Merge branch 'main' of https://github.com/MicrosoftDocs/sql-docs-pr into 20250709-fabric-permissions

Author: WilliamDAssafMSFT

.openpublishing.publish.config.json

@@ -134,12 +134,6 @@
       "branch": "master",
       "branch_mapping": {}
     },
-    {
-      "path_to_root": "azure-docs-pr",
-      "url": "https://github.com/MicrosoftDocs/azure-docs-pr",
-      "branch": "main",
-      "branch_mapping": {}
-    },
     {
       "path_to_root": "azure-compute-docs-pr",
       "url": "https://github.com/MicrosoftDocs/azure-compute-docs-pr",
@@ -199,4 +193,4 @@
     ".openpublishing.redirection.stretch-database.json",
     ".openpublishing.redirection.visual-studio-code-extensions.json"
   ]
-}
+}

.openpublishing.redirection.json

@@ -47630,6 +47630,11 @@
       "redirect_url": "/previous-versions/sql/2014/tools/sqlagent90-application",
       "redirect_document_id": false
     },
+    {
+      "source_path": "docs/tools/sqlagent90-application.md",
+      "redirect_url": "/sql/tools/sqlagent-application",
+      "redirect_document_id": false
+    },
     {
       "source_path": "docs/2014/tools/sqlcmd-utility.md",
       "redirect_url": "/previous-versions/sql/2014/tools/sqlcmd-utility",

azure-sql/database/ai-artificial-intelligence-intelligent-applications.md

@@ -196,7 +196,7 @@ End-to-end examples:
 
 [Semantic Kernel is an open-source SDK](/semantic-kernel/overview/) that lets you easily build agents that can call your existing code. As a highly extensible SDK, you can use Semantic Kernel with models from OpenAI, Azure OpenAI, Hugging Face, and more. By combining your existing C#, Python, and Java code with these models, you can build agents that answer questions and automate processes. 
 
-- [Microsoft.SemanticKernel.Connectors.SqlServer](https://github.com/microsoft/semantic-kernel/tree/main/dotnet/src/Connectors/Connectors.Memory.SqlServer)
+- [Microsoft.SemanticKernel.Connectors.SqlServer](/dotnet/api/microsoft.semantickernel.connectors.sqlserver)
 
 An example of how easily Semantic Kernel helps to build AI-enabled solution is here:
 

azure-sql/database/auditing-analyze-audit-logs.md

@@ -4,15 +4,15 @@ titleSuffix: Azure SQL Database & Azure Synapse Analytics
 description: Use Auditing to analyze logs in Log Analytics, Event Hubs, or through an Azure storage account.
 author: sravanisaluru
 ms.author: srsaluru
-ms.reviewer: mathoma
-ms.date: 06/10/2025
+ms.reviewer: mathoma, vanto
+ms.date: 07/09/2025
 ms.service: azure-sql-database
 ms.subservice: security
 ms.topic: how-to
 ---
 # Use Auditing to analyze audit logs and reports
 
-[!INCLUDE[appliesto-sqldb-asa](../includes/appliesto-sqldb-asa.md)]
+[!INCLUDE [appliesto-sqldb-asa](../includes/appliesto-sqldb-asa.md)]
 
 This article provides an overview of analyzing audit logs using Auditing for [Azure SQL Database](sql-database-paas-overview.md) and [Azure Synapse Analytics](/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is). You can use Auditing to analyze audit logs stored in:
 
@@ -29,7 +29,6 @@ If you chose to write audit logs to Log Analytics:
 1. At the top of the database's **Auditing** page, select **View audit logs** to display a sample of audit logs with a limited set of fields that cover activity from up to 2 hours prior to the selected **End Time** (which defaults to 'now'):
 
    :::image type="content" source="media/auditing-analyze-audit-logs/view-audit-logs.png" alt-text="Screenshot of the Auditing menu in the Azure portal where you can select the View audit logs option." lightbox="media/auditing-analyze-audit-logs/view-audit-logs.png":::
-   
 
 You have two ways to view the logs:
 
@@ -70,7 +69,7 @@ If you chose to write audit logs to an Azure storage account, there are several
 
   1. The merged file opens in SSMS, where you can view and analyze it, as well as export it to an XEL or CSV file, or to a table.
 
