Merge pull request #100746 from MarkusVi/arturo20204

PRMerger8 · web-flow · commit d78b920e7615 · 2020-01-10T05:10:57.000-08:00
arturo20204
diff --git a/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md b/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md
@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 10/16/2019
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -33,7 +33,7 @@ This tutorial shows you how to use a system-assigned identity for a Windows virt
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Grant your VM access to a database in an Azure SQL server
+## Grant access
 
 To grant your VM access to a database in an Azure SQL Server, you can use an existing SQL server or create a new one. To create a new server and database using the Azure portal, follow this [Azure SQL quickstart](https://docs.microsoft.com/azure/sql-database/sql-database-get-started-portal). There are also quickstarts that use the Azure CLI and Azure PowerShell in the [Azure SQL documentation](https://docs.microsoft.com/azure/sql-database/).
 
@@ -42,7 +42,7 @@ There are two steps to granting your VM access to a database:
 1. Enable Azure AD authentication for the SQL server.
 2. Create a **contained user** in the database that represents the VM's system-assigned identity.
 
-## Enable Azure AD authentication for the SQL server
+## Enable Azure AD authentication
 
 [Configure Azure AD authentication for the SQL server](/azure/sql-database/sql-database-aad-authentication-configure) using the following steps:
 
@@ -53,9 +53,9 @@ There are two steps to granting your VM access to a database:
 5.	Select an Azure AD user account to be made an administrator of the server, and click **Select.**
 6.	In the command bar, click **Save.**
 
-## Create a contained user in the database that represents the VM's system assigned identity
+## Create user
 
-For this next step, you will need [Microsoft SQL Server Management Studio](https://docs.microsoft.com/sql/ssms/download-sql-server-management-studio-ssms) (SSMS). Before beginning, it may also be helpful to review the following articles for background on Azure AD integration:
+This section shows how to create a contained user in the database that represents the VM's system assigned identity. For this step, you need [Microsoft SQL Server Management Studio](https://docs.microsoft.com/sql/ssms/download-sql-server-management-studio-ssms) (SSMS). Before beginning, it may also be helpful to review the following articles for background on Azure AD integration:
 
 - [Universal Authentication with SQL Database and SQL Data Warehouse (SSMS support for MFA)](/azure/sql-database/sql-database-ssms-mfa-authentication)
 - [Configure and manage Azure Active Directory authentication with SQL Database or SQL Data Warehouse](/azure/sql-database/sql-database-aad-authentication-configure)
@@ -94,9 +94,9 @@ SQL DB requires unique AAD display names. With this, the AAD accounts such as us
 
 Code running in the VM can now get a token using its system-assigned managed identity and use the token to authenticate to the SQL server.
 
-## Get an access token using the VM's system-assigned managed identity and use it to call Azure SQL
+## Get an access token
 
-Azure SQL natively supports Azure AD authentication, so it can directly accept access tokens obtained using managed identities for Azure resources. You use the **access token** method of creating a connection to SQL. This is part of Azure SQL's integration with Azure AD, and is different from supplying credentials on the connection string.
+This section shows how to get an access token using the VM's system-assigned managed identity and use it to call Azure SQL. Azure SQL natively supports Azure AD authentication, so it can directly accept access tokens obtained using managed identities for Azure resources. You use the **access token** method of creating a connection to SQL. This is part of Azure SQL's integration with Azure AD, and is different from supplying credentials on the connection string.
 
 Here's a .NET code example of opening a connection to SQL using an access token. This code must run on the VM to be able to access the VM's system-assigned managed identity's endpoint. **.NET Framework 4.6** or higher or **.NET Core 2.2** or higher is required to use the access token method. Replace the values of AZURE-SQL-SERVERNAME and DATABASE accordingly. Note the resource ID for Azure SQL is `https://database.windows.net/`.
 
