Merge pull request #207797 from inward-eye/main

19BMG00 · web-flow · commit c651e7e1cc15 · 2022-08-11T20:45:25.000-07:00
created include file for Azure SQL DB config
diff --git a/articles/purview/how-to-data-owner-policies-azure-sql-db.md b/articles/purview/how-to-data-owner-policies-azure-sql-db.md
@@ -19,53 +19,17 @@ This how-to guide describes how a data owner can delegate authoring policies in
 
 ## Prerequisites
 [!INCLUDE [Access policies generic pre-requisites](./includes/access-policies-prerequisites-generic.md)]
-- Create a new Azure SQL DB or use an existing one in one of the currently available regions for this preview feature. You can [follow this guide to create a new Azure SQL DB](/azure/azure-sql/database/single-database-create-quickstart).
-
-**Enforcement of Microsoft Purview policies is available only in the following regions for Azure SQL DB**
-- East US2
-- West US3
-- South Central US
-- West Central US
-- Canada Central
-- Brazil South
-- North Europe
-- West Europe
-- France Central
-- UK South
-- Central India
-- Australia East
-
-## Configuration
-[!INCLUDE [Access policies generic configuration](./includes/access-policies-configuration-generic.md)]
-
-### Azure SQL Database configuration
-Each Azure SQL Database server needs a Managed Identity assigned to it. You can do this from Azure Portal by navigating to the Azure SQL Server that hosts the Azure SQL DB, navigating to Identity on the side menu, checking status to *On* and then saving. See screenshot:
-![Screenshot shows how to assign system managed identity to Azure SQL Server.](./media/how-to-data-owner-policies-sql//assign-identity-azure-sql-db.png)
-
-
-You will also need to enable external policy based authorization on the server. You can do this in Power Shell
-
-```powershell
-Connect-AzAccount
+[!INCLUDE [Access policies Azure SQL DB pre-requisites](./includes/access-policies-prerequisites-azure-sql-db.md)]
 
-$context = Get-AzSubscription -SubscriptionId xxxx-xxxx-xxxx-xxxx
-Set-AzContext $context
-
-$server = Get-AzSqlServer -ResourceGroupName "RESOURCEGROUPNAME" -ServerName "SERVERNAME"
-
-#Initiate the call to the REST API to set externalPolicyBasedAuthorization to true
-Invoke-AzRestMethod -Method PUT -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview" -Payload '{"properties":{"externalPolicyBasedAuthorization":true}}'
-
-#Verify that the propery has been set
-Invoke-AzRestMethod -Method GET -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview"
-```
+## Microsoft Purview Configuration
+[!INCLUDE [Access policies generic configuration](./includes/access-policies-configuration-generic.md)]
 
 ### Register the data sources in Microsoft Purview
 The Azure SQL DB resources need to be registered first with Microsoft Purview to later define access policies. You can follow these guides:
 
 [Register and scan Azure SQL DB](./register-scan-azure-sql-database.md)
 
-After you've registered your resources, you'll need to enable *Data Use Management*. Data Use Management can affect the security of your data, as it delegates to certain Microsoft Purview roles to manage access to the data sources. Secure practices related to Data Use Management are described in this guide:
+After you've registered your resources, you'll need to enable Data Use Management. Data Use Management can affect the security of your data, as it delegates to certain Microsoft Purview roles to manage access to the data sources. **Go through the secure practices related to Data Use Management in this guide**:
 
 [How to enable Data Use Management](./how-to-enable-data-use-management.md)
 
diff --git a/articles/purview/how-to-data-owner-policy-authoring-generic.md b/articles/purview/how-to-data-owner-policy-authoring-generic.md
@@ -26,8 +26,8 @@ Access policies allow a data owner to delegate in Microsoft Purview access manag
 
 Before authoring data policies in the Microsoft Purview governance portal, you'll need to configure the data sources so that they can enforce those policies.
 
-1. Follow any policy-specific prerequisites for your source. Check the [Microsoft Purview supported data sources table](azure-purview-connector-overview.md) and select the link in the **Access Policy** column for sources where access policies are available. Follow any steps listed in the Access policy or Prerequisites sections.
-1. Register the data source in Microsoft Purview. Follow the **Prerequisites** and **Register** sections of the [source pages](azure-purview-connector-overview.md) for your resources.
+1. Follow any policy-specific prerequisites for your source. Check the [Microsoft Purview supported data sources table](microsoft-purview-connector-overview.md) and select the link in the **Access Policy** column for sources where access policies are available. Follow any steps listed in the Access policy or Prerequisites sections.
+1. Register the data source in Microsoft Purview. Follow the **Prerequisites** and **Register** sections of the [source pages](microsoft-purview-connector-overview.md) for your resources.
 1. [Enable the Data Use Management toggle on the data source](how-to-enable-data-use-management.md#enable-data-use-management). Additional permissions for this step are described in the linked document.
 
 ## Create a new policy
diff --git a/articles/purview/includes/access-policies-prerequisites-azure-sql-db.md b/articles/purview/includes/access-policies-prerequisites-azure-sql-db.md
@@ -0,0 +1,46 @@
+---
+author: inward-eye
+ms.author: vlrodrig
+ms.service: purview
+ms.subservice: purview-data-policies
+ms.topic: include
+ms.date: 08/11/2022
+ms.custom: 
+---
+
+- Create a new Azure SQL DB or use an existing one in one of the currently available regions for this preview feature. You can [follow this guide to create a new Azure SQL DB](/azure/azure-sql/database/single-database-create-quickstart).
+
+**Enforcement of Microsoft Purview policies is available only in the following regions for Azure SQL DB**
+- East US2
+- West US3
+- South Central US
+- West Central US
+- Canada Central
+- Brazil South
+- North Europe
+- West Europe
+- France Central
+- UK South
+- Central India
+- Australia East
+
+### Azure SQL Database configuration
+Each Azure SQL Database server needs a Managed Identity assigned to it. In Azure portal navigate to the Azure SQL Server that hosts the Azure SQL DB and then navigate to Identity on the side menu. Under System assigned managed identity check status to *On* and save. See screenshot:
+![Screenshot shows how to assign system managed identity to Azure SQL Server.](../media/how-to-data-owner-policies-sql/assign-identity-azure-sql-db.png)
+
+You'll also need to enable external policy based authorization on the server. You can do this in PowerShell:
+
+```powershell
+Connect-AzAccount
+
+$context = Get-AzSubscription -SubscriptionId xxxx-xxxx-xxxx-xxxx
+Set-AzContext $context
+
+$server = Get-AzSqlServer -ResourceGroupName "RESOURCEGROUPNAME" -ServerName "SERVERNAME"
+
+#Initiate the call to the REST API to set externalPolicyBasedAuthorization to true
+Invoke-AzRestMethod -Method PUT -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview" -Payload '{"properties":{"externalPolicyBasedAuthorization":true}}'
+
+#Verify that the propery has been set
+Invoke-AzRestMethod -Method GET -Path "$($server.ResourceId)/externalPolicyBasedAuthorizations/MicrosoftPurview?api-version=2021-11-01-preview"
+```
