Directory (Azure AD) supports user creation in Azure SQL Database (SQL DB) on behalf of Azure AD applications (service principals). This is supported for [Azure SQL Database](sql-database-paas-overview.md) and [Azure SQL Managed Instance](../managed-instance/sql-managed-instance-paas-overview.md), as well as to both dedicated SQL pools in Azure Synapse workspaces and dedicated SQL pools (formerly SQL DW).
 
 ## Service principal (Azure AD applications) support
 
@@ -83,7 +80,7 @@ To enable an Azure AD object creation in SQL Database on behalf of an Azure AD a
 
 ## Troubleshooting and limitations
 
-- When creating Azure AD objects in Azure SQL on behalf of an Azure AD application without enabling server identity and granting **Directory Readers** permission, or lower level permissions discussed in [User-assigned managed identity in Azure AD for Azure SQL](authentication-azure-ad-user-assigned-managed-identity.md), the operation will fail with the following possible errors. The example error below is for a PowerShell command execution to create a SQL Database user `myapp` in the article [Tutorial: Create Azure AD users using Azure AD applications](authentication-aad-service-principal-tutorial.md).
+- When creating Azure AD objects in Azure SQL on behalf of an Azure AD application without enabling server identity and granting **Directory Readers** permission, or lower level permissions discussed in [User-assigned managed identity in Azure AD for Azure SQL](authentication-azure-ad-user-assigned-managed-identity.md), the operation will fail with the following possible errors. The following example error is for a PowerShell command execution to create a SQL Database user `myapp` in the article [Tutorial: Create Azure AD users using Azure AD applications](authentication-aad-service-principal-tutorial.md).
     - `Exception calling "ExecuteNonQuery" with "0" argument(s): "'myapp' is not a valid login or you do not have permission. Cannot find the user 'myapp', because it does not exist, or you do not have permission."`
     - `Exception calling "ExecuteNonQuery" with "0" argument(s): "Principal 'myapp' could not be resolved. Error message:
     'Server identity is not configured. Please follow the steps in "Assign an Azure AD identity to your server and add
diff --git a/articles/azure-sql/database/authentication-azure-ad-only-authentication.md b/articles/azure-sql/database/authentication-azure-ad-only-authentication.md
@@ -7,18 +7,20 @@ ms.subservice: security
 ms.topic: conceptual
 author: GithubMirek
 ms.author: mireks
-ms.reviewer: kendralittle, vanto, mathoma
+ms.reviewer: kendralittle, vanto, mathoma, wiassaf
 ms.date: 11/03/2021
 ms.custom: ignite-fall-2021
 ---
 
 # Azure AD-only authentication with Azure SQL
 
-[!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
+[!INCLUDE[appliesto-sqldb-sqlmi-asa-dedicated-only](../includes/appliesto-sqldb-sqlmi-asa-dedicated-only.md)]
 
-Azure AD-only authentication is a feature within [Azure SQL](../azure-sql-iaas-vs-paas-what-is-overview.md) that allows the service to only support Azure AD authentication, and is supported for [Azure SQL Database](sql-database-paas-overview.md) and [Azure SQL Managed Instance](../managed-instance/sql-managed-instance-paas-overview.md). SQL authentication is disabled when enabling Azure AD-only authentication in the Azure SQL environment, including connections from SQL server administrators, logins, and users. Only users using [Azure AD authentication](authentication-aad-overview.md) are authorized to connect to the server or database.
+Azure AD-only authentication is a feature within [Azure SQL](../azure-sql-iaas-vs-paas-what-is-overview.md) that allows the service to only support Azure AD authentication, and is supported for [Azure SQL Database](sql-database-paas-overview.md) and [Azure SQL Managed Instance](../managed-instance/sql-managed-instance-paas-overview.md), as well as to both dedicated SQL pools in Azure Synapse workspaces and dedicated SQL pools (formerly SQL DW). 
 
-Azure AD-only authentication can be enabled or disabled using the Azure portal, Azure CLI, PowerShell, or REST API. Azure AD-only authentication can also be configured during server creation with an ARM template.
+SQL authentication is disabled when enabling Azure AD-only authentication in the Azure SQL environment, including connections from SQL server administrators, logins, and users. Only users using [Azure AD authentication](authentication-aad-overview.md) are authorized to connect to the server or database.
+
+Azure AD-only authentication can be enabled or disabled using the Azure portal, Azure CLI, PowerShell, or REST API. Azure AD-only authentication can also be configured during server creation with an Azure Resource Manager (ARM) template.
 
 For more information on Azure SQL authentication, see [Authentication and authorization](logins-create-manage.md#authentication-and-authorization).
 
diff --git a/articles/azure-sql/includes/appliesto-sqldb-sqlmi-asa-dedicated-only.md b/articles/azure-sql/includes/appliesto-sqldb-sqlmi-asa-dedicated-only.md
@@ -0,0 +1,10 @@
+---
+ms.service: sql-database
+ms.topic: include
+ms.date: 01/26/2022
+author: WilliamDAssafMSFT
+ms.author: wiassaf
+---
+
+**APPLIES TO:** :::image type="icon" source="../media/applies-to/yes.png" border="false":::Azure SQL Database :::image type="icon" source="../media/applies-to/yes.png" border="false":::Azure SQL Managed Instance :::image type="icon" source="../media/applies-to/yes.png" border="false":::Azure Synapse Analytics (dedicated SQL pools only)
+
