Merge pull request #218433 from inward-eye/main

clarified regions

Author: v-regandowner

articles/purview/includes/access-policies-prerequisites-arc-sql-server.md

@@ -5,42 +5,44 @@ ms.service: purview
 ms.subservice: purview-data-policies
 ms.topic: include
 ms.date: 10/11/2022
-ms.custom: 
+ms.custom: references_regions
 ---
 
 
 - Get SQL server version 2022 RC 1 or later running on Windows and install it. [Follow this link](https://www.microsoft.com/sql-server/sql-server-2022).
 - Complete process to onboard that [SQL server with Azure Arc](/sql/sql-server/azure-arc/connect).
 - Enable [Azure AD Authentication in SQL server](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial). For a simpler setup [follow this article](/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-automation-setup-tutorial#setting-up-azure-ad-admin-using-the-azure-portal).
 
-**Enforcement of policies for this data source is available only in the following regions for Microsoft Purview**
-- East US
-- East US 2
-- South Central US
-- West Central US
-- West US
-- West US3
-- Canada Central
-- Brazil South
-- North Europe
-- West Europe
-- France Central
-- Switzerland North
-- UK South
-- UAE North
-- South Africa North
-- Central India
-- Korea Central
-- Japan East
-- Australia East
-
-### Security considerations
+#### Region support
+- Policy enforcement is only available in the following regions for Microsoft Purview:
+    - East US
+    - East US 2
+    - South Central US
+    - West Central US
+    - West US
+    - West US2
+    - West US3
+    - Canada Central
+    - Brazil South
+    - North Europe
+    - West Europe
+    - France Central
+    - Switzerland North
+    - UK South
+    - UAE North
+    - South Africa North
+    - Central India
+    - Korea Central
+    - Japan East
+    - Australia East
+    
+#### Security considerations for SQL Server on Azure Arc-enabled servers
 - The Server admin can turn off the Microsoft Purview policy enforcement.
 - Arc Admin/Server admin permissions empower the Arc admin or Server admin with the ability to change the ARM path of the given server. Given that mappings in Microsoft Purview use ARM paths, this can lead to wrong policy enforcements. 
 - SQL Admin (DBA) can gain the power of Server admin and can tamper with the cached policies from Microsoft Purview.
 - The recommended configuration is to create a separate App Registration per SQL server instance. This prevents SQL server2 from reading the policies meant for SQL server1, in case a rogue admin in SQL server2 tampers with the ARM path.
 
-### SQL Server on Azure Arc-enabled server configuration
+#### SQL Server on Azure Arc-enabled server configuration
 This section describes the steps to configure the SQL Server on Azure Arc to use Microsoft Purview.
 
 1. Sign in to Azure portal through this [link](https://portal.azure.com/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/sqlServers) which lists SQL Servers on Azure Arc.

articles/purview/includes/access-policies-prerequisites-azure-sql-db.md

@@ -5,30 +5,30 @@ ms.service: purview
 ms.subservice: purview-data-policies
 ms.topic: include
 ms.date: 11/10/2022
-ms.custom: 
+ms.custom: references_regions
 ---
 
 - Create a new Azure SQL Database or use an existing one in one of the currently available regions for this preview feature. You can [follow this guide to create a new Azure SQL Database](/azure/azure-sql/database/single-database-create-quickstart).
 
-**Enforcement of policies for this data source is currently available in the following regions for Microsoft Purview**
-No restrictions, all Microsoft Purview regions are supported
-
-**Enforcement of Microsoft Purview policies is available only in the following regions for Azure SQL Database**
-- East US
-- East US2
-- South Central US
-- West Central US
-- West US3
-- Canada Central
-- Brazil South
-- West Europe
-- North Europe
-- France Central
-- UK South
-- Central India
-- East Asia
-- Australia East
-
+#### Region support
+- All regions for Microsoft Purview are supported
+- Enforcement of Microsoft Purview policies is only available in the following regions for Azure SQL Database:
+    - East US
+    - East US2
+    - South Central US
+    - West Central US
+    - West US3
+    - Canada Central
+    - Brazil South
+    - West Europe
+    - North Europe
+    - France Central
+    - UK South
+    - South Africa North
+    - Central India
+    - East Asia
+    - Australia East
+    
 #### Configure the Azure SQL Database for policies from Microsoft Purview
 You need to configure an Azure Active Directory Admin for the Azure SQL Server to honor policies from Microsoft Purview. In Azure portal, navigate to the Azure SQL Server that hosts the Azure SQL Database and then navigate to Azure Active Directory on the side menu. Set an Admin name to any Azure Active Directory user or group you prefer, and then select **Save**. See screenshot:
 ![Screenshot shows how to assign Active Directory Admin to Azure SQL Server.](../media/how-to-policies-data-owner-sql/assign-active-directory-admin-azure-sql-db.png)

articles/purview/includes/access-policies-prerequisites-storage.md

@@ -30,28 +30,28 @@ If the output is *Registering*, wait at least 10 minutes, and then retry the com
 > Storage accounts must meet the following requirements to enforce access policies published from Microsoft Purview.
 > - Storage account versions >= 81.x.x.
 
-#### Region support for Azure Storage accounts
-Existing Azure Storage account(s) are supported in one of the regions listed below. You can also create a new one by [following this guide(../../storage/common/storage-account-create.md).
-
-Currently, Microsoft Purview access policies can only be enforced in the following Azure Storage regions:
-- East US
-- East US2
-- South Central US
-- West US
-- West US2
-- Canada Central
-- North Europe
-- West Europe
-- France Central
-- UK South
-- East Asia
-- Southeast Asia
-- Japan East
-- Japan West
-- Australia East
-
-The following regions support only Azure Storage accounts created in the subscription **after** the feature *AllowPurviewPolicyEnforcement* is *Registered*.
-- West US
-- East Asia
-- Japan East
-- Japan West
+If needed, you can also create a new Storage account by [following this guide](../../storage/common/storage-account-create.md).
+
+#### Region support
+- All regions for Microsoft Purview are supported
+- Microsoft Purview access policies can only be enforced in the following Azure Storage regions:
+    - East US
+    - East US2
+    - South Central US
+    - West US
+    - West US2
+    - Canada Central
+    - North Europe
+    - West Europe
+    - France Central
+    - UK South
+    - East Asia
+    - Southeast Asia
+    - Japan East
+    - Japan West
+    - Australia East
+- The following regions support only **new** Azure Storage accounts. That is, Storage accounts created in the subscription **after** the feature *AllowPurviewPolicyEnforcement* is *Registered*.
+    - West US
+    - East Asia
+    - Japan East
+    - Japan West