Merge pull request #34857 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-31 17:30 UTC

Author: learn-build-service-prod[bot]

azure-sql/managed-instance/doc-changes-updates-release-notes-whats-new.md

@@ -5,7 +5,7 @@ description: Learn about the new features and documentation improvements for Azu
 author: MashaMSFT
 ms.author: mathoma
 ms.reviewer: wiassaf, mathoma
-ms.date: 07/29/2025
+ms.date: 07/30/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: service-overview
 ms.topic: whats-new
@@ -57,7 +57,7 @@ The following table lists features of Azure SQL Managed Instance that have been
 
 | Feature | GA Month | Details |
 | ---| --- |--- |
-|[Optimized locking](/sql/relational-databases/performance/optimized-locking)| July 2025 | Azure SQL Managed Instance with the [Always-up-to-date](update-policy.md#always-up-to-date-update-policy) update policy now has optimized locking enabled for all user databases. |
+|[Optimized locking](/sql/relational-databases/performance/optimized-locking)| July 2025 | Azure SQL Managed Instance with the [Always-up-to-date update policy](update-policy.md#always-up-to-date-update-policy) now has optimized locking enabled for all user databases. |
 |[UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql) | July 2025 | Azure SQL Managed Instance now supports the `UNISTR` T-SQL syntax for Unicode string literals.|
 |[\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) syntax support | July 2025 |Azure SQL Managed Instance now supports [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql?view=azuresqldb-current&preserve-view=true) Transact-SQL syntax.|
 | [Degrees of parallelism (DOP) feedback](/sql/relational-databases/performance/intelligent-query-processing-degree-parallelism-feedback?view=azuresqldb-mi-current&preserve-view=true) | July 2025|  DOP feedback improves query performance by identifying parallelism inefficiencies for repeating queries, based on elapsed time and waits. For more information, see the [Smarter Parallelism: Degree of parallelism feedback in SQL Server 2025](https://techcommunity.microsoft.com/blog/sqlserver/smarter-parallelism-degree-of-parallelism-feedback-in-sql-server-2025/4431318) blog. |
@@ -85,10 +85,12 @@ Learn about significant changes to the Azure SQL Managed Instance documentation.
 
 | Changes | Details |
 | --- | --- |
-| **UNISTR (Transact-SQL)** | Azure SQL Managed Instance now supports the `UNISTR` T-SQL syntax for Unicode string literals. This capability is now generally available in an Azure SQL Managed Instance configured with the [Always-up-to-date](/azure/azure-sql/managed-instance/update-policy#always-up-to-date-update-policy) update policy. For more information, see [UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql).|
-| **\|\| (String concatenation) and \|\|= (Compound assignment) syntax support** | Azure SQL Managed Instance now supports [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql) Transact-SQL syntax. This capability is now generally available in an Azure SQL Managed Instance configured with the [Always-up-to-date](/azure/azure-sql/managed-instance/update-policy#always-up-to-date-update-policy) update policy.|
 | **Degrees of parallelism (DOP) feedback GA** |  DOP feedback improves query performance by identifying parallelism inefficiencies for repeating queries, based on elapsed time and waits. DOP feedback is now generally available for Azure SQL Managed Instance with the [Always-up-to-date update policy](update-policy.md#always-up-to-date-update-policy). To learn more, see [Degrees of parallelism (DOP) feedback](/sql/relational-databases/performance/intelligent-query-processing-degree-parallelism-feedback?view=azuresqldbmi-current&preserve-view=true). For additional information, see the [Smarter Parallelism: Degree of parallelism feedback in SQL Server 2025](https://techcommunity.microsoft.com/blog/sqlserver/smarter-parallelism-degree-of-parallelism-feedback-in-sql-server-2025/4431318) blog. |
 |**Migrate SQL Server instance to Azure preview** | Migrate your SQL Server instance enabled by Azure Arc to Azure SQL Managed Instance through the Azure portal. This feature is currently in preview. Review [Migrate SQL Server instance to Azure SQL Managed Instance](/sql/sql-server/azure-arc/migrate-to-azure-sql-managed-instance) to learn more. |
+|**Optimized locking GA**| The [optimized locking](/sql/relational-databases/performance/optimized-locking) feature is generally available for Azure SQL Managed Instance configured with the [Always-up-to-date update policy](update-policy.md#always-up-to-date-update-policy) and enabled for all user databases.|
+| **UNISTR (Transact-SQL) GA** | Azure SQL Managed Instance now supports the `UNISTR` T-SQL syntax for Unicode string literals. This capability is now generally available for Azure SQL Managed Instance configured with the [Always-up-to-date update policy](/azure/azure-sql/managed-instance/update-policy#always-up-to-date-update-policy). For more information, see [UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql).|
+| **\|\| (String concatenation) and \|\|= (Compound assignment) syntax support GA** | Azure SQL Managed Instance now supports [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql) and [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql) Transact-SQL syntax. This capability is now generally available in an Azure SQL Managed Instance configured with the [Always-up-to-date](/azure/azure-sql/managed-instance/update-policy#always-up-to-date-update-policy) update policy.|
+
 
