Merge pull request #111242 from MashaMSFT/20200413_miltr

American-Dipper · web-flow · commit 52785870f48c · 2020-04-14T14:39:34.000-07:00
20200413 miltr
diff --git a/articles/sql-database/sql-database-long-term-backup-retention-configure.md b/articles/sql-database/sql-database-long-term-backup-retention-configure.md
@@ -1,6 +1,6 @@
 ---
-title: Manage long-term backup retention
-description: "Learn how to store automated backups in the SQL Azure storage and then restore them"
+title: "Single database: Manage long-term backup retention"
+description: "Learn how to store and restore automated backups for an Azure SQL Database single or pooled database in Azure storage (for up to 10 years) using the Azure Portal and PowerShell"
 services: sql-database
 ms.service: sql-database
 ms.subservice: backup-restore
@@ -11,7 +11,7 @@ author: anosov1960
 ms.author: sashan
 ms.reviewer: mathoma, carlrab
 manager: craigg
-ms.date: 08/21/2019
+ms.date: 04/14/2020
 ---
 
 # Manage Azure SQL Database long-term backup retention
@@ -183,7 +183,7 @@ Remove-AzSqlDatabaseLongTermRetentionBackup -ResourceId $ltrBackup.ResourceId
 ```
 
 > [!IMPORTANT]
-> Deleting LTR backup is non-reversible. To delete an LTR backup after the server has been deleted you must have Subscription scope permission. You can set up notifications about each delete in Azure Monitor by filtering for operation ‘Deletes a long term retention backup’. The activity log contains information on who and when made the request. See [Create activity log alerts](../azure-monitor/platform/alerts-activity-log.md) for detailed instructions.
+> Deleting LTR backup is non-reversible. To delete an LTR backup after the server has been deleted you must have Subscription scope permission. You can set up notifications about each delete in Azure Monitor by filtering for operation 'Deletes a long term retention backup'. The activity log contains information on who and when made the request. See [Create activity log alerts](../azure-monitor/platform/alerts-activity-log.md) for detailed instructions.
 
 ### Restore from LTR backups
 
diff --git a/articles/sql-database/sql-database-long-term-retention.md b/articles/sql-database/sql-database-long-term-retention.md
@@ -1,6 +1,6 @@
 ---
-title: Store backups for up to 10 years 
-description: Learn how Azure SQL Database supports storing full database backups for up to 10 years.
+title: "Long-term backup retention" 
+description: Learn how Azure SQL Database supports storing full database backups for up to 10 years via the long-term retention policy.
 services: sql-database
 ms.service: sql-database
 ms.subservice: backup-restore
@@ -12,13 +12,15 @@ ms.author: sashan
 ms.reviewer: mathoma, carlrab
 ms.date: 05/18/2019
 ---
-# Store Azure SQL Database backups for up to 10 years
+# Azure SQL Database long-term retention
 
-Many applications have regulatory, compliance, or other business purposes that require you to retain database backups beyond the 7-35 days provided by Azure SQL Database [automatic backups](sql-database-automated-backups.md). By using the long-term retention (LTR) feature, you can store specified SQL database full backups in Azure Blob storage with read-access geo-redundant storage for up to 10 years. You can then restore any backup as a new database. For more information about Azure Storage redundancy, see [Azure Storage redundancy](../storage/common/storage-redundancy.md).
+Many applications have regulatory, compliance, or other business purposes that require you to retain database backups beyond the 7-35 days provided by Azure SQL Database [automatic backups](sql-database-automated-backups.md). By using the long-term retention (LTR) feature, you can store specified SQL database full backups in Azure Blob storage with read-access geo-redundant storage for up to 10 years. You can then restore any backup as a new database. For more information about Azure Storage redundancy, see [Azure Storage redundancy](../storage/common/storage-redundancy.md). 
+
+Long time retention can be enabled for single and pooled databases, and is in limited public preview for Azure SQL Database managed instances. 
 
 > [!NOTE]
-> LTR can be enabled for single and pooled databases. It is not yet available for instance databases in Managed Instances. You can use SQL Agent jobs to schedule [copy-only database backups](https://docs.microsoft.com/sql/relational-databases/backup-restore/copy-only-backups-sql-server) as an alternative to LTR beyond 35 days.
-> 
+> You can use SQL Agent jobs to schedule [copy-only database backups](https://docs.microsoft.com/sql/relational-databases/backup-restore/copy-only-backups-sql-server) as an alternative to LTR beyond 35 days.
