You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/includes/access-policies-prerequisites-arc-sql-server.md
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,13 +4,16 @@ ms.author: vlrodrig
4
4
ms.service: purview
5
5
ms.subservice: purview-data-policies
6
6
ms.topic: include
7
-
ms.date: 07/12/2023
7
+
ms.date: 07/15/2023
8
8
ms.custom: references_regions
9
9
---
10
-
- Get [SQL Server on-premises version 2022](https://www.microsoft.com/en-us/sql-server/sql-server-downloads) running on Windows and install it. You can try the free Developer edition.
11
-
-[Register a list of resource providers](/azure/azure-arc/servers/prerequisites#azure-resource-providers) in the subscription you will use to onboard the SQL Server instance to Azure Arc
12
-
- Configure your permissions and then onboard the [SQL Server instance with Azure Arc](/sql/sql-server/azure-arc/connect-with-installer).
13
-
- Enable [Azure Active Directory authentication in SQL Server](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial). For a simpler setup, follow [this article](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-automation-setup-tutorial#setting-up-azure-ad-admin-using-the-azure-portal).
10
+
- Get [SQL Server on-premises version 2022](https://www.microsoft.com/en-us/sql-server/sql-server-downloads) running on Windows and install it. For this configuration, only version 2022 or more recent are supported. Only Windows based SQL Server is supported. You can try the free Developer edition.
11
+
- Configure your [permissions](/azure/azure-arc/servers/prerequisites#required-permissions) and then [register a list of resource providers](/azure/azure-arc/servers/prerequisites#azure-resource-providers) in the subscription you will use to onboard the SQL Server instance to Azure Arc
12
+
- Complete prerequisites and onboard the [Windows based SQL Server instance with Azure Arc](/sql/sql-server/azure-arc/connect-with-installer).
13
+
- Enable [Azure Active Directory authentication in SQL Server](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial). For a simpler setup, complete the [prerequisites](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-automation-setup-tutorial#preparation-before-setting-the-azure-ad-admin) and process outlined in [this article](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-automation-setup-tutorial#setting-up-azure-ad-admin-using-the-azure-portal).
14
+
- Remember to [grant application permissions and granting admin consent](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial#grant-application-permissions)
15
+
- Beyond configuring an Azure AD admin for the SQL Server instance, it is not necessary to set up other Azure AD logins or users. You will grant those users access by using Microsoft Purview policies.
16
+
14
17
15
18
#### Region support
16
19
@@ -23,11 +26,11 @@ Policy enforcement is available in all Microsoft Purview regions except:
23
26
#### Security considerations for Azure Arc-enabled SQL Server
24
27
25
28
- The server admin can turn off the Microsoft Purview policy enforcement.
26
-
- Azure Arc admin and server admin permissions provide the ability to change the Azure Resource Manager path of the server. Because mappings in Microsoft Purview use Resource Manager paths, this can lead to wrong policy enforcements.
29
+
- Azure Arc admin and server admin permissions provide the ability to change the Azure Resource Manager path of the server. Because mappings in Microsoft Purview use Resource Manager paths, it can lead to wrong policy enforcements.
27
30
- A SQL Server admin (database admin) can gain the power of a server admin and can tamper with the cached policies from Microsoft Purview.
28
31
- The recommended configuration is to create a separate app registration for each SQL server instance. This configuration prevents the second SQL Server instance from reading the policies meant for the first SQL Server instance, in case a rogue admin in the second SQL Server instance tampers with the Resource Manager path.
29
32
30
-
#### Verify the pre-requisites
33
+
#### Verify the prerequisites
31
34
32
35
1. Sign in to the Azure portal through [this link](https://portal.azure.com/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/overview)
0 commit comments