MicrosoftDocs
diff --git a/‎azure-sql/database/dynamic-data-masking-configure-portal.md
Lines changed: 29 additions & 28 deletions b/‎azure-sql/database/dynamic-data-masking-configure-portal.md
Lines changed: 29 additions & 28 deletions
diff --git a/‎azure-sql/database/elastic-convert-to-use-elastic-tools.md
Lines changed: 36 additions & 43 deletions b/‎azure-sql/database/elastic-convert-to-use-elastic-tools.md
Lines changed: 36 additions & 43 deletions
@@ -1,55 +1,56 @@
 ---
-title: "Azure portal: Dynamic data masking"
-description: How to get started with Azure SQL Database dynamic data masking in the Azure portal
-author: Madhumitatripathy
-ms.author: matripathy
-ms.reviewer: wiassaf, vanto, mathoma
-ms.date: 04/05/2022
+title: "Dynamic Data Masking"
+description: How to get started with Azure SQL Database dynamic data masking in the Azure portal.
+author: WilliamDAssafMSFT
+ms.author: wiassaf
+ms.reviewer: matripathy, vanto, mathoma
+ms.date: 06/13/2025
 ms.service: azure-sql-database
 ms.subservice: security
 ms.topic: how-to
-ms.custom: sqldbrb=1
+ms.custom:
+  - sqldbrb=1
+monikerRange: "=azuresql || =azuresql-db "
 ---
 # Get started with SQL Database dynamic data masking with the Azure portal
+
 [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
 
-This article shows you how to implement [dynamic data masking](dynamic-data-masking-overview.md) with the Azure portal. You can also implement dynamic data masking using [Azure SQL Database cmdlets](/powershell/module/az.sql/) or the [REST API](/rest/api/sql/).
+This article shows you how to implement [dynamic data masking](dynamic-data-masking-overview.md) with the Azure portal. You can also implement dynamic data masking using [Azure SQL Database PowerShell cmdlets](/powershell/module/az.sql/) or the [REST API](/rest/api/sql/).
 
 > [!NOTE]
-> This feature cannot be set using portal for SQL Managed Instance (use PowerShell or REST API). For more information, see [Dynamic Data Masking](/sql/relational-databases/security/dynamic-data-masking).
+> This feature cannot be set using the Azure portal for Azure SQL Managed Instance (use PowerShell or REST API). For more information, see [Dynamic Data Masking](/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql-mi&preserve-view=true).
 
 ## Enable dynamic data masking
 
 1. Launch the Azure portal at [https://portal.azure.com](https://portal.azure.com).
-2. Go to your database resource in the Azure portal. 
-3. Select the **Dynamic Data Masking** pane under the **Security** section. 
-
-   ![Screenshot that shows the Security section with Dynamic Data Masking highlighted.](./media/dynamic-data-masking-configure-portal/dynamic-data-masking-in-portal.png)
-
-4. In the **Dynamic Data Masking** configuration page, you may see some database columns that the recommendations engine has flagged for masking. In order to accept the recommendations, just click **Add Mask** for one or more columns and a mask is created based on the default type for this column. You can change the masking function by clicking on the masking rule and editing the masking field format to a different format of your choice. Be sure to click **Save** to save your settings.
+1. Go to your database resource in the Azure portal. 
+1. Under the **Security** section, select **Dynamic Data Masking**. 
+1. In the **Dynamic Data Masking** configuration page, you might see some database columns that the recommendations engine has flagged for masking. In order to accept the recommendations, select **Add Mask** for one or more columns, and a mask is created based on the default type for this column. You can change the masking function by selecting on the masking rule and editing the masking field format to a different format of your choice. Select **Save** to save your settings. In the following screenshot, you can see recommended dynamic data masks for the sample `AdventureWorksLT` database.
 