+
 
 ## How SQL Database long-term retention works
 
@@ -69,6 +71,16 @@ If you are using active geo-replication or failover groups as your business cont
 > [!NOTE]
 > When the original primary database recovers from an outage that caused the failover, it will become a new secondary. Therefore, the backup creation will not resume and the existing LTR policy will not take effect until it becomes the primary again. 
 
+## Managed Instance support
+
+Using long-term backup retention with an Azure SQL Database managed instances has the following limitations:
+
+- **Limited public preview** - This preview is only available to EA and CSP subscriptions and is subject to limited availability.  
+- [**PowerShell only**](sql-database-managed-instance-long-term-backup-retention-configure.md) - There is currently no Azure portal support. LTR must be enabled using PowerShell. 
+
+To request enrollment, create an [Azure support ticket](https://azure.microsoft.com/support/create-ticket/) under the support topic **Backup, Restore, and Business continuity / Long-term backup retention**.
+
+
 ## Configure long-term backup retention
 
 To learn how to configure long-term retention using the Azure portal or PowerShell, see [Manage Azure SQL Database long-term backup retention](sql-database-long-term-backup-retention-configure.md).
diff --git a/articles/sql-database/sql-database-managed-instance-long-term-backup-retention-configure.md b/articles/sql-database/sql-database-managed-instance-long-term-backup-retention-configure.md
@@ -0,0 +1,152 @@
+---
+title: "Managed instance: Long-term backup retention (PowerShell)"
+description: "Learn how to store and restore automated backups on separate Azure Blob storage containers for an Azure SQL Database managed instance using PowerShell."
+services: sql-database
+ms.service: sql-database
+ms.subservice: backup-restore
+ms.custom: 
+ms.devlang: 
+ms.topic: conceptual
+author: anosov1960
+ms.author: sashan
+ms.reviewer: mathoma, carlrab
+manager: craigg
+ms.date: 04/14/2020
+---
+# Manage Azure SQL Database managed instance long-term backup retention (PowerShell)
+
+In Azure SQL Database managed instance, you can configure a [long-term backup retention](sql-database-long-term-retention.md#managed-instance-support) policy (LTR) as a limited public preview feature. This allows you to to automatically retain database backups in separate Azure Blob storage containers for up to 10 years. You can then recover a database using these backups using PowerShell.
+
+   > [!IMPORTANT]
+   > LTR for managed instances is currently in limited preview and available for EA and CSP subscriptions on a case by case basis. To request enrollment, please create an [Azure support ticket](https://azure.microsoft.com/support/create-ticket/) under the support topic **Backup, Restore, and Business Continuity/Long-term backup retention**. 
+
+
+The following sections show you how to use PowerShell to configure the long-term backup retention, view backups in Azure SQL storage, and restore from a backup in Azure SQL storage.
+
+## RBAC roles to manage long-term retention
+
+For **Get-AzSqlInstanceDatabaseLongTermRetentionBackup** and **Restore-AzSqlInstanceDatabase**, you will need to have one of the following roles:
+
+- Subscription Owner role or
+- SManaged Instance Contributor role or
+- Custom role with the following permissions:
+
+   ```Microsoft.Sql/locations/longTermRetentionManagedInstanceBackups/read```
+   ```Microsoft.Sql/locations/longTermRetentionManagedInstances/longTermRetentionManagedInstanceBackups/read```
+   ```Microsoft.Sql/locations/longTermRetentionManagedInstances/longTermRetentionDatabases/longTermRetentionManagedInstanceBackups/read```
+
+For **Remove-AzSqlInstanceDatabaseLongTermRetentionBackup**, you will need to have one of the following roles:
+
+- Subscription Owner role or
+- Custom role with the following permission:
+
+   ```Microsoft.Sql/locations/longTermRetentionManagedInstances/longTermRetentionDatabases/longTermRetentionManagedInstanceBackups/delete```
+
+> [!NOTE]
+> The SManaged Instance Contributor role does not have permission to delete LTR backups.
+
+RBAC permissions could be granted in either *subscription* or *resource group* scope. However, to access LTR backups that belong to a dropped instance, the permission must be granted in the *subscription* scope of that instance.
