Merge pull request #222263 from ShawnJackson/register-scan-azure-sql-database

itechedit · web-flow · commit 9be0b1c8849b · 2023-01-03T13:14:39.000-08:00
edit pass: register-scan-azure-sql-database
diff --git a/articles/purview/concept-scans-and-ingestion.md b/articles/purview/concept-scans-and-ingestion.md
@@ -38,7 +38,7 @@ Whenever possible, a Managed Identity is the preferred authentication method bec
 
 When scanning a source, you have a choice to scan the entire data source or choose only specific entities (folders/tables) to scan. Available options depend on the source you're scanning, and can be defined for both one-time and scheduled scans.
 
-For example, when [creating and running a scan for an Azure SQL Database](register-scan-azure-sql-database.md#creating-the-scan), you can choose which tables to scan, or select the entire database.
+For example, when [creating and running a scan for an Azure SQL Database](register-scan-azure-sql-database.md#create-the-scan), you can choose which tables to scan, or select the entire database.
 
 ### Scan rule set
 
@@ -74,5 +74,5 @@ The technical metadata or classifications identified by the scanning process are
 For more information, or for specific instructions for scanning sources, follow the links below.
 
 * To understand resource sets, see our [resource sets article](concept-resource-sets.md).
-* [How to govern an Azure SQL Database](register-scan-azure-sql-database.md#creating-the-scan)
+* [How to govern an Azure SQL Database](register-scan-azure-sql-database.md#create-the-scan)
 * [Lineage in Microsoft Purview](catalog-lineage-user-guide.md)
diff --git a/articles/purview/includes/access-policies-configuration-generic.md b/articles/purview/includes/access-policies-configuration-generic.md
@@ -53,15 +53,15 @@ For more information about managing Microsoft Purview role assignments, see [Cre
 >[!NOTE]
 > Currently, Microsoft Purview roles related to publishing Data Owner policies must be configured at the root collection level.
 
-#### Delegation of access provisioning responsibility to roles in Microsoft Purview
+#### Delegate access provisioning responsibility to roles in Microsoft Purview
 
 After a resource has been enabled for **Data use management**, any Microsoft Purview user with the *Policy author* role at the root collection level can provision access to that data source from Microsoft Purview.
 
 The *IAM Owner* role for a data resource can be inherited from a parent resource group, a subscription, or a subscription management group. Check which Azure AD users, groups, and service principals hold or are inheriting the *IAM Owner* role for the resource.
 
 > [!NOTE]
-> Any Microsoft Purview root *Collection admin* can assign new users to root *Policy author* roles. Any *Collection admin* can assign new users to a *Data source admin* role under the collection. Minimize and carefully vet the users that hold Microsoft Purview *Collection admin*, *Data source admin*, or *Policy author* roles.
+> Any Microsoft Purview root *Collection admin* can assign new users to root *Policy author* roles. Any *Collection admin* can assign new users to a *Data source admin* role under the collection. Minimize and carefully vet the users who hold Microsoft Purview *Collection admin*, *Data source admin*, or *Policy author* roles.
 
 If a Microsoft Purview account with published policies is deleted, such policies will stop being enforced within an amount of time that depends on the specific data source. This change can have implications on both security and data access availability. The Contributor and Owner roles in IAM can delete Microsoft Purview accounts. 
 
-You can check these permissions by going to the **Access control (IAM)** section for your Microsoft Purview account and selecting **Role Assignments**. You can also place a lock to prevent the Microsoft Purview account from being deleted through [Resource Manager locks](../../azure-resource-manager/management/lock-resources.md).
+You can check these permissions by going to the **Access control (IAM)** section for your Microsoft Purview account and selecting **Role Assignments**. You can also use a lock to prevent the Microsoft Purview account from being deleted through [Resource Manager locks](../../azure-resource-manager/management/lock-resources.md).
diff --git a/articles/purview/includes/access-policies-prerequisites-azure-sql-db.md b/articles/purview/includes/access-policies-prerequisites-azure-sql-db.md
@@ -8,45 +8,55 @@ ms.date: 12/01/2022
 ms.custom: references_regions
 ---
 
-- Create a new Azure SQL Database or use an existing one in one of the currently available regions for this preview feature. You can [follow this guide to create a new Azure SQL Database](/azure/azure-sql/database/single-database-create-quickstart).
+Create a new SQL database, or use an existing one, in one of the currently available regions for this preview feature. You can follow [this guide to create a SQL database](/azure/azure-sql/database/single-database-create-quickstart).
 
 #### Region support
-- All [Microsoft Purview regions](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=purview) are supported.
-- Enforcement of Microsoft Purview policies is only available in the following regions for Azure SQL Database:
-    - East US
-    - East US2
-    - South Central US
-    - West Central US
-    - West US3
-    - Canada Central
-    - Brazil South
-    - West Europe
-    - North Europe
-    - France Central
-    - UK South
-    - South Africa North
-    - Central India
-    - East Asia
-    - Australia East
+All [Microsoft Purview regions](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=purview) are supported.
+
+Enforcement of Microsoft Purview policies is available only in the following regions for Azure SQL Database:
+
+- East US
+- East US2
+- South Central US
+- West Central US
+- West US3
+- Canada Central
+- Brazil South
+- West Europe
+- North Europe
+- France Central
+- UK South
+- South Africa North
+- Central India
+- East Asia
+- Australia East
     
-#### Configure the Azure SQL Database for policies from Microsoft Purview
-You need to configure an Azure Active Directory Admin for the Azure SQL Server to honor policies from Microsoft Purview. In Azure portal, navigate to the Azure SQL Server that hosts the Azure SQL Database and then navigate to Azure Active Directory on the side menu. Set an Admin name to any Azure Active Directory user or group you prefer, and then select **Save**. See screenshot:
-![Screenshot shows how to assign Active Directory Admin to Azure SQL Server.](../media/how-to-policies-data-owner-sql/assign-active-directory-admin-azure-sql-db.png)
+#### Configure the SQL database for policies from Microsoft Purview
+For the logical server to honor policies from Microsoft Purview, you need to configure an Azure Active Directory admin: 
 
-Then navigate to Identity on the side menu. Under System assigned managed identity check status to *On* and then select **Save**. See screenshot:
-![Screenshot shows how to assign system managed identity to Azure SQL Server.](../media/how-to-policies-data-owner-sql/assign-identity-azure-sql-db.png)
+1. In the Azure portal, go to the logical server that hosts the SQL database.
 