-    ![Screenshot that shows the Dynamic Data Masking configuration page.](./media/dynamic-data-masking-configure-portal/5_ddm_recommendations.png)
+    :::image type="content" source="media/dynamic-data-masking-configure-portal/recommendations.png" alt-text="Screenshot that shows the Dynamic Data Masking configuration page, based on the AdventureWorksLT sample database." lightbox="media/dynamic-data-masking-configure-portal/recommendations.png":::
 
-5. To add a mask for any column in your database, at the top of the **Dynamic Data Masking** configuration page, click **Add Mask** to open the **Add Masking Rule** configuration page.
+1. To add a mask for any column in your database, at the top of the **Dynamic Data Masking** configuration page, select **Add Mask** to open the **Add Masking Rule** configuration page.
 
-    ![Screenshot that shows the Add Masking Rule configuration page.](./media/dynamic-data-masking-configure-portal/6_ddm_add_mask.png)
+    :::image type="content" source="media/dynamic-data-masking-configure-portal/add-mask.png" alt-text="Screenshot that shows the Add Masking Rule configuration page." lightbox="media/dynamic-data-masking-configure-portal/add-mask.png":::
 
-6. Select the **Schema**, **Table** and **Column** to define the designated field for masking.
-7. **Select how to mask** from the list of sensitive data masking categories.
+1. Select the **Schema**, **Table** and **Column** to define the designated field for masking.
+1. **Select how to mask** from the list of sensitive data masking categories.
 
-    ![Screenshot that shows the sensitive data masking categories under the Select how to mask section.](./media/dynamic-data-masking-configure-portal/7_ddm_mask_field_format.png)
+    :::image type="content" source="media/dynamic-data-masking-configure-portal/mask-field-format.png" alt-text="Screenshot that shows the sensitive data masking categories under the Select how to mask section." lightbox="media/dynamic-data-masking-configure-portal/mask-field-format.png":::
 
-8. Click **Add** in the data masking rule page to update the set of masking rules in the dynamic data masking policy.
-9. Type the SQL authenticated users or authenticated identities from Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)) that should be excluded from masking, and have access to the unmasked sensitive data. This should be a semicolon-separated list of users. Users with administrator privileges always have access to the original unmasked data.
+1. Select **Add** in the data masking rule page to update the set of masking rules in the dynamic data masking policy.
+1. Type the SQL authenticated users or authenticated identities from Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)) that should be excluded from masking, and have access to the unmasked sensitive data. This should be a semicolon-separated list of users. Users with administrator privileges always have access to the original unmasked data.
 
-    ![Navigation pane](./media/dynamic-data-masking-configure-portal/8_ddm_excluded_users.png)
+    :::image type="content" source="media/dynamic-data-masking-configure-portal/excluded-users.png" alt-text="Screenshot from the Azure portal of the SQL users excluded from masking (administrators are always excluded) list box.":::
 
     > [!TIP]
     > To make it so the application layer can display sensitive data for application privileged users, add the SQL user or Microsoft Entra identity the application uses to query the database. It is highly recommended that this list contain a minimal number of privileged users to minimize exposure of the sensitive data.
 
-10. Click **Save** in the data masking configuration page to save the new or updated masking policy.
+1. Select **Save** in the data masking configuration page to save the new or updated masking policy.
 
-## Next steps
+## Related content
 
-- For an overview of dynamic data masking, see [dynamic data masking](dynamic-data-masking-overview.md).
-- You can also implement dynamic data masking using [Azure SQL Database cmdlets](/powershell/module/az.sql/) or the [REST API](/rest/api/sql/).
+- [Dynamic data masking](dynamic-data-masking-overview.md)
+- [Azure SQL Database PowerShell cmdlets](/powershell/module/az.sql/)
+- [REST API](/rest/api/sql/)
@@ -1,28 +1,31 @@
 ---
-title: Migrate existing databases to scale out
+title: Migrate Existing Databases to Scale Out
 description: Convert sharded databases to use Elastic Database tools by creating a shard map manager
-author: scoriani
-ms.author: scoriani
-ms.reviewer: wiassaf, mathoma
-ms.date: 01/25/2019
+author: WilliamDAssafMSFT
+ms.author: wiassaf
+ms.reviewer: scoriani, mathoma
+ms.date: 06/13/2025
 ms.service: azure-sql-database
 ms.subservice: scale-out
 ms.topic: how-to
-ms.custom: sqldbrb=1
+ms.custom:
+  - sqldbrb=1
+monikerRange: "=azuresql || =azuresql-db "
 ---
 # Migrate existing databases to scale out
+
 [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
 