+
+```Microsoft.Sql/locations/longTermRetentionManagedInstances/longTermRetentionDatabases/longTermRetentionManagedInstanceBackups/delete```
+
+## Create an LTR policy
+
+```powershell
+# get the Managed Instance
+$subId = "<subscriptionId>"
+$instanceName = "<instanceName>"
+$resourceGroup = "<resourceGroupName>"
+$dbName = "<databaseName>"
+
+Connect-AzAccount
+Select-AzSubscription -SubscriptionId $subId
+
+$instance = Get-AzSqlInstance -Name $instanceName -ResourceGroupName $resourceGroup
+
+# create LTR policy with WeeklyRetention = 12 weeks. MonthlyRetention and YearlyRetention = 0 by default.
+Set-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy -InstanceName $instanceName `
+   -DatabaseName $dbName -ResourceGroupName $resourceGroup -WeeklyRetention P12W
+
+# create LTR policy with WeeklyRetention = 12 weeks, YearlyRetention = 5 years and WeekOfYear = 16 (week of April 15). MonthlyRetention = 0 by default.
+Set-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy -InstanceName $instanceName `
+    -DatabaseName $dbName -ResourceGroupName $resourceGroup -WeeklyRetention P12W -YearlyRetention P5Y -WeekOfYear 16
+
+```
+
+## View LTR policies
+
+This example shows how to list the LTR policies within an instance
+
+```powershell
+# gets the current version of LTR policy for the database
+$ltrPolicies = Get-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy -InstanceName $instanceName `
+    -DatabaseName $dbName -ResourceGroupName $resourceGroup
+
+```
+
+## Clear an LTR policy
+
+This example shows how to clear an LTR policy from a database
+
+```powershell
+Set-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy -InstanceName $instanceName `
+   -DatabaseName $dbName -ResourceGroupName $resourceGroup -RemovePolicy
+```
+
+## View LTR backups
+
+This example shows how to list the LTR backups within an instance.
+
+```powershell
+# get the list of all LTR backups in a specific Azure region
+# backups are grouped by the logical database id, within each group they are ordered by the timestamp, the earliest backup first
+$ltrBackups = Get-AzSqlInstanceDatabaseLongTermRetentionBackup -Location $instance.Location
+
+# get the list of LTR backups from the Azure region under the given managed instance
+$ltrBackups = Get-AzSqlInstanceDatabaseLongTermRetentionBackup -Location $instance.Location -InstanceName $instanceName
+
+# get the LTR backups for a specific database from the Azure region under the given managed instance
+$ltrBackups = Get-AzSqlInstanceDatabaseLongTermRetentionBackup -Location $instance.Location -InstanceName $instanceName -DatabaseName $dbName
+
+# list LTR backups only from live databases (you have option to choose All/Live/Deleted)
+$ltrBackups = Get-AzSqlInstanceDatabaseLongTermRetentionBackup -Location $instance.Location -DatabaseState Live
+
+# only list the latest LTR backup for each database
+$ltrBackups = Get-AzSqlInstanceDatabaseLongTermRetentionBackup -Location $instance.Location -InstanceName $instanceName -OnlyLatestPerDatabase
+
+```
+
+## Delete LTR backups
+
+This example shows how to delete an LTR backup from the list of backups.
+
+```powershell
+# remove the earliest backup
+$ltrBackup = $ltrBackups[0]
+Remove-AzSqlInstanceDatabaseLongTermRetentionBackup -ResourceId $ltrBackup.ResourceId
+```
+
+> [!IMPORTANT]
+> Deleting LTR backup is non-reversible. To delete an LTR backup after the instance has been deleted you must have Subscription scope permission. You can set up notifications about each delete in Azure Monitor by filtering for operation 'Deletes a long term retention backup'. The activity log contains information on who and when made the request. See [Create activity log alerts](../azure-monitor/platform/alerts-activity-log.md) for detailed instructions.
+
+## Restore from LTR backups
+
+This example shows how to restore from an LTR backup. Note, this interface did not change but the resource id parameter now requires the LTR backup resource id.
+
+```powershell
+# restore a specific LTR backup as an P1 database on the instance $instanceName of the resource group $resourceGroup
+Restore-AzSqlInstanceDatabase -FromLongTermRetentionBackup -ResourceId $ltrBackup.ResourceId `
+   -TargetInstanceName $instanceName -TargetResourceGroupName $resourceGroup -TargetInstanceDatabaseName $dbName
+
+```
+
+> [!IMPORTANT]
+> To restore from an LTR backup after the instance has been deleted, you must have permissions scoped to the subscription of the instance and that subscription must be active. You must also omit the optional -ResourceGroupName parameter.