-- Use Power BI. You can view and analyze audit log data in Power BI. For more information and to access a downloadable template, see [Blog: Analyze audit log data in Power BI](https://techcommunity.microsoft.com/blog/azuredbsupport/sql-azure-blob-auditing-basic-power-bi-dashboard/368895).
+- Use Power BI. You can view and analyze audit log data in Power BI. For more information, see [Using Azure Log Analytics in Power BI](/power-bi/transform-model/log-analytics/desktop-log-analytics-overview).
 - Download log files from your Azure Storage blob container via the portal or by using a tool such as [Azure Storage Explorer](https://azure.microsoft.com/products/storage/storage-explorer).
   - After you have downloaded a log file locally, double-click the file to open, view, and analyze the logs in SSMS.
   - You can also download multiple files simultaneously in Azure Storage Explorer. To do so, right-click a specific subfolder and select **Save as** to save in a local folder.

azure-sql/database/authentication-aad-directory-readers-role.md

@@ -5,7 +5,7 @@ description: Learn about the directory reader's role in Microsoft Entra for Azur
 author: VanMSFT
 ms.author: vanto
 ms.reviewer: wiassaf, vanto, mathoma
-ms.date: 06/10/2025
+ms.date: 07/17/2025
 ms.service: azure-sql
 ms.subservice: security
 ms.topic: conceptual
@@ -41,17 +41,17 @@ The **Directory Readers** role can be used as the server or instance identity to
 
 In order to assign the [**Directory Readers**](/azure/active-directory/roles/permissions-reference#directory-readers) role to an identity, a user with [Privileged Role Administrator](/azure/active-directory/roles/permissions-reference#privileged-role-administrator) or higher permissions are needed. Users who often manage or deploy SQL Database, SQL Managed Instance, or Azure Synapse might not have access to these highly privileged roles. This can often cause complications for users that create unplanned Azure SQL resources, or need help from highly privileged role members that are often inaccessible in large organizations.
 
-For SQL Managed Instance, the **Directory Readers** role must be assigned to the managed instance identity before you can [set up a Microsoft Entra admin for the managed instance](authentication-aad-configure.md#provision-azure-ad-admin-sql-managed-instance). 
+For SQL Managed Instance, the **Directory Readers** role or lower level permissions discussed in [Managed identities in Microsoft Entra for Azure SQL](authentication-azure-ad-user-assigned-managed-identity.md) must be assigned to the managed instance identity before you can [set up a Microsoft Entra admin for the managed instance](authentication-aad-configure.md#provision-azure-ad-admin-sql-managed-instance). 
 
-Assigning the **Directory Readers** role to the server identity isn't required for SQL Database or Azure Synapse when setting up a Microsoft Entra admin for the logical server. However, to enable Microsoft Entra object creation in SQL Database or Azure Synapse on behalf of a Microsoft Entra application, the **Directory Readers** role is required. If the role isn't assigned to the logical server identity, creating Microsoft Entra users in Azure SQL will fail. For more information, see [Microsoft Entra service principals with Azure SQL](authentication-aad-service-principal.md).
+Assigning the **Directory Readers** role to the server identity isn't required for SQL Database or Azure Synapse when setting up a Microsoft Entra admin for the logical server. However, to enable Microsoft Entra object creation in SQL Database or Azure Synapse on behalf of a Microsoft Entra application, the **Directory Readers** role or lower level permissions discussed in [Managed identities in Microsoft Entra for Azure SQL](authentication-azure-ad-user-assigned-managed-identity.md) is required. If the role or permissions aren't assigned to the logical server identity, creating Microsoft Entra users in Azure SQL will fail. For more information, see [Microsoft Entra service principals with Azure SQL](authentication-aad-service-principal.md).
 
 <a id="granting-the-directory-readers-role-to-an-azure-ad-group"></a>
 
 <a id="granting-the-directory-readers-role-to-a-microsoft-entra-group"></a>
 
 ## Grant the Directory Readers role to a Microsoft Entra group
 
-You can now have a [Privileged Role Administrator](/azure/active-directory/roles/permissions-reference#privileged-role-administrator) create a Microsoft Entra group and assign the [**Directory Readers**](/azure/active-directory/roles/permissions-reference#directory-readers) permission to the group. This will allow access to the Microsoft Graph API for members of this group. In addition, Microsoft Entra users who are owners of this group are allowed to assign new members for this group, including identities of the logical servers.
+You can have a [Privileged Role Administrator](/azure/active-directory/roles/permissions-reference#privileged-role-administrator) create a Microsoft Entra group and assign the [**Directory Readers**](/azure/active-directory/roles/permissions-reference#directory-readers) permission to the group. This will allow access to the Microsoft Graph API for members of this group. In addition, Microsoft Entra users who are owners of this group are allowed to assign new members for this group, including identities of the logical servers.
 
 This solution still requires a high privilege user (Privileged Role Administrator or higher permissions) to create a group and assign users as a one time activity, but the Microsoft Entra group owners will be able to assign additional members going forward. This eliminates the need to involve a high privilege user in the future to configure all SQL Databases, SQL Managed Instances, or Azure Synapse servers in their Microsoft Entra tenant.