-Easily manage your existing scaled-out sharded databases using tools (such as the [Elastic Database client library](elastic-database-client-library.md)). First convert an existing set of databases to use the [shard map manager](elastic-scale-shard-map-management.md).
+Easily manage your existing scaled-out sharded databases using tools (such as the [Building scalable cloud databases](elastic-database-client-library.md)). First convert an existing set of databases to use the [shard map manager](elastic-scale-shard-map-management.md).
 
 ## Overview
 
 To migrate an existing sharded database:
 
 1. Prepare the [shard map manager database](elastic-scale-shard-map-management.md).
-2. Create the shard map.
-3. Prepare the individual shards.  
-4. Add mappings to the shard map.
+1. Create the shard map.
+1. Prepare the individual shards.  
+1. Add mappings to the shard map.
 
 These techniques can be implemented using either the [.NET Framework client library](https://www.nuget.org/packages/Microsoft.Azure.SqlDatabase.ElasticScale.Client/), or the PowerShell scripts found at [Azure SQL Database - Elastic Database tools scripts](https://github.com/Azure/elastic-db-tools/tree/master/Samples/PowerShell). The examples here use the PowerShell scripts.
 
@@ -42,7 +45,9 @@ New-ShardMapManager -UserName '<user_name>' -Password '<password>' -SqlServerNam
 # tenant-database mapping information.
 ```
 
-### To retrieve the shard map manager
+<a id="to-retrieve-the-shard-map-manager"></a>
+
+### Retrieve the shard map manager
 
 After creation, you can retrieve the shard map manager with this cmdlet. This step is needed every time you need to use the ShardMapManager object.
 
@@ -56,21 +61,21 @@ $ShardMapManager = Get-ShardMapManager -UserName '<user_name>' -Password '<passw
 Select the type of shard map to create. The choice depends on the database architecture:
 
 1. Single tenant per database (For terms, see the [glossary](elastic-scale-glossary.md).)
-2. Multiple tenants per database (two types):
+1. Multiple tenants per database (two types):
    1. List mapping
-   2. Range mapping
+   1. Range mapping
 
 For a single-tenant model, create a **list mapping** shard map. The single-tenant model assigns one database per tenant. This is an effective model for SaaS developers as it simplifies management.
 
-![List mapping][1]
+:::image type="content" source="media/elastic-convert-to-use-elastic-tools/listmapping.png" alt-text="Diagram of list mapping.":::
 
 The multi-tenant model assigns several tenants to an individual database (and you can distribute groups of tenants across multiple databases). Use this model when you expect each tenant to have small data needs. In this model, assign a range of tenants to a database using **range mapping**.
 
-![Range mapping][2]
+:::image type="content" source="media/elastic-convert-to-use-elastic-tools/rangemapping.png" alt-text="Diagram of range mapping.":::
 
 Or you can implement a multi-tenant database model using a *list mapping* to assign multiple tenants to an individual database. For example, DB1 is used to store information about tenant ID 1 and 5, and DB2 stores data for tenant 7 and tenant 10.
 
-![Multiple tenants on single DB][3]
+:::image type="content" source="media/elastic-convert-to-use-elastic-tools/multipleonsingledb.png" alt-text="Diagram of multiple tenants on single DB.":::
 
 **Based on your choice, choose one of these options:**
 
@@ -99,7 +104,7 @@ Setting up this pattern also requires creation of a list map as shown in step 2,
 
 ## Step 3: Prepare individual shards
 
-Add each shard (database) to the shard map manager. This prepares the individual databases for storing mapping information. Execute this method on each shard.
+Add each shard (database) to the shard map manager. This prepares the individual databases for storing mapping information. Execute this method on each shard. The `$ShardMap` is the shard map created in [step 2](#step-2-create-the-shard-map).
 
