MicrosoftDocs
diff --git a/‎articles/data-factory/connector-amazon-rds-for-sql-server.md
Lines changed: 120 additions & 25 deletions b/‎articles/data-factory/connector-amazon-rds-for-sql-server.md
Lines changed: 120 additions & 25 deletions
@@ -8,7 +8,7 @@ ms.service: data-factory
 ms.subservice: data-movement
 ms.topic: conceptual
 ms.custom: synapse
-ms.date: 01/05/2024
+ms.date: 05/28/2024
 ---
 
 # Copy data from Amazon RDS for SQL Server by using Azure Data Factory or Azure Synapse Analytics
@@ -74,32 +74,62 @@ The following sections provide details about properties that are used to define
 
 ## Linked service properties
 
-The following properties are supported for the Amazon RDS for SQL Server linked service:
+The Amazon RDS for SQL Server connector **Recommended** version supports TLS 1.3. Refer to this [section](#upgrade-the-amazon-rds-for-sql-server-version) to upgrade your Amazon RDS for SQL Server connector version from **Legacy** one. For the property details, see the corresponding sections.
+
+- [Recommended version](#recommended-version)
+- [Legacy version](#legacy-version)
+
+> [!NOTE]
+> Amazon RDS for SQL Server [**Always Encrypted**](/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15&preserve-view=true) is not supported in data flow.
+
+>[!TIP]
+>If you hit an error with the error code "UserErrorFailedToConnectToSqlServer" and a message like "The session limit for the database is XXX and has been reached," add `Pooling=false` to your connection string and try again.
+
+### Recommended version
+
+These generic properties are supported for an Amazon RDS for SQL Server linked service when you apply **Recommended** version:
 
 | Property | Description | Required |
 |:--- |:--- |:--- |
 | type | The type property must be set to **AmazonRdsForSqlServer**. | Yes |
-| connectionString |Specify **connectionString** information that's needed to connect to the Amazon RDS for SQL Server database by using either SQL authentication or Windows authentication. Refer to the following samples.<br/>You also can put a password in Azure Key Vault. If it's SQL authentication, pull the `password` configuration out of the connection string. For more information, see the JSON example following the table and [Store credentials in Azure Key Vault](store-credentials-in-key-vault.md). |Yes |
-| userName |Specify a user name if you use Windows authentication. An example is **domainname\\username**. |No |
-| password |Specify a password for the user account you specified for the user name. Mark this field as **SecureString** to store it securely. Or, you can [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |No |
+| server | The name or network address of the SQL server instance you want to connect to. | Yes |
+| database | The name of the database. | Yes |
+| authenticationType |The type used for authentication. Allowed values are [**SQL**](#sql-authentication) (default), [**Windows**](#windows-authentication). Go to the relevant authentication section on specific properties and prerequisites.| Yes |
 | alwaysEncryptedSettings | Specify **alwaysencryptedsettings** information that's needed to enable Always Encrypted to protect sensitive data stored in Amazon RDS for SQL Server by using either managed identity or service principal. For more information, see the JSON example following the table and [Using Always Encrypted](#using-always-encrypted) section. If not specified, the default always encrypted setting is disabled. |No |
+| encrypt |Indicate whether TLS encryption is required for all data sent between the client and server. Options: mandatory (for true, default)/optional (for false)/strict. | No |
+| trustServerCertificate | Indicate whether the channel will be encrypted while bypassing the certificate chain to validate trust. | No |
+| hostNameInCertificate | The host name to use when validating the server certificate for the connection. When not specified, the server name is used for certificate validation. | No |
 | connectVia | This [integration runtime](concepts-integration-runtime.md) is used to connect to the data store. Learn more from [Prerequisites](#prerequisites) section. If not specified, the default Azure integration runtime is used. |No |
 
-> [!NOTE]
-> Amazon RDS for SQL Server [**Always Encrypted**](/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15&preserve-view=true) is not supported in data flow. 
+[!INCLUDE [SQL connector additional connection properties](includes/sql-connector-addtional-connection-properties.md)]
 
->[!TIP]
->If you hit an error with the error code "UserErrorFailedToConnectToSqlServer" and a message like "The session limit for the database is XXX and has been reached," add `Pooling=false` to your connection string and try again.
+#### SQL authentication
 
