Updating the doc for the new feaures added

Author: kummanish

articles/mariadb/concepts-data-access-security-private-link.md

@@ -1,14 +1,14 @@
 ---
-title: Private Link for Azure Database for MariaDB (Preview)
+title: Private Link for Azure Database for MariaDB
 description: Learn how Private link works for Azure Database for MariaDB.
 author: kummanish
 ms.author: manishku
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 01/09/2020
+ms.date: 03/10/2020
 ---
 
-# Private Link for Azure Database for MariaDB (Preview)
+# Private Link for Azure Database for MariaDB
 
 Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). The PaaS resources can be accessed using the private IP address just like any other resource in the VNet.
 
@@ -106,6 +106,17 @@ The following situations and outcomes are possible when you use Private Link in
 
 * If you don't configure any public traffic or service endpoint and you create private endpoints, then the Azure Database for MariaDB is accessible only through the private endpoints. If you don't configure public traffic or a service endpoint, after all approved private endpoints are rejected or deleted, no traffic will be able to access the Azure Database for MariaDB.
 
+## Deny public access for Azure Database for MariaDB
+
+While Private Link allows access via private endpoint only, customer can use still use the public end points via [firewall rules](concepts-firewall-rules.md) and [VNet service endpoints](concepts-data-access-and-security-vnet.md) in such cases where they may need a mix of private and public connectivity. However, if you want to rely only on private endpoints for accessing their Azure Database for MariaDB, you can disable setting all public endpoints by setting the **Deny Public Network Access** configuration on the database server. 
+
+When this setting is set to *YES* only connections via private endpoints are allowed to your Azure Database for MariaDB. When this setting is set to *NO* clients can connect to your Azure Database for MariaDB based on your firewall or VNet service endpoint setting. Additionally, once the value of the Private network access is set to  customers cannot add and/or update existing ‘Firewall rules’ and ‘VNet service endpoint rule
+
+> [!Note]
+> This setting does not have any impact on the SSL and TLS configurations for your Azure Database for MariaDB.
+
+To learn how to set the **Deny Public Network Access** for your Azure Database for MariaDB from Azure portal, refer to [How to configure Deny Public Network Access](howto-deny-public-network-access.md).
+
 ## Next steps
 
 To learn more about Azure Database for MariaDB security features, see the following articles:

articles/mariadb/concepts-ssl-connection-security.md

@@ -5,7 +5,7 @@ author: ajlam
 ms.author: andrela
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 12/02/2019
+ms.date: 03/10/2020
 ---
 
 # SSL connectivity in Azure Database for MariaDB
@@ -20,6 +20,32 @@ Connection strings for various programming languages are shown in the Azure port
 
 To learn how to enable or disable SSL connection when developing application, refer to [How to configure SSL](howto-configure-ssl.md).
 
+# TLS connectivity in Azure Database for MariaDB
+
+Azure Database for MariaDB supports privacy and data integrity over communications as clients connect to your database server using Transport Layer Security (TLS). TLS is an industry standard protocol that ensures secure network connections between your database server and your client applications and helps adhere to compliance requirements.
+
+## TLS settings
+
+Security conscious customers now have the ability to enforce the TLS version for the client connecting to their Azure Database for MariaDB. To use the TLS option, use the **minumumTlsVersion** option setting. The following values are allowed for this option setting:
+
+|  Minimum TLS Setting             | TLS Version supported                |
+|:---------------------------------|-------------------------------------:|
+| TLSEnforcementDisabled (default) | No TLS required                      |
+| TLS1_0                           | TLS 1.0, TLS 1.1, TLS 1.2 and higher |
+| TLS1_1                           | TLS 1.1, TLS 1.2 and higher          |
+| TLS1_2                           | TLS version 1.2 and higher           |
+
+
+For example, setting this Minimum TLS setting version to TLS 1.0 means you shall allow clients connecting using TLS 1.0,1.1 and 1.2+. Alternatively, setting this to 1.2 means that you only allow clients connecting using TLS 1.2 and all incoming connections with TLS 1.0 and TLS 1.1 will be rejected.
+
+> [!Note] 
+> Azure Database for MariaDB defaults to TLS being disabled for all new servers.
+>
+> Currently the TLS version supported for Azure Database for MariaDB are TLS 1.0, TLS 1.1, TLS 1.2.
+
+To learn how to set the TLS setting for your Azure Database for MariaDB, refer to [How to configure TLS setting](howto-tls-configurations.md).
+
 ## Next steps
 - Learn more about [server firewall rules](concepts-firewall-rules.md)
 - Learn how to [configure SSL](howto-configure-ssl.md).
+- Learn how to [configure TLS](howto-tls-configurations.md).