 ```powershell
 Add-Shard -ShardMap $ShardMap -SqlServerName '<shard_server_name>' -SqlDatabaseName '<shard_database_name>'
@@ -112,29 +117,31 @@ The addition of mappings depends on the kind of shard map you created. If you cr
 
 ### Option 1: Map the data for a list mapping
 
-Map the data by adding a list mapping for each tenant.  
+Map the data by adding a list mapping for each tenant. Use the following sample PowerShell script to create the mappings and associate them with the new shards.
 
 ```powershell
-# Create the mappings and associate it with the new shards
+# Create the mapping and associate it with the new shards
 Add-ListMapping -KeyType $([int]) -ListPoint '<tenant_id>' -ListShardMap $ShardMap -SqlServerName '<shard_server_name>' -SqlDatabaseName '<shard_database_name>'
 ```
 
 ### Option 2: Map the data for a range mapping
 
-Add the range mappings for all the tenant ID range - database associations:
+Add the range mappings for all the tenant ID range - database associations. Use the following sample PowerShell script to create the mappings and associate them with the new shards.
 
 ```powershell
-# Create the mappings and associate it with the new shards
+# Create the mapping and associate it with the new shards
 Add-RangeMapping -KeyType $([int]) -RangeHigh '5' -RangeLow '1' -RangeShardMap $ShardMap -SqlServerName '<shard_server_name>' -SqlDatabaseName '<shard_database_name>'
 ```
 
 ### Step 4 option 3: Map the data for multiple tenants on an individual database
 
-For each tenant, run the Add-ListMapping (option 1).
+For each tenant, run the `Add-ListMapping` (option 1) cmdlet.
+
+<a id="checking-the-mappings"></a>
 
-## Checking the mappings
+## Check the mappings
 
-Information about the existing shards and the mappings associated with them can be queried using following commands:  
+Information about the existing shards and the mappings associated with them can be queried using following PowerShell sample script:
 
 ```powershell
 # List the shards and mappings
@@ -146,23 +153,9 @@ Get-Mappings -ShardMap $ShardMap
 
 Once you have completed the setup, you can begin to use the Elastic Database client library. You can also use [data-dependent routing](elastic-scale-data-dependent-routing.md) and [multi-shard query](elastic-scale-multishard-querying.md).
 
-## Next steps
-
-Get the PowerShell scripts from [Azure Elastic Database tools scripts](https://github.com/Azure/elastic-db-tools/tree/master/Samples/PowerShell).
-
-The Elastic database tools client library is available on GitHub: [Azure/elastic-db-tools](https://github.com/Azure/elastic-db-tools).
-
-Use the split-merge tool to move data to or from a multi-tenant model to a single tenant model. See [Split merge tool](elastic-scale-configure-deploy-split-and-merge.md).
-
-## Additional resources
-
-For information on common data architecture patterns of multi-tenant software-as-a-service (SaaS) database applications, see [Design Patterns for Multi-tenant SaaS Applications with Azure SQL Database](saas-tenancy-app-design-patterns.md).
-
-## Questions and feature requests
-
-For questions, use the [Microsoft Q&A question page for SQL Database](/answers/topics/azure-sql-database.html) and for feature requests, add them to the [SQL Database feedback forum](https://feedback.azure.com/d365community/forum/04fe6ee0-3b25-ec11-b6e6-000d3a4f0da0).
+## Related content
 
-<!--Image references-->
-[1]: ./media/elastic-convert-to-use-elastic-tools/listmapping.png
-[2]: ./media/elastic-convert-to-use-elastic-tools/rangemapping.png
-[3]: ./media/elastic-convert-to-use-elastic-tools/multipleonsingledb.png
+- [Azure Elastic Database tools scripts](https://github.com/Azure/elastic-db-tools/tree/master/Samples/PowerShell)
+- [Azure/elastic-db-tools](https://github.com/Azure/elastic-db-tools)
+- [Deploy a split-merge service to move data between sharded databases](elastic-scale-configure-deploy-split-and-merge.md)
+- [Design Patterns for Multi-tenant SaaS Applications with Azure SQL Database](saas-tenancy-app-design-patterns.md)