 ### June 2025
 

azure-sql/managed-instance/update-policy.md

@@ -5,7 +5,7 @@ description: Use the update policy setting in Azure SQL Managed Instance to cont
 author: MladjoA
 ms.author: mlandzic
 ms.reviewer: mathoma
-ms.date: 07/22/2025
+ms.date: 07/30/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: deployment-configuration
 ms.topic: how-to
@@ -57,7 +57,7 @@ The following table lists all the features that are only available to instances
 
 |*Always-up-to-date* update policy  |*SQL Server 2022* update policy  |
 |---------|---------|
-|- [JSON data type](/sql/t-sql/data-types/json-data-type) <br /> - [Invoke an HTTPS REST endpoint SP](/sql/relational-databases/system-stored-procedures/sp-invoke-external-rest-endpoint-transact-sql) <br /> - [Azure SQL Managed Instance Mirroring in Fabric](/fabric/database/mirrored-database/azure-sql-managed-instance) <br /> - [Vector functions](/sql/t-sql/functions/vector-functions-transact-sql?view=azuresqlmi-current&preserve-view=true) <br /> - [Vector data type](/sql/t-sql/data-types/vector-data-type?view=azuresqlmi-current&preserve-view=true) <br /> - [Fuzzy string matching?](/sql/relational-databases/fuzzy-string-match/overview)  <br /> - [DATEADD (Transact-SQL)](/sql/t-sql/functions/dateadd-transact-sql).  <br /> - [UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql) <br /> - [Regular expression functions](/sql/relational-databases/regular-expressions/overview) <br /> - [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql) <br /> - [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql) <br /> - [Degree of parallelism (DOP) feedback](/sql/relational-databases/performance/intelligent-query-processing-degree-parallelism-feedback?view=azuresqlmi-current&preserve-view=true)  | - [Restore database to SQL Server 2022](restore-database-to-sql-server.md)  <br /> - [Link with bidirectional failover and disaster recovery](managed-instance-link-disaster-recovery.md)   |
+|- [JSON data type](/sql/t-sql/data-types/json-data-type) <br /> - [Invoke an HTTPS REST endpoint SP](/sql/relational-databases/system-stored-procedures/sp-invoke-external-rest-endpoint-transact-sql) <br /> - [Azure SQL Managed Instance Mirroring in Fabric](/fabric/database/mirrored-database/azure-sql-managed-instance) <br /> - [Vector functions](/sql/t-sql/functions/vector-functions-transact-sql?view=azuresqlmi-current&preserve-view=true) <br /> - [Vector data type](/sql/t-sql/data-types/vector-data-type?view=azuresqlmi-current&preserve-view=true) <br /> - [Fuzzy string matching?](/sql/relational-databases/fuzzy-string-match/overview)  <br /> - [DATEADD (Transact-SQL)](/sql/t-sql/functions/dateadd-transact-sql).  <br /> - [UNISTR (Transact-SQL)](/sql/t-sql/functions/unistr-transact-sql) <br /> - [Regular expression functions](/sql/relational-databases/regular-expressions/overview) <br /> - [\|\| (String concatenation)](/sql/t-sql/language-elements/string-concatenation-pipes-transact-sql) <br /> - [\|\|= (Compound assignment)](/sql/t-sql/language-elements/compound-assignment-pipes-transact-sql) <br /> - [Degree of parallelism (DOP) feedback](/sql/relational-databases/performance/intelligent-query-processing-degree-parallelism-feedