MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 1823 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 1823 additions & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md
Lines changed: 39 additions & 42 deletions b/‎articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md
Lines changed: 39 additions & 42 deletions
diff --git a/‎articles/advisor/toc.yml
Lines changed: 1 addition & 1 deletion b/‎articles/advisor/toc.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/operator-best-practices-identity.md
Lines changed: 3 additions & 2 deletions b/‎articles/aks/operator-best-practices-identity.md
Lines changed: 3 additions & 2 deletions
@@ -33,7 +33,7 @@ Administrators can assign a Conditional Access policy to the following cloud app
 - [Office 365 (preview)](#office-365-preview)
 - Azure Analysis Services
 - Azure DevOps
-- [Azure SQL Database and Data Warehouse](../../sql-database/sql-database-conditional-access.md)
+- [Azure SQL Database and Data Warehouse](../../azure-sql/database/conditional-access-configure.md)
 - Dynamics CRM Online
 - Microsoft Application Insights Analytics
 - [Microsoft Azure Information Protection](/azure/information-protection/faqs#i-see-azure-information-protection-is-listed-as-an-available-cloud-app-for-conditional-accesshow-does-this-work)
 
@@ -1,6 +1,6 @@
 ---
-title: Tutorial`:` Use a managed identity to access Azure SQL - Windows - Azure AD
-description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure SQL.
+title: Tutorial`:` Use a managed identity to access Azure SQL Database - Windows - Azure AD
+description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure SQL Database.
 services: active-directory
 documentationcenter: ''
 author: MarkusVi
@@ -20,57 +20,56 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
-This tutorial shows you how to use a system-assigned identity for a Windows virtual machine (VM) to access an Azure SQL server. Managed Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code. You learn how to:
+This tutorial shows you how to use a system-assigned identity for a Windows virtual machine (VM) to access Azure SQL Database. Managed Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code. You learn how to:
 
 > [!div class="checklist"]
-> * Grant your VM access to an Azure SQL server
-> * Enable Azure AD authentication for the SQL server
+>
+> * Grant your VM access to Azure SQL Database
+> * Enable Azure AD authentication
 > * Create a contained user in the database that represents the VM's system assigned identity
-> * Get an access token using the VM identity and use it to query an Azure SQL server
+> * Get an access token using the VM identity and use it to query Azure SQL Database
 
 ## Prerequisites
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-
 ## Enable
 
 [!INCLUDE [msi-tut-enable](../../../includes/active-directory-msi-tut-enable.md)]
 
-
 ## Grant access
 
-To grant your VM access to a database in an Azure SQL Server, you can use an existing SQL server or create a new one. To create a new server and database using the Azure portal, follow this [Azure SQL quickstart](https://docs.microsoft.com/azure/sql-database/sql-database-get-started-portal). There are also quickstarts that use the Azure CLI and Azure PowerShell in the [Azure SQL documentation](https://docs.microsoft.com/azure/sql-database/).
+To grant your VM access to a database in Azure SQL Database, you can use an existing [logical SQL server](../../azure-sql/database/logical-servers.md) or create a new one. To create a new server and database using the Azure portal, follow this [Azure SQL quickstart](https://docs.microsoft.com/azure/sql-database/sql-database-get-started-portal). There are also quickstarts that use the Azure CLI and Azure PowerShell in the [Azure SQL documentation](https://docs.microsoft.com/azure/sql-database/).
 
 There are two steps to granting your VM access to a database:
 
-1. Enable Azure AD authentication for the SQL server.
+1. Enable Azure AD authentication for the server.
 2. Create a **contained user** in the database that represents the VM's system-assigned identity.
 
 ### Enable Azure AD authentication
 
-**To [configure Azure AD authentication for the SQL server](/azure/sql-database/sql-database-aad-authentication-configure):**
+**To [configure Azure AD authentication](/azure/sql-database/sql-database-aad-authentication-configure):**
 
-1.	In the Azure portal, select **SQL servers** from the left-hand navigation.
-2.	Click the SQL server to be enabled for Azure AD authentication.
-3.	In the **Settings** section of the blade, click **Active Directory admin**.
-4.	In the command bar, click **Set admin**.
-5.	Select an Azure AD user account to be made an administrator of the server, and click **Select.**
-6.	In the command bar, click **Save.**
+1. In the Azure portal, select **SQL servers** from the left-hand navigation.
+2. Click the SQL server to be enabled for Azure AD authentication.
+3. In the **Settings** section of the blade, click **Active Directory admin**.
+4. In the command bar, click **Set admin**.
+5. Select an Azure AD user account to be made an administrator of the server, and click **Select.**
+6. In the command bar, click **Save.**
 