-You'll also need to enable (and verify) external policy based authorization on the Azure SQL server. You can do this in PowerShell:
+1. On the side menu, select **Azure Active Directory**. Set an admin name to any Azure Active Directory user or group that you prefer, and then select **Save**.
+
+   ![Screenshot shows the assignment of an Active Directory admin to a logical server.](../media/how-to-policies-data-owner-sql/assign-active-directory-admin-azure-sql-db.png)
+
+1. On the side menu, select **Identity**. Under **System assigned managed identity**, turn the status to **On**. Then select **Save**.
+
+   ![Screenshot that shows the assignment of a system-assigned managed identity to a logical server.](../media/how-to-policies-data-owner-sql/assign-identity-azure-sql-db.png)
+
+
+You also need to enable (and verify) external policy-based authorization on the logical server. You can do this in PowerShell:
 
 ```powershell
 Connect-AzAccount -UseDeviceAuthentication -TenantId xxxx-xxxx-xxxx-xxxx-xxxx -SubscriptionId xxxx-xxxx-xxxx-xxxx
 
 $server = Get-AzSqlServer -ResourceGroupName "RESOURCEGROUPNAME" -ServerName "SERVERNAME"
 
-#Initiate the call to the REST API to set externalPolicyBasedAuthorization to true
+#Initiate the call to the REST API to set the externalPolicyBasedAuthorization property to true
 Invoke-AzRestMethod -Method PUT -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview" -Payload '{"properties":{"externalPolicyBasedAuthorization":true}}'
 
-# Now, verify that the property "externalPolicyBasedAuthorization" has been set to true
+# Verify that externalPolicyBasedAuthorization is set to true
 Invoke-AzRestMethod -Method GET -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview"
 ```
-After issuing the GET, you should see in the response, under Content, "properties":{"externalPolicyBasedAuthorization":true}
+
+In the response, `"properties":{"externalPolicyBasedAuthorization":true}` should appear under `Content`.
diff --git a/articles/purview/microsoft-purview-connector-overview.md b/articles/purview/microsoft-purview-connector-overview.md
@@ -32,7 +32,7 @@ The table below shows the supported capabilities for each data source. Select th
 || [Azure Database for PostgreSQL](register-scan-azure-postgresql.md) | [Yes](register-scan-azure-postgresql.md#register) | [Yes](register-scan-azure-postgresql.md#scan) | No* | No | No |
 ||    [Azure Dedicated SQL pool (formerly SQL DW)](register-scan-azure-synapse-analytics.md)| [Yes](register-scan-azure-synapse-analytics.md#register) | [Yes](register-scan-azure-synapse-analytics.md#scan)| No* | No | No |
 ||    [Azure Files](register-scan-azure-files-storage-source.md)|[Yes](register-scan-azure-files-storage-source.md#register) | [Yes](register-scan-azure-files-storage-source.md#scan) | Limited* |  No | No |
-||    [Azure SQL Database](register-scan-azure-sql-database.md)| [Yes](register-scan-azure-sql-database.md#register) |[Yes](register-scan-azure-sql-database.md#scan)| [Yes (Preview)](register-scan-azure-sql-database.md#lineagepreview) | [Yes](register-scan-azure-sql-database.md#access-policy) (Preview) | No |
+||    [Azure SQL Database](register-scan-azure-sql-database.md)| [Yes](register-scan-azure-sql-database.md#register-the-data-source) |[Yes](register-scan-azure-sql-database.md#scope-and-run-the-scan)| [Yes (Preview)](register-scan-azure-sql-database.md#extract-lineage-preview) | [Yes](register-scan-azure-sql-database.md#set-up-access-policies) (Preview) | No |
 ||    [Azure SQL Managed Instance](register-scan-azure-sql-managed-instance.md)|  [Yes](register-scan-azure-sql-managed-instance.md#scan) | [Yes](register-scan-azure-sql-managed-instance.md#scan) | No* | No | No |
 ||    [Azure Synapse Analytics (Workspace)](register-scan-synapse-workspace.md)| [Yes](register-scan-synapse-workspace.md#register) | [Yes](register-scan-synapse-workspace.md#scan)| [Yes - Synapse pipelines](how-to-lineage-azure-synapse-analytics.md)| No| No |
 |Database| [Amazon RDS](register-scan-amazon-rds.md) | [Yes](register-scan-amazon-rds.md#register-an-amazon-rds-data-source) | [Yes](register-scan-amazon-rds.md#scan-an-amazon-rds-database) | No | No | No |
@@ -62,7 +62,7 @@ The table below shows the supported capabilities for each data source. Select th
 \* Besides the lineage on assets within the data source, lineage is also supported if dataset is used as a source/sink in [Data Factory](how-to-link-azure-data-factory.md) or [Synapse pipeline](how-to-lineage-azure-synapse-analytics.md).
 
 > [!NOTE]
-> Currently, the Microsoft Purview Data Map can't scan an asset that has `/`, `\`, or `#` in its name. To scope your scan and avoid scanning assets that have those characters in the asset name, use the example in [Register and scan an Azure SQL Database](register-scan-azure-sql-database.md#creating-the-scan).
+> Currently, the Microsoft Purview Data Map can't scan an asset that has `/`, `\`, or `#` in its name. To scope your scan and avoid scanning assets that have those characters in the asset name, use the example in [Register and scan an Azure SQL Database](register-scan-azure-sql-database.md#create-the-scan).
 
 > [!IMPORTANT]
 > If you plan on using a self-hosted integration runtime, scanning some data sources requires additional setup on the self-hosted integration runtime machine. For example, JDK, Visual C++ Redistributable, or specific driver. 
diff --git a/articles/purview/register-scan-azure-multiple-sources.md b/articles/purview/register-scan-azure-multiple-sources.md
@@ -52,7 +52,7 @@ To learn how to add permissions on each resource type within a subscription or r
 - [Azure Blob Storage](register-scan-azure-blob-storage-source.md#authentication-for-a-scan)
 - [Azure Data Lake Storage Gen1](register-scan-adls-gen1.md#authentication-for-a-scan)
 - [Azure Data Lake Storage Gen2](register-scan-adls-gen2.md#authentication-for-a-scan)
-- [Azure SQL Database](register-scan-azure-sql-database.md#authentication-for-a-scan)
+- [Azure SQL Database](register-scan-azure-sql-database.md#configure-authentication-for-a-scan)
 - [Azure SQL Managed Instance](register-scan-azure-sql-managed-instance.md#authentication-for-registration)
 - [Azure Synapse Analytics](register-scan-azure-synapse-analytics.md#authentication-for-registration)
 
diff --git a/articles/purview/register-scan-azure-sql-database.md b/articles/purview/register-scan-azure-sql-database.md