-**Example 1: Use SQL authentication**
+To use SQL authentication, in addition to the generic properties that are described in the preceding section, specify the following properties:
+
+| Property | Description | Required |
+|:--- |:--- |:--- |
+| userName | The user name used to connect to the server. | Yes |
+| password | The password for the user name. Mark this field as **SecureString** to store it securely. Or, you can [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). | Yes |
+
+**Example: Use SQL authentication**
 
 ```json
 {
     "name": "AmazonSqlLinkedService",
     "properties": {
         "type": "AmazonRdsForSqlServer",
         "typeProperties": {
-            "connectionString": "Data Source=<servername>\\<instance name if using named instance>;Initial Catalog=<databasename>;Integrated Security=False;User ID=<username>;Password=<password>;"
+            "server": "<name or network address of the SQL server instance>",
+            "database": "<database name>",
+            "encrypt": "<encrypt>",
+            "trustServerCertificate": false,
+            "authenticationType": "SQL",
+            "userName": "<user name>",
+            "password": {
+                "type": "SecureString",
+                "value": "<password>"
+            }
         },
         "connectVia": {
             "referenceName": "<name of Integration Runtime>",
@@ -109,15 +139,20 @@ The following properties are supported for the Amazon RDS for SQL Server linked
 }
 ```
 
-**Example 2: Use SQL authentication with a password in Azure Key Vault**
+**Example: Use SQL authentication with a password in Azure Key Vault**
 
 ```json
 {
     "name": "AmazonSqlLinkedService",
     "properties": {
         "type": "AmazonRdsForSqlServer",
         "typeProperties": {
-            "connectionString": "Data Source=<servername>\\<instance name if using named instance>;Initial Catalog=<databasename>;Integrated Security=False;User ID=<username>;",
+            "server": "<name or network address of the SQL server instance>",
+            "database": "<database name>",
+            "encrypt": "<encrypt>",
+            "trustServerCertificate": false,
+            "authenticationType": "SQL",
+            "userName": "<user name>",
             "password": { 
                 "type": "AzureKeyVaultSecret", 
                 "store": { 
@@ -134,20 +169,31 @@ The following properties are supported for the Amazon RDS for SQL Server linked
     }
 }
 ```
-
-**Example 3: Use Windows authentication**
+**Example: Use Always Encrypted**
 
 ```json
 {
     "name": "AmazonSqlLinkedService",
     "properties": {
         "type": "AmazonRdsForSqlServer",
         "typeProperties": {
-            "connectionString": "Data Source=<servername>\\<instance name if using named instance>;Initial Catalog=<databasename>;Integrated Security=True;",
-            "userName": "<domain\\username>",
+            "server": "<name or network address of the SQL server instance>",
+            "database": "<database name>",
+            "encrypt": "<encrypt>",
+            "trustServerCertificate": false,
+            "authenticationType": "SQL",
+            "userName": "<user name>",
             "password": {
                 "type": "SecureString",
                 "value": "<password>"
+            },
+            "alwaysEncryptedSettings": {
+                "alwaysEncryptedAkvAuthType": "ServicePrincipal",
+                "servicePrincipalId": "<service principal id>",
+                "servicePrincipalKey": {
+                    "type": "SecureString",
+                    "value": "<service principal key>"
+                }
             }
         },
         "connectVia": {
@@ -158,22 +204,32 @@ The following properties are supported for the Amazon RDS for SQL Server linked
 }
 ```
 