 ### Create contained user
 
 This section shows how to create a contained user in the database that represents the VM's system assigned identity. For this step, you need [Microsoft SQL Server Management Studio](https://docs.microsoft.com/sql/ssms/download-sql-server-management-studio-ssms) (SSMS). Before beginning, it may also be helpful to review the following articles for background on Azure AD integration:
 
-- [Universal Authentication with SQL Database and SQL Data Warehouse (SSMS support for MFA)](/azure/sql-database/sql-database-ssms-mfa-authentication)
-- [Configure and manage Azure Active Directory authentication with SQL Database or SQL Data Warehouse](/azure/sql-database/sql-database-aad-authentication-configure)
+* [Universal Authentication with SQL Database and SQL Data Warehouse (SSMS support for MFA)](/azure/sql-database/sql-database-ssms-mfa-authentication)
+* [Configure and manage Azure Active Directory authentication with SQL Database or SQL Data Warehouse](/azure/sql-database/sql-database-aad-authentication-configure)
 
-SQL DB requires unique AAD display names. With this, the AAD accounts such as users, groups and Service Principals (applications) and VM names enabled for managed identity must be uniquely defined in AAD regarding their display names. SQL DB checks the AAD display name during T-SQL creation of such users and if it is not unique, the command fails requesting to provide a unique AAD display name for a given account.
+SQL Database requires unique AAD display names. With this, the AAD accounts such as users, groups and Service Principals (applications) and VM names enabled for managed identity must be uniquely defined in AAD regarding their display names. SQL Database checks the AAD display name during T-SQL creation of such users and if it is not unique, the command fails requesting to provide a unique AAD display name for a given account.
 
 **To create a contained user:**
 
 1. Start SQL Server Management Studio.
-2. In the **Connect to Server** dialog, Enter your SQL server name in the **Server name** field.
+2. In the **Connect to Server** dialog, Enter your server name in the **Server name** field.
 3. In the **Authentication** field, select **Active Directory - Universal with MFA support**.
 4. In the **User name** field, enter the name of the Azure AD account that you set as the server administrator, for example, [email protected]
 5. Click **Options**.
@@ -82,24 +81,24 @@ SQL DB requires unique AAD display names. With this, the AAD accounts such as us
 
     > [!NOTE]
     > `VMName` in the following command is the name of the VM that you enabled system assigned identity on in the prerequsites section.
-    
-    ```
+
+    ```sql
     CREATE USER [VMName] FROM EXTERNAL PROVIDER
     ```
-    
+
     The command should complete successfully, creating the contained user for the VM's system-assigned identity.
 11. Clear the query window, enter the following line, and click **Execute** in the toolbar:
 
     > [!NOTE]
     > `VMName` in the following command is the name of the VM that you enabled system assigned identity on in the prerequsites section.
-    
-    ```
+
+    ```sql
     ALTER ROLE db_datareader ADD MEMBER [VMName]
     ```
 
     The command should complete successfully, granting the contained user the ability to read the entire database.
 
-Code running in the VM can now get a token using its system-assigned managed identity and use the token to authenticate to the SQL server.
+Code running in the VM can now get a token using its system-assigned managed identity and use the token to authenticate to the server.
 
 ## Access data
 
@@ -139,7 +138,7 @@ catch (Exception e)
 }
 
 //
-// Open a connection to the SQL server using the access token.
+// Open a connection to the server using the access token.
 //
 if (accessToken != null) {
     string connectionString = "Data Source=<AZURE-SQL-SERVERNAME>; Initial Catalog=<DATABASE>;";
@@ -151,29 +150,29 @@ if (accessToken != null) {
 
 Alternatively, a quick way to test the end to end setup without having to write and deploy an app on the VM is using PowerShell.
 
