Refresh articles

cdpark · cdpark · commit ad86f2ca01f3 · 2025-02-11T09:54:54.000-08:00
diff --git a/articles/synapse-analytics/quickstart-serverless-sql-pool.md b/articles/synapse-analytics/quickstart-serverless-sql-pool.md
@@ -1,68 +1,66 @@
 ---
 title: 'Quickstart: Use serverless SQL pool'
-description: In this quickstart, you'll see and learn how easy is to query various types of files using serverless SQL pool.
+description: Learn how to use serverless SQL pool to query various types of files in Azure Storage.
 author: azaricstefan
 ms.service: azure-synapse-analytics
 ms.topic: quickstart
 ms.subservice: sql
-ms.date: 04/15/2020
+ms.date: 02/10/2025
 ms.author: stefanazaric
 ms.reviewer: whhender
 ms.custom: mode-other
 ---
 
 # Quickstart: Use serverless SQL pool
 
-Synapse serverless SQL pool is a serverless query service that enables you to run SQL queries on files placed in Azure Storage. In this quickstart, you'll learn how to query various types of files using serverless SQL pool. Supported formats are listed in [OPENROWSET](sql/develop-openrowset.md).
+Synapse serverless SQL pool is a serverless query service that allows you to run SQL queries on files placed in Azure Storage. In this quickstart, you learn how to query various types of files using serverless SQL pool. For a list of supported formats, see [OPENROWSET](sql/develop-openrowset.md).
 
-This quickstart shows querying: CSV, Apache Parquet, and JSON files.
+This quickstart shows how to query CSV, Apache Parquet, and JSON files.
 
 ## Prerequisites
 
 Choose a SQL client to issue queries:
 
 - [Azure Synapse Studio](./get-started-create-workspace.md) is a web tool that you can use to browse files in storage and create SQL queries.
-- [Azure Data Studio](sql/get-started-azure-data-studio.md) is a client tool that enables you to run SQL queries and notebooks on your On-demand database.
-- [SQL Server Management Studio](sql/get-started-ssms.md) is a client tool that enables you to run SQL queries on your On-demand database.
+- [Azure Data Studio](sql/get-started-azure-data-studio.md) is a client tool that lets you run SQL queries and notebooks on your on-demand database.
+- [SQL Server Management Studio](sql/get-started-ssms.md) is a client tool that lets you run SQL queries on your on-demand database.
 
-Parameters for this quickstart:
+This quickstart uses the following parameters:
 
 | Parameter                                 | Description                                                   |
 | ----------------------------------------- | ------------------------------------------------------------- |
-| serverless SQL pool service endpoint address    | Used as server name                                   |
-| serverless SQL pool service endpoint region     | Used to determine what storage will we use in samples |
+| Serverless SQL pool service endpoint address    | Used as server name                                   |
+| Serverless SQL pool service endpoint region     | Used to determine what storage to use in samples |
 | Username and password for endpoint access | Used to access endpoint                               |
 | The database used to create views         | Database used as starting point in samples       |
 
 ## First-time setup
 
 Before using the samples:
 
-- Create database for your views (in case you want to use views)
-- Create credentials to be used by serverless SQL pool to access files in storage
+- Create a database for your views (in case you want to use views).
+- Create credentials to be used by serverless SQL pool to access files in storage.
 
 ### Create database
 
-Create your own database for demo purposes. You'll use this database to create your views and for the sample queries in this article.
+Create your own database for demo purposes. You can use this database to create your views and for the sample queries in this article.
 
 > [!NOTE]
-> The databases are used only for view metadata, not for actual data.
->Write down database name you use for use later in the Quickstart.
+> The databases are used only for view metadata, not for actual data. Write down the database name for use later in the quickstart.
 
-Use the following query, changing `mydbname` to a name of your choice:
+Use the following command, changing `mydbname` to a name of your choice:
 
 ```sql
 CREATE DATABASE mydbname
 ```
 