+
+> [!NOTE]
+> From here, you can connect to the restored database using SQL Server Management Studio to perform needed tasks, such as to extract a bit of data from the restored database to copy into the existing database or to delete the existing database and rename the restored database to the existing database name. See [point in time restore](sql-database-recovery-using-backups.md#point-in-time-restore).
+
+## Next steps
+
+- To learn about service-generated automatic backups, see [automatic backups](sql-database-automated-backups.md)
+- To learn about long-term backup retention, see [long-term backup retention](sql-database-long-term-retention.md)
diff --git a/articles/sql-database/sql-database-release-notes.md b/articles/sql-database/sql-database-release-notes.md
@@ -7,7 +7,7 @@ ms.service: sql-database
 ms.subservice: service
 ms.devlang: 
 ms.topic: conceptual
-ms.date: 04/09/2020
+ms.date: 04/14/2020
 ms.author: sstein
 ---
 # SQL Database release notes
@@ -43,6 +43,7 @@ This article lists SQL Database features that are currently in public preview. F
 | <a href="https://aka.ms/managed-instance-aadlogins">Instance-level Azure AD server principals (logins)</a> | Create server-level logins using <a href="https://docs.microsoft.com/sql/t-sql/statements/create-login-transact-sql?view=azuresqldb-mi-current">CREATE LOGIN FROM EXTERNAL PROVIDER</a> statement. |
 | [Transactional Replication](sql-database-managed-instance-transactional-replication.md) | Replicate the changes from your tables into other databases placed on Managed Instances, Single Databases, or SQL Server instances, or update your tables when some rows are changed in other Managed Instances or SQL Server instance. For information, see [Configure replication in an Azure SQL Database managed instance database](replication-with-sql-database-managed-instance.md). |
 | Threat detection |For information, see [Configure threat detection in Azure SQL Database managed instance](sql-database-managed-instance-threat-detection.md).|
+| Long-term backup retention | For information, see [Configure long-term back up retention in Azure SQL Database managed instance](sql-database-managed-instance-long-term-backup-retention-configure.md). | 
 
 ---
 
@@ -110,7 +111,7 @@ If failover group spans across instances in different Azure subscriptions or res
 
 ### SQL Agent roles need explicit EXECUTE permissions for non-sysadmin logins
 
-If non-sysadmin logins are added to any of [SQL Agent fixed database roles](https://docs.microsoft.com/sql/ssms/agent/sql-server-agent-fixed-database-roles), there exists an issue in which explicit EXECUTE permissions need to be granted to the master stored procedures for these logins to work. If this issue is encountered, the error message “The EXECUTE permission was denied on the object <object_name> (Microsoft SQL Server, Error: 229)” will be shown.
+If non-sysadmin logins are added to any of [SQL Agent fixed database roles](https://docs.microsoft.com/sql/ssms/agent/sql-server-agent-fixed-database-roles), there exists an issue in which explicit EXECUTE permissions need to be granted to the master stored procedures for these logins to work. If this issue is encountered, the error message "The EXECUTE permission was denied on the object <object_name> (Microsoft SQL Server, Error: 229)" will be shown.
 
 **Workaround**: Once you add logins to either of SQL Agent fixed database roles: SQLAgentUserRole, SQLAgentReaderRole or SQLAgentOperatorRole, for each of the logins added to these roles execute the below T-SQL script to explicitly grant EXECUTE permissions to the stored procedures listed.
 
@@ -163,7 +164,7 @@ Cross-database Service Broker dialogs will stop delivering the messages to the s
 ### Impersonification of Azure AD login types is not supported
 
 Impersonation using `EXECUTE AS USER` or `EXECUTE AS LOGIN` of following AAD principals is not supported:
--	Aliased AAD users. The following error is returned in this case `15517`.
+-    Aliased AAD users. The following error is returned in this case `15517`.
 - AAD logins and users based on AAD applications or service principals. The following errors are returned in this case `15517` and `15406`.
 
 ### @query parameter not supported in sp_send_db_mail
diff --git a/articles/sql-database/toc.yml b/articles/sql-database/toc.yml
@@ -740,6 +740,8 @@
         href: sql-database-managed-instance-configure-vm.md
       - name: Point-to-site connection
         href: sql-database-managed-instance-configure-p2s.md
+      - name: Long-term backup retention
+        href: sql-database-managed-instance-long-term-backup-retention-configure.md
     - name: Load data
       items:
       - name: Restore database backup