-1.	In the portal, navigate to **Virtual Machines** and go to your Windows virtual machine and in the **Overview**, click **Connect**.
-2.	Enter in your **Username** and **Password** for which you added when you created the Windows VM.
-3.	Now that you have created a **Remote Desktop Connection** with the virtual machine, open **PowerShell** in the remote session.
-4.	Using PowerShell’s `Invoke-WebRequest`, make a request to the local managed identity's endpoint to get an access token for Azure SQL.
+1. In the portal, navigate to **Virtual Machines** and go to your Windows virtual machine and in the **Overview**, click **Connect**.
+2. Enter in your **Username** and **Password** for which you added when you created the Windows VM.
+3. Now that you have created a **Remote Desktop Connection** with the virtual machine, open **PowerShell** in the remote session.
+4. Using PowerShell’s `Invoke-WebRequest`, make a request to the local managed identity's endpoint to get an access token for Azure SQL.
 
     ```powershell
         $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fdatabase.windows.net%2F' -Method GET -Headers @{Metadata="true"}
     ```
-    
-    Convert the response from a JSON object to a PowerShell object. 
-    
+
+    Convert the response from a JSON object to a PowerShell object.
+
     ```powershell
     $content = $response.Content | ConvertFrom-Json
     ```
 
     Extract the access token from the response.
-    
+
     ```powershell
     $AccessToken = $content.access_token
     ```
 
-5. Open a connection to the SQL server. Remember to replace the values for AZURE-SQL-SERVERNAME and DATABASE.
-    
+5. Open a connection to the server. Remember to replace the values for AZURE-SQL-SERVERNAME and DATABASE.
+
     ```powershell
     $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
     $SqlConnection.ConnectionString = "Data Source = <AZURE-SQL-SERVERNAME>; Initial Catalog = <DATABASE>"
@@ -195,15 +194,13 @@ Alternatively, a quick way to test the end to end setup without having to write
 
 Examine the value of `$DataSet.Tables[0]` to view the results of the query.
 
-
 ## Disable
 
 [!INCLUDE [msi-tut-disable](../../../includes/active-directory-msi-tut-disable.md)]
 
-
 ## Next steps
 
-In this tutorial, you learned how to use a system-assigned managed identity to access Azure SQL server. To learn more about Azure SQL Server see:
+In this tutorial, you learned how to use a system-assigned managed identity to access Azure SQL Database. To learn more about Azure SQL Database see:
 
 > [!div class="nextstepaction"]
-> [Azure SQL Database service](/azure/sql-database/sql-database-technical-overview)
+> [Azure SQL Database](/azure/sql-database/sql-database-technical-overview)
@@ -34,7 +34,7 @@
   items:
   - name: Security Center
     href: https://azure.microsoft.com/services/security-center/
-  - name: SQL DB Advisor
+  - name: SQL Database Advisor
     href: https://azure.microsoft.com/documentation/articles/sql-database-advisor/
   - name: App Service
     href: https://docs.microsoft.com/azure/app-service/app-service-best-practices
 
@@ -15,6 +15,7 @@ As you deploy and maintain clusters in Azure Kubernetes Service (AKS), you need
 This best practices article focuses on how a cluster operator can manage access and identity for AKS clusters. In this article, you learn how to:
 
 > [!div class="checklist"]
+>
 > * Authenticate AKS cluster users with Azure Active Directory
 > * Control access to resources with role-based access controls (RBAC)
 > * Use a managed identity to authenticate themselves with other services
@@ -93,14 +94,14 @@ Managed identities for Azure resources (currently implemented as an associated A
 
 When pods request access to an Azure service, network rules redirect the traffic to the Node Management Identity (NMI) server. The NMI server identifies pods that request access to Azure services based on their remote address, and queries the Managed Identity Controller (MIC). The MIC checks for Azure identity mappings in the AKS cluster, and the NMI server then requests an access token from Azure Active Directory (AD) based on the pod's identity mapping. Azure AD provides access to the NMI server, which is returned to the pod. This access token can be used by the pod to then request access to services in Azure.
 
-In the following example, a developer creates a pod that uses a managed identity to request access to an Azure SQL Server instance:
+In the following example, a developer creates a pod that uses a managed identity to request access to Azure SQL Database:
 
 ![Pod identities allow a pod to automatically request access to other services](media/operator-best-practices-identity/pod-identities.png)
 
 1. Cluster operator first creates a service account that can be used to map identities when pods request access to services.
 1. The NMI server and MIC are deployed to relay any pod requests for access tokens to Azure AD.
 1. A developer deploys a pod with a managed identity that requests an access token through the NMI server.
-1. The token is returned to the pod and used to access an Azure SQL Server instance.
+1. The token is returned to the pod and used to access Azure SQL Database
 
 > [!NOTE]
 > Managed pod identities is an open source project, and is not supported by Azure technical support.