articles/mariadb/howto-deny-public-network-access.md

@@ -0,0 +1,41 @@
+---
+title: Deny Public Network Access in Azure Database for MariaDB using Azure portal
+description: Learn how to configure Deny Public Network Access using Azure portal for your Azure Database for MariaDB 
+author: kummanish
+ms.author: manishku
+ms.service: mariadb
+ms.topic: conceptual
+ms.date: 03/10/2020
+---
+
+# Deny Public Network Access in Azure Database for MariaDB using Azure portal
+
+This article describes how you can configure an Azure Database for MariaDB server to deny all public configurations and allow only private endpoints to go through to enhance the network security.
+
+## Prerequisites
+
+To complete this how-to guide, you need:
+
+* An [Azure Database for MariaDB](quickstart-create-MariaDB-server-database-using-azure-portal.md)
+
+## Set Deny Public Network Access
+
+Follow these steps to set MariaDB server Deny Public Network Access:
+
+* In the [Azure portal](https://portal.azure.com/), select your existing Azure Database for MariaDB server.
+
+* On the MariaDB server page, under **Settings** heading, click **Connection security** to open the connection security configuration page.
+
+* In the Deny Public Network Access, select **Yes** to enable deny public access for your MariaDB server.
+
+    ![Azure Database for MariaDB Deny network access](./media/howto-deny-public-network-access/deny-public-network-access.PNG)
+
+* Click **Save** to save the changes.
+
+* A notification will confirm that connection security setting was successfully enabled.
+
+    ![Azure Database for MariaDB Deny network access success](./media/howto-deny-public-network-access/deny-public-network-access-success.png)
+
+## Next steps
+
+Learn about [how to create alerts on metrics](howto-alert-on-metric.md).

articles/mariadb/howto-tls-configurations.md

@@ -0,0 +1,43 @@
+---
+title: TLS configuration in Azure Database for MariaDB using Azure portal
+description: Learn how to set TLS configuration using Azure portal for your Azure Database for MariaDB 
+author: kummanish
+ms.author: manishku
+ms.service: mariadb
+ms.topic: conceptual
+ms.date: 03/10/2020
+---
+
+# Configuring TLS settings in Azure Database for MariaDB using Azure portal
+
+This article describes how you can configure an Azure Database for MariaDB server to enforce connections for a minimum TLS version to go through and deny all connections with lower TLS version thereby enhancing the network security.
+
+Security conscious customers now have the ability to enforce TLS version for connecting to their Azure Database for MariaDB. Customers now have a choice to set the minimal TLS version for their database server. For example, setting this Minimum TLS version to 1.0 means you shall allow clients connecting using TLS 1.0,1.1 and 1.2. Alternatively, setting this to 1.2 means that you only allow clients connecting using TLS 1.2 and all incoming connections with TLS 1.0 and TLS 1.1 will be rejected.
+
+## Prerequisites
+
+To complete this how-to guide, you need:
+
+* An [Azure Database for MariaDB](quickstart-create-mariaDB-server-database-using-azure-portal.md)
+
+## Set TLS configurations for Azure Database for MariaDB
+
+Follow these steps to set MariaDB server minimum TLS version:
+
+* In the [Azure portal](https://portal.azure.com/), select your existing Azure Database for MariaDB server.
+
+* On the MariaDB server page, under **Settings** heading, click **Connection security** to open the connection security configuration page.
+
+* In the **Minimum TLS version**, select **1.2** to deny connections with TLS version less than TLS 1.2 for your MariaDB server.
+
+    ![Azure Database for MariaDB TLS configuration](./media/howto-tls-configurations/tls-configurations.png)
+
+* Click **Save** to save the changes.
+
+* A notification will confirm that connection security setting was successfully enabled.
+
+    ![Azure Database for MariaDB TLS configuration success](./media/howto-tls-configurations/tls-configurations-success.png)
+
+## Next steps
+
+Learn about [how to create alerts on metrics](howto-alert-on-metric.md).

articles/mariadb/media/howto-deny-public-network-access/deny-public-network-access-success.png

@@ -1,14 +1,14 @@
 ---
-title: Private Link for Azure Database for MySQL (Preview)
+title: Private Link for Azure Database for MySQL
 description: Learn how Private link works for Azure Database for MySQL.
 author: kummanish
 ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 01/09/2020
+ms.date: 03/10/2020
 ---
 
-# Private Link for Azure Database for MySQL (Preview)
+# Private Link for Azure Database for MySQL
 
 Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). The PaaS resources can be accessed using the private IP address just like any other resource in the VNet.
 
@@ -54,9 +54,6 @@ Private Endpoints are required to enable Private Link. This can be done using th
 ### Approval Process
 Once the network admin creates the Private Endpoint (PE), the MySQL admin can manage the Private Endpoint Connection (PEC) to Azure Database for MySQL.
 
