Merge pull request #34854 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-30 22:30 UTC

Author: learn-build-service-prod[bot]

azure-sql/database-watcher-data.md

@@ -5,7 +5,7 @@ description: A detailed description of SQL monitoring data collected by database
 author: lcwright
 ms.author: lancewright
 ms.reviewer: dfurman
-ms.date: 07/08/2025
+ms.date: 07/30/2025
 ms.service: azure-sql
 ms.subservice: monitoring
 ms.topic: conceptual
@@ -130,6 +130,16 @@ Compute resources available to database watcher queries in a dense elastic pool
 >
 > It is not recommended to monitor more than a few individual databases in a dense elastic pool. You might see gaps in the collected data or larger than expected intervals between data samples due to insufficient compute resources available to database watcher queries.
 
+## Data collection in serverless databases
+
+If a [serverless](./database/serverless-tier-overview.md) database has auto-pause disabled, database watcher monitors it just like a provisioned database.
+
+If you enable auto-pause on a serverless database, database watcher data collection stops when the database pauses. Database watcher monitoring queries do not prevent a serverless database from pausing if it is [eligible to be paused](./database/serverless-tier-overview.md#auto-pause) otherwise.
+
+Shortly after a serverless database transitions to a **Paused** state, its status on the watcher summary dashboard changes to **Not collecting**. The previously collected data for the database remains in the watcher data store, and is accessible via dashboards and queries.
+
+Data collection resumes within minutes after the database transitions from the **Paused** to the **Online** state.
+
 ## Data residency
 
 Customers can choose to store collected SQL monitoring data in one of three data store types:

azure-sql/database-watcher-overview.md

@@ -5,7 +5,7 @@ description: An overview of database watcher for Azure SQL, a managed monitoring
 author: lcwright
 ms.author: lancewright
 ms.reviewer: wiassaf, dfurman
-ms.date: 06/04/2025
+ms.date: 07/30/2025
 ms.service: azure-sql
 ms.subservice: monitoring
 ms.topic: conceptual
@@ -191,6 +191,7 @@ This section describes recent database watcher fixes, changes, and improvements.
 
 | Time period | Changes |
 |:--|:--|
+| July 2025 | - Fix an issue where database watcher monitoring queries prevented [serverless](./database/serverless-tier-overview.md) databases, including [free offer](./database/free-offer.md) databases, from pausing. For more information, see [Data collection in serverless databases](database-watcher-data.md#data-collection-in-serverless-databases). |
 | April 2025 | - Fix a bug where a database watcher deployment via Bicep, an ARM template, Terraform, or REST API would fail if the **subscription ID**, **resource group name**, or **watcher name** deployment parameters used inconsistent casing.<br /> - Fix a bug where collection of certain datasets for a **SQL database** target would stop if the database was restored from backup.<br /> - Change to limit data collection in the **Table metadata** datasets for databases with many tables and for SQL managed instances with many databases to avoid long-running collection queries.<br /> - Improve collection query performance for the **Session statistics** dataset for **SQL managed instance** targets. |
 | February 2025 | - Add support for alerting. For more information, see [Database watcher alerts](database-watcher-alerts.md). |
 | January 2025 | - Fix to make database watcher deployments via Bicep or ARM templates idempotent.<br /> - Fix a bug where SQL Agent job history details on the SQL Managed Instance detailed dashboard weren't displayed.<br /> - Fix a bug when filtering data on the **Sessions** charts on the detailed dashboards would cause KQL query errors.<br /> - Fix a bug where storage throughput values on the detailed dashboards were incorrect.<br /> - Improve storage utilization charts on the detailed dashboards to include the maximum storage size.<br /> - Improve to show the original and compressed size of collected data in the **Data store** section.<br /> - Improve the message shown when a dashboard cannot connect to the data store to include suggestions for common problems.<br /> - Add informational messages when there is no data shown on the **Top queries** dashboards for known reasons.<br /> - Add Hyperscale log rate limit information in the **Replicas** dataset for Azure SQL databases.<br /> - Add transaction start time and log bytes used to the **Active sessions** datasets. |
@@ -223,7 +224,6 @@ During preview, database watcher has the following known issues.
 | Issue | Mitigation or workaround |
 |:--|:--|
 | If data collection cannot start or continue because of an error (for example, insufficient access to a SQL target or to the data store), the error is not exposed. | To troubleshoot, see [Data is not collected](#data-is-not-collected). |
-| If a [serverless](./database/serverless-tier-overview.md) database has auto-pause enabled, and is added as a SQL target to a watcher, it might not auto-pause as expected. For a [free offer](./database/free-offer.md) database, this might exhaust the free monthly credit sooner than expected. | If retaining the auto-pause functionality is required, do not use database watcher to monitor serverless databases at this time. |
 | Because of a known issue in Azure SQL Database and Azure SQL Managed Instance, expected data might not be collected from a high availability (HA) readable secondary replica if database replicas change roles, for example after a maintenance event. | Commonly, the issue resolves without any action within one or two days. To resume data collection sooner, restart the watcher. |
 | For Azure SQL Managed Instance, data might not be collected from the readable high availability replica or from a geo-replica if you are using SQL authentication. | There are two workarounds: <br />1. Use the Microsoft Entra ID authentication (preferred). <br />2. Disable the password policy check. Execute `ALTER LOGIN [database-watcher-login-placeholder] WITH CHECK_POLICY = OFF;`, replacing `database-watcher-login-placeholder` with the name of the SQL authentication login of the watcher. Execute this command on the primary replica, and on the geo-replica, if any. |
 | In Azure SQL Managed Instance, data is not collected if the `EXECUTE` permission on the `sys.xp_msver` system stored procedure is revoked or denied to the `public` role. | Grant the `EXECUTE` permission on `sys.xp_msver` to the watcher login. <br /><br />On every SQL managed instance added as a SQL target, execute `USE master; CREATE USER [database-watcher-login-placeholder] FOR LOGIN [database-watcher-login-placeholder]; GRANT EXECUTE ON sys.xp_msver TO [database-watcher-login-placeholder];`, replacing `database-watcher-login-placeholder` with the name of the watcher login. |

azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md

@@ -32,7 +32,7 @@ To retrieve the current UMIs or SMI for Azure SQL Managed instance or Azure SQL
 There are several benefits of using a UMI as a server identity:
 
 - Users have the flexibility to create and maintain their own UMIs for a tenant. You can use UMIs as server identities for Azure SQL. A UMI is managed by the user, whereas an SMI is uniquely defined per server and assigned by the system.
-- In the past, you needed the Microsoft Entra ID [Directory Readers](authentication-aad-directory-readers-role.md) role when using an SMI as the server or instance identity. With the introduction of accessing Microsoft Entra ID through [Microsoft Graph](/graph/api/resources/azure-ad-overview), users who are concerned with giving high-level permissions such as the Directory Readers role to the SMI or UMI can alternatively give lower-level permissions so that the server or instance identity can access Microsoft Graph. 
+- In the past, you needed the Microsoft Entra ID [Directory Readers](authentication-aad-directory-readers-role.md) role when using an SMI as the server or instance identity. With the introduction of accessing Microsoft Entra ID through [Microsoft Graph](/graph/auth/auth-concepts), users who are concerned with giving high-level permissions such as the Directory Readers role to the SMI or UMI can alternatively give lower-level permissions so that the server or instance identity can access Microsoft Graph. 
 
   For more information on providing Directory Readers permissions and its function, see [Directory Readers role in Microsoft Entra ID for Azure SQL](authentication-aad-directory-readers-role.md).
 - Users can choose a specific UMI to be the server or instance identity for all databases or managed instances in the tenant. Or they can have multiple UMIs assigned to different servers or instances. 
@@ -50,7 +50,7 @@ For information on how to create a UMI, see [Manage user-assigned managed identi
 
 ## Permissions
 
-After the UMI is created, some permissions are needed to allow the UMI to read from [Microsoft Graph](/graph/api/resources/azure-ad-overview) as the server identity. Grant the following permissions, or give the UMI the [Directory Readers](authentication-aad-directory-readers-role-tutorial.md) role. 
+After the UMI is created, some permissions are needed to allow the UMI to read from [Microsoft Graph](/graph/auth/auth-concepts) as the server identity. Grant the following permissions, or give the UMI the [Directory Readers](authentication-aad-directory-readers-role-tutorial.md) role. 
 
 These permissions should be granted before you provision a logical server or managed instance. After you grant the permissions to the UMI, they're enabled for all servers or instances that are created with the UMI assigned as a server identity.
 

azure-sql/database/firewall-configure.md

@@ -259,6 +259,26 @@ az synapse workspace firewall-rule create --name AllowAllWindowsAzureIps --works
 | [Delete firewall rules](/rest/api/sql/firewall-rules/delete) | Server | Removes server-level IP firewall rules |
 | [Get firewall rules](/rest/api/sql/firewall-rules/get) | Server | Gets server-level IP firewall rules |
 