 ### Create data source
 
-To run queries using serverless SQL pool, create data source that serverless SQL pool can use to access files in storage.
-Execute the following code snippet to create data source used in samples in this section:
+To run queries using serverless SQL pool, create a data source that serverless SQL pool can use to access files in storage. Execute the following code snippet to create the data source used in samples in this section:
 
 ```sql
 -- create master key that will protect the credentials:
-CREATE MASTER KEY ENCRYPTION BY PASSWORD = <enter very strong password here>
+CREATE MASTER KEY ENCRYPTION BY PASSWORD = <enter-strong-password-here>
 
 -- create credentials for containers in our demo storage account
 CREATE DATABASE SCOPED CREDENTIAL sqlondemand
@@ -77,9 +75,9 @@ CREATE EXTERNAL DATA SOURCE SqlOnDemandDemo WITH (
 
 ## Query CSV files
 
-The following image is a preview of the file to be queried:
+The following image shows a preview of the file to be queried:
 
-![First 10 rows of the CSV file without header, Windows style new line.](./sql/media/query-single-csv-file/population.png)
+:::image type="content" source="sql/media/query-single-csv-file/population.png" alt-text="Screenshot showing the first 10 rows of the CSV file without header, Windows style new line.":::
 
 The following query shows how to read a CSV file that doesn't contain a header row, with Windows-style new line, and comma-delimited columns:
 
@@ -102,15 +100,14 @@ WHERE
   country_name = 'Luxembourg' AND year = 2017
 ```
 
-You can specify schema at query compilation time.
-For more examples, see how to [query CSV file](sql/query-single-csv-file.md).
+You can specify schema at query compilation time. For more examples, see how to [Query CSV files](sql/query-single-csv-file.md).
 
 ## Query Parquet files
 
 The following sample shows the automatic schema inference capabilities for querying Parquet files. It returns the number of rows in September of 2017 without specifying schema.
 
 > [!NOTE]
-> You do not have to specify columns in `OPENROWSET WITH` clause when reading Parquet files. In that case, serverless SQL pool utilizes metadata in the Parquet file and binds columns by name.
+> You don't have to specify columns in `OPENROWSET WITH` clause when reading Parquet files. In that case, serverless SQL pool utilizes metadata in the Parquet file and binds columns by name.
 
 ```sql
 SELECT COUNT_BIG(*)
@@ -122,13 +119,13 @@ FROM OPENROWSET
   ) AS nyc
 ```
 
-Find more information about [querying parquet files](sql/query-parquet-files.md).
+Find more information, see [Query Parquet files using serverless SQL pool](sql/query-parquet-files.md).
 
 ## Query JSON files
 
 ### JSON sample file
 
-Files are stored in *json* container, folder *books*, and contain single book entry with following structure:
+Files are stored in a *json* container, using folder *books*, and contain a single book entry with the following structure:
 
 ```json
 {  
@@ -146,9 +143,9 @@ Files are stored in *json* container, folder *books*, and contain single book en
 }
 ```
 
-### Query JSON files
+### Sample query
 
-The following query shows how to use [JSON_VALUE](/sql/t-sql/functions/json-value-transact-sql?view=azure-sqldw-latest&preserve-view=true) to retrieve scalar values (title, publisher) from a book with the title *Probabilistic and Statistical Methods in Cryptology, An Introduction by Selected articles*:
+The following query shows how to use [JSON_VALUE](/sql/t-sql/functions/json-value-transact-sql?view=azure-sqldw-latest&preserve-view=true) to retrieve scalar values (title, publisher) from a book with the title *Probabilistic and Statistical Methods in Cryptology, An Introduction by selected topics*:
 
 ```sql
 SELECT
@@ -167,23 +164,20 @@ FROM OPENROWSET
 WITH
   ( jsonContent varchar(8000) ) AS [r]
 WHERE
-  JSON_VALUE(jsonContent, '$.title') = 'Probabilistic and Statistical Methods in Cryptology, An Introduction by Selected Topics'
+  JSON_VALUE(jsonContent, '$.title') = 'Probabilistic and Statistical Methods in Cryptology, An Introduction by selected topics'
 ```
 
 > [!IMPORTANT]
-> We are reading the entire JSON file as single row/column. So, FIELDTERMINATOR, FIELDQUOTE, and ROWTERMINATOR are set to 0x0b because we do not expect to find it in the file.
+> We read the entire JSON file as a single row or column. So FIELDTERMINATOR, FIELDQUOTE, and ROWTERMINATOR are set to 0x0b because we don't expect to find it in the file.
 