-**Example 4: Use Always Encrypted**
+#### Windows authentication
+
+To use Windows authentication, in addition to the generic properties that are described in the preceding section, specify the following properties:
+
+| Property | Description | Required |
+|:--- |:--- |:--- |
+| userName | Specify a user name. An example is **domainname\\username**. |Yes |
+| password | Specify a password for the user account you specified for the user name. Mark this field as **SecureString** to store it securely. Or, you can [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |Yes |
+
+**Example: Use Windows authentication**
 
 ```json
 {
     "name": "AmazonSqlLinkedService",
     "properties": {
         "type": "AmazonRdsForSqlServer",
         "typeProperties": {
-            "connectionString": "Data Source=<servername>\\<instance name if using named instance>;Initial Catalog=<databasename>;Integrated Security=False;User ID=<username>;Password=<password>;"
-        },
-        "alwaysEncryptedSettings": {
-            "alwaysEncryptedAkvAuthType": "ServicePrincipal",
-            "servicePrincipalId": "<service principal id>",
-            "servicePrincipalKey": {
+            "server": "<name or network address of the SQL server instance>",
+            "database": "<database name>",
+            "encrypt": "<encrypt>",
+            "trustServerCertificate": false,
+            "authenticationType": "Windows",
+            "userName": "<domain\\username>",
+            "password": {
                 "type": "SecureString",
-                "value": "<service principal key>"
+                "value": "<password>"
             }
         },
         "connectVia": {
@@ -184,6 +240,41 @@ The following properties are supported for the Amazon RDS for SQL Server linked
 }
 ```
 
+### Legacy version
+
+These generic properties are supported for an Amazon RDS for SQL Server linked service when you apply **Legacy** version:
+
+| Property | Description | Required |
+|:--- |:--- |:--- |
+| type | The type property must be set to **AmazonRdsForSqlServer**. | Yes |
+| alwaysEncryptedSettings | Specify **alwaysencryptedsettings** information that's needed to enable Always Encrypted to protect sensitive data stored in Amazon RDS for SQL Server by using either managed identity or service principal. For more information, see [Using Always Encrypted](#using-always-encrypted) section. If not specified, the default always encrypted setting is disabled. |No |
+| connectVia | This [integration runtime](concepts-integration-runtime.md) is used to connect to the data store. Learn more from [Prerequisites](#prerequisites) section. If not specified, the default Azure integration runtime is used. |No |
+
+This Amazon RDS for SQL Server connector supports the following authentication types. See the corresponding sections for details.
+
+- [SQL authentication for the legacy version](#sql-authentication-for-the-legacy-version)
+- [Windows authentication for the legacy version](#windows-authentication-for-the-legacy-version)
+
+#### SQL authentication for the legacy version
+
+To use SQL authentication, in addition to the generic properties that are described in the preceding section, specify the following properties:
+
+| Property | Description | Required |
+|:--- |:--- |:--- |
+| connectionString | Specify **connectionString** information that's needed to connect to the Amazon RDS for SQL Server database. Specify a login name as your user name, and ensure the database that you want to connect is mapped to this login. | Yes |
+| password | If you want to put a password in Azure Key Vault, pull the `password` configuration out of the connection string. For more information, see [Store credentials in Azure Key Vault](store-credentials-in-key-vault.md). |No |
+
+
+#### Windows authentication for the legacy version
+
+To use Windows authentication, in addition to the generic properties that are described in the preceding section, specify the following properties:
+
+| Property | Description | Required |
+|:--- |:--- |:--- |
+| connectionString | Specify **connectionString** information that's needed to connect to the the Amazon RDS for SQL Server database. | Yes |
+| userName | Specify a user name. An example is **domainname\\username**. |Yes |
+| password | Specify a password for the user account you specified for the user name. Mark this field as **SecureString** to store it securely. Or, you can [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |Yes |
+
 ## Dataset properties
 
 For a full list of sections and properties available for defining datasets, see the [datasets](concepts-datasets-linked-services.md) article. This section provides a list of properties supported by the Amazon RDS for SQL Server dataset.
@@ -439,5 +530,9 @@ When you copy data from/to Amazon RDS for SQL Server with [Always Encrypted](/sq
 5. Create a **rule for the Windows Firewall** on the machine to allow incoming traffic through this port. 
 6. **Verify connection**: To connect to Amazon RDS for SQL Server by using a fully qualified name, use Amazon RDS for SQL Server Management Studio from a different machine. An example is `"<machine>.<domain>.corp.<company>.com,1433"`.
 
+## Upgrade the Amazon RDS for SQL Server version
+
+To upgrade the Amazon RDS for SQL Server version, in **Edit linked service** page, select **Recommended** under **Version** and configure the linked service by referring to [Linked service properties for the recommended version](#recommended-version).
+
 ## Related content
 For a list of data stores supported as sources and sinks by the copy activity, see [Supported data stores](copy-activity-overview.md#supported-data-stores-and-formats).