+## Understanding the latency of firewall updates
+
+The server authentication model has a latency of 5 minutes for all changes to security settings, unless the database is contained and without a failover partner. Changes made to contained databases without a failover partner are instantaneous. For contained databases with a failover partner, each security update is instantaneous on the primary database, but the secondary database can take up to 5 minutes to reflect the changes. 
+
+The following table describes the latency of security settings changes based on database type and failover configuration:
+
+| Authentication model  | Failover configured | Latency for security settings changes | Latent instances |
+|-----------------------|---------------------|--------------------------------------|------------------|
+| Server authentication | Yes                 | 5 minutes                            | all databases     |
+| Server authentication | No                  | 5 minutes                            | all databases     |
+| Contained database    | Yes                 | 5 minutes                            | the secondary database |
+| Contained database    | No                  | none                                 | none             |
+
+## Manually refreshing firewall rules
+
+If you need to see firewall rules updated more quickly than the 5 minute latency, you can manually refresh the firewall rules. Log into the database instance that needs its rules updated, and run DBCC FLUSHAUTHCACHE.  This will cause the database instance to flush its local cache and refresh firewall rules.
+```syntaxsql
+DBCC FLUSHAUTHCACHE[;]
+```
+
 ## Troubleshoot the database firewall
 
 Consider the following points when access to Azure SQL Database doesn't behave as you expect.

azure-sql/managed-instance/doc-changes-updates-release-notes-whats-new.md

@@ -5,7 +5,7 @@ description: Learn about the new features and documentation improvements for Azu
 author: MashaMSFT
 ms.author: mathoma
 ms.reviewer: wiassaf, mathoma
-ms.date: 07/28/2025
+ms.date: 07/29/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: service-overview
 ms.topic: whats-new
@@ -57,6 +57,7 @@ The following table lists features of Azure SQL Managed Instance that have been
 
 | Feature | GA Month | Details |
 | ---| --- |--- |
+|[Optimized locking](/sql/relational-databases/performance/optimized-locking)| July 2025 | Azure SQL Managed Instance with the [Always-up-to-date](update-policy.md#always-up-to-date-update-policy) update policy now has optimized locking enabled for all user databases. |
 |[UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql) | July 2025 | Azure SQL Managed Instance now supports the `UNISTR` T-SQL syntax for Unicode string literals.|
 |[\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) syntax support | July 2025 |Azure SQL Managed Instance now supports [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) Transact-SQL syntax.|
 | [Degrees of parallelism (DOP) feedback](/sql/relational-databases/performance/intelligent-query-processing-degree-parallelism-feedback?view=azuresqldb-mi-current&preserve-view=true) | July 2025|  DOP feedback improves query performance by identifying parallelism inefficiencies for repeating queries, based on elapsed time and waits. For more information, see the [Smarter Parallelism: Degree of parallelism feedback in SQL Server 2025](https://techcommunity.microsoft.com/blog/sqlserver/smarter-parallelism-degree-of-parallelism-feedback-in-sql-server-2025/4431318) blog. |

docs/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server.md

@@ -3,7 +3,7 @@ title: Install the Microsoft ODBC driver for SQL Server (Linux)
 description: Learn how to install the Microsoft ODBC Driver for SQL Server on Linux clients to enable database connectivity.
 author: David-Engel
 ms.author: davidengel
-ms.date:  04/28/2025
+ms.date:  07/30/2025
 ms.service: sql
 ms.subservice: connectivity
 ms.topic: conceptual
@@ -61,7 +61,7 @@ sudo apk add --allow-untrusted mssql-tools18_18.4.1.1-1_$architecture.apk
 ### [Debian](#tab/debian18-install)
 
 ```bash
-if ! [[ "11 12" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1)"* ]];
+if ! [[ "9 10 11 12" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1)"* ]];
 then
     echo "Debian $(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1) is not currently supported.";
     exit;
@@ -92,7 +92,7 @@ sudo apt-get install -y libgssapi-krb5-2
 ### [RHEL and Oracle Linux](#tab/redhat18-install)
 
 ```bash
-if ! [[ "8 9" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1)"* ]];
+if ! [[ "7 8 9" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1)"* ]];
 then
     echo "RHEL $(grep VERSION_ID /etc/os-release | cut -d '"' -f 2 | cut -d '.' -f 1) is not currently supported.";
     exit;
@@ -146,7 +146,7 @@ sudo zypper install -y unixODBC-devel
 ### [Ubuntu](#tab/ubuntu18-install)
 
 ```bash
-if ! [[ "20.04 22.04 24.04 24.10" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2)"* ]];
+if ! [[ "18.04 20.04 22.04 24.04 24.10" == *"$(grep VERSION_ID /etc/os-release | cut -d '"' -f 2)"* ]];
 then
     echo "Ubuntu $(grep VERSION_ID /etc/os-release | cut -d '"' -f 2) is not currently supported.";
     exit;