-## Next steps
+## Related content
 
-You're now ready to continue on with the following articles:
-
-- [Query single CSV file](sql/query-single-csv-file.md)
-- [Query folders and multiple CSV files](sql/query-folders-multiple-csv-files.md)
+- [Query CSV files](sql/query-single-csv-file.md)
+- [Query folders and multiple files](sql/query-folders-multiple-csv-files.md)
 - [Query specific files](sql/query-specific-files.md)
-- [Query Parquet files](sql/query-parquet-files.md)
-- [Query Parquet nested types](sql/query-parquet-nested-types.md)
-- [Query JSON files](sql/query-json-files.md)
-- [Creating and using views](sql/create-use-views.md)
-- [Creating and using external tables](sql/create-use-external-tables.md)
-- [Persist query result to Azure storage](sql/create-external-table-as-select.md)
-- [Query single CSV file](sql/query-single-csv-file.md)
+- [Query Parquet files using serverless SQL pool](sql/query-parquet-files.md)
+- [Query nested types in Parquet and JSON files](sql/query-parquet-nested-types.md)
+- [Query JSON files using serverless SQL pool](sql/query-json-files.md)
+- [Create and use views using serverless SQL pool](sql/create-use-views.md)
+- [Create and use native external tables](sql/create-use-external-tables.md)
+- [Store query results to storage](sql/create-external-table-as-select.md)
diff --git a/articles/synapse-analytics/security/workspace-data-exfiltration-protection.md b/articles/synapse-analytics/security/workspace-data-exfiltration-protection.md
@@ -1,43 +1,48 @@
 ---
-title: Data exfiltration protection for Azure Synapse Analytics workspaces
-description: This article will explain data exfiltration protection in Azure Synapse Analytics
+title: Data exfiltration protection for Azure Synapse Analytics
+description: Learn how to use data exfiltration protection in Azure Synapse Analytics workspaces.
 author: WilliamDAssafMSFT 
 ms.service: azure-synapse-analytics
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: security 
-ms.date: 10/17/2022
+ms.date: 02/10/2025
 ms.author: wiassaf
 ms.reviewer: whhender
 ---
+
 # Data exfiltration protection for Azure Synapse Analytics workspaces
-This article will explain data exfiltration protection in Azure Synapse Analytics
 
-## Securing data egress from Synapse workspaces
-Azure Synapse Analytics workspaces support enabling data exfiltration protection for workspaces. With exfiltration protection, you can guard against malicious insiders accessing your Azure resources and exfiltrating sensitive data to locations outside of your organization’s scope. 
-At the time of workspace creation, you can choose to configure the workspace with a managed virtual network and additional protection against data exfiltration. When a workspace is created with a [managed virtual network](./synapse-workspace-managed-vnet.md), Data integration and Spark resources are deployed in the managed virtual network. The workspace’s dedicated SQL pools and serverless SQL pools have multi-tenant capabilities and as such, need to exist outside the managed virtual network. For workspaces with data exfiltration protection, resources within the managed virtual network always communicate over [managed private endpoints](./synapse-workspace-managed-private-endpoints.md). When data exfiltration protection is enabled, Synapse SQL resources can connect to and query any authorized Azure Storage using OPENROWSETS or EXTERNAL TABLE, since the ingress traffic is not controlled by the data exfiltration protection. However, the egress traffic, for example [CREATE EXTERNAL TABLE AS SELECT](/sql/t-sql/statements/create-external-table-as-select-transact-sql?view=azure-sqldw-latest&preserve-view=true) or using ERRORFILE argument in [COPY INTO](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true) command to output data to the external storage account will be controlled by the data exfiltration protection. Therefore, it also requires to create the managed private endpoint for the target storage account to unblock the egress traffic to it. 
+Azure Synapse Analytics workspaces support data exfiltration protection for workspaces. With exfiltration protection, you can guard against malicious insiders accessing your Azure resources and exfiltrating sensitive data to locations outside of your organization's scope.
 
-> [!Note]
-> You cannot change the workspace configuration for managed virtual network and data exfiltration protection after the workspace is created.
+## Secure data egress from Synapse workspaces
 
-## Managing Synapse workspace data egress to approved targets
-After the workspace is created with data exfiltration protection enabled, the owners of the workspace resource can manage the list of approved Microsoft Entra tenants for the workspace. Users with the [right permissions](./synapse-workspace-access-control-overview.md) on the workspace can use the Synapse Studio to create managed private endpoint connection requests to resources in the workspace’s approved Microsoft Entra tenants. Managed private endpoint creation will be blocked if the user attempts to create a private endpoint connection to a resource in an unapproved tenant.
+At the time of workspace creation, you can choose to configure the workspace with a managed virtual network and additional protection against data exfiltration. When a workspace is created with a [managed virtual network](./synapse-workspace-managed-vnet.md), data integration and Spark resources are deployed in the managed virtual network. The workspace's dedicated SQL pools and serverless SQL pools have multitenant capabilities and as such, need to exist outside the managed virtual network.
 