-> [!NOTE]
-> Currently, Azure Database for MySQL only supports auto-approval for the private endpoint.
-
 * Navigate to the Azure Database for MySQL server resource in the Azure portal. 
     * Select the Private endpoint connections in the left pane
     * Shows a list of all Private Endpoint Connections (PECs)
@@ -105,6 +102,17 @@ The following situations and outcomes are possible when you use Private Link in
 
 * If you don't configure any public traffic or service endpoint and you create private endpoints, then the Azure Database for MySQL is accessible only through the private endpoints. If you don't configure public traffic or a service endpoint, after all approved private endpoints are rejected or deleted, no traffic will be able to access the Azure Database for MySQL.
 
+## Deny public access for Azure Database for MySQL
+
+While Private Link allows access via private endpoint only, customer can use still use the public end points via [firewall rules](concepts-firewall-rules.md) and [VNet service endpoints](concepts-data-access-and-security-vnet.md) in such cases where they may need a mix of private and public connectivity. However, if you want to rely only on private endpoints for accessing their Azure Database for MySQL, you can disable setting all public endpoints by setting the **Deny Public Network Access** configuration on the database server. 
+
+When this setting is set to *YES* only connections via private endpoints are allowed to your Azure Database for MySQL. When this setting is set to *NO* clients can connect to your Azure Database for MySQL based on your firewall or VNet service endpoint setting. Additionally, once the value of the Private network access is set to  customers cannot add and/or update existing ‘Firewall rules’ and ‘VNet service endpoint rule
+
+> [!Note]
+> This setting does not have any impact on the SSL and TLS configurations for your Azure Database for MySQL.
+
+To learn how to set the **Deny Public Network Access** for your Azure Database for MySQL from Azure portal, refer to [How to configure Deny Public Network Access](howto-deny-public-network-access.md).
+
 ## Next steps
 
 To learn more about Azure Database for MySQL security features, see the following articles:

articles/mariadb/media/howto-deny-public-network-access/deny-public-network-access.png

@@ -1,29 +1,51 @@
 ---
 title: SSL connectivity - Azure Database for MySQL
 description: Information for configuring Azure Database for MySQL and associated applications to properly use SSL connections
-author: ajlam
-ms.author: andrela
+author: kummanish
+ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 01/13/2020
+ms.date: 03/10/2020
 ---
 
 # SSL connectivity in Azure Database for MySQL
 
 Azure Database for MySQL supports connecting your database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application.
 
-## Default settings
+## SSL Default settings
 
 By default, the database service should be configured to require SSL connections when connecting to MySQL.  We recommend to avoid disabling the SSL option whenever possible.
 
 When provisioning a new Azure Database for MySQL server through the Azure portal and CLI, enforcement of SSL connections is enabled by default. 
 
 Connection strings for various programming languages are shown in the Azure portal. Those connection strings include the required SSL parameters to connect to your database. In the Azure portal, select your server. Under the **Settings** heading, select the **Connection strings**. The SSL parameter varies based on the connector, for example "ssl=true" or "sslmode=require" or "sslmode=required" and other variations.
 
-> [!NOTE]
+To learn how to enable or disable SSL connection when developing application, refer to [How to configure SSL](howto-configure-ssl.md).
+
+# TLS connectivity in Azure Database for MySQL
+
+Azure Database for MySQL supports privacy and data integrity over communications as clients connect to your database server using Transport Layer Security (TLS). TLS is an industry standard protocol that ensures secure network connections between your database server and your client applications and helps adhere to compliance requirements.
+
+## TLS settings
+
+Security conscious customers now have the ability to enforce the TLS version for the client connecting to their Azure Database for MySQL. To use the TLS option, use the **minumumTlsVersion** option setting. The following values are allowed for this option setting:
+
+|  Minimum TLS Setting             | TLS Version supported                |
+|:---------------------------------|-------------------------------------:|
+| TLSEnforcementDisabled (default) | No TLS required                      |
+| TLS1_0                           | TLS 1.0, TLS 1.1, TLS 1.2 and higher |
+| TLS1_1                           | TLS 1.1, TLS 1.2 and higher          |
+| TLS1_2                           | TLS version 1.2 and higher           |
+
+
+For example, setting this Minimum TLS setting version to TLS 1.0 means you shall allow clients connecting using TLS 1.0,1.1 and 1.2+. Alternatively, setting this to 1.2 means that you only allow clients connecting using TLS 1.2 and all incoming connections with TLS 1.0 and TLS 1.1 will be rejected.
+
+> [!Note] 
+> Azure Database for MySQL defaults to TLS being disabled for all new servers.
+>
 > Currently the TLS version supported for Azure Database for MySQL are TLS 1.0, TLS 1.1, TLS 1.2.
 
-To learn how to enable or disable SSL connection when developing application, refer to [How to configure SSL](howto-configure-ssl.md).
+To learn how to set the TLS setting for your Azure Database for MySQL, refer to [How to configure TLS setting](howto-tls-configurations.md).
 
 ## Next steps