-## Sample workspace with data exfiltration protection enabled
-Let us use an example to illustrate data exfiltration protection for Synapse workspaces. Contoso has Azure resources in Tenant A and Tenant B and there is a need for these resources to connect securely. A Synapse workspace has been created in Tenant A with Tenant B added as an approved Microsoft Entra tenant. The diagram shows private endpoint connections to Azure Storage accounts in Tenant A and Tenant B that have been approved by the Storage account owners. The diagram also shows blocked private endpoint creation. The creation of this private endpoint was blocked as it targeted an Azure Storage account in the Fabrikam Microsoft Entra tenant, which is not an approved Microsoft Entra tenant for Contoso’s workspace.
+For workspaces with data exfiltration protection, resources within the managed virtual network always communicate over [managed private endpoints](./synapse-workspace-managed-private-endpoints.md). When data exfiltration protection is enabled, Synapse SQL resources can connect to and query any authorized Azure Storage using OPENROWSETS or EXTERNAL TABLE. Data exfiltration protection doesn't control ingress traffic.
 
-:::image type="content" source="media/workspace-data-exfiltration-protection/workspace-data-exfiltration-protection-diagram.png" alt-text="This diagram shows how data exfiltration protection is implemented for Synapse workspaces" lightbox="./media/workspace-data-exfiltration-protection/workspace-data-exfiltration-protection-diagram.png":::
+However, data exfiltration protection does control egress traffic. For example, [CREATE EXTERNAL TABLE AS SELECT](/sql/t-sql/statements/create-external-table-as-select-transact-sql?view=azure-sqldw-latest&preserve-view=true) or using ERRORFILE argument in [COPY INTO](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true) command to output data to the external storage account are blocked. Therefore, you need to create a managed private endpoint for the target storage account to unblock the egress traffic to it.
 
->[!IMPORTANT]
->
-> Resources in tenants other than the workspace's tenant must not have blocking firewall rules in place for the SQL pools to connect to them. Resources within the workspace’s managed virtual network, such as Spark clusters, can connect over managed private links to firewall-protected resources.
-> >
+> [!NOTE]
+> You can't change the workspace configuration for managed virtual network and data exfiltration protection after the workspace is created.
 
-## Next Steps
+## Manage Synapse workspace data egress to approved targets
 
-Learn how to [create a workspace with data exfiltration protection enabled](./how-to-create-a-workspace-with-data-exfiltration-protection.md)
+After the workspace is created with data exfiltration protection enabled, the owners of the workspace resource can manage the list of approved Microsoft Entra tenants for the workspace. Users with the [right permissions](./synapse-workspace-access-control-overview.md) on the workspace can use the Synapse Studio to create managed private endpoint connection requests to resources in the workspace’s approved Microsoft Entra tenants. Managed private endpoint creation is blocked if the user attempts to create a private endpoint connection to a resource in an unapproved tenant.
+
+## Sample workspace with data exfiltration protection enabled
 
-Learn more about [Managed workspace Virtual Network](./synapse-workspace-managed-vnet.md)
+Consider the following example that illustrates data exfiltration protection for Synapse workspaces. A company called Contoso has Azure resources in Tenant A and Tenant B, and there's a need for these resources to connect securely. A Synapse workspace has been created in Tenant A with Tenant B added as an approved Microsoft Entra tenant.
+
+The following diagram shows private endpoint connections to Azure Storage accounts in Tenant A and Tenant B that are approved by the storage account owners. The diagram also shows blocked private endpoint creation. The creation of this private endpoint was blocked as it targeted an Azure Storage account in the Fabrikam Microsoft Entra tenant, which isn't an approved Microsoft Entra tenant for Contoso's workspace.
+
+:::image type="content" source="media/workspace-data-exfiltration-protection/workspace-data-exfiltration-protection-diagram.png" alt-text="Diagram showing how data exfiltration protection is implemented for Synapse workspaces." lightbox="./media/workspace-data-exfiltration-protection/workspace-data-exfiltration-protection-diagram.png":::
+
+>[!IMPORTANT]
+> Resources in tenants other than the workspace's tenant must not have firewall rules that block connection to the SQL pools. Resources within the workspace's managed virtual network, such as Spark clusters, can connect over managed private links to firewall-protected resources.
 
-Learn more about [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md)
+## Related content
 
-[Create Managed private endpoints to your data sources](./how-to-create-managed-private-endpoints.md)
+- [Create a workspace with data exfiltration protection enabled](./how-to-create-a-workspace-with-data-exfiltration-protection.md)
+- [Azure Synapse Analytics Managed Virtual Network](./synapse-workspace-managed-vnet.md)
+- [Azure Synapse Analytics managed private endpoints](./synapse-workspace-managed-private-endpoints.md)
+- [Create a Managed private endpoint to your data source](./how-to-create-managed-private-endpoints.md)
diff --git a/articles/synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-statistics.md b/articles/synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-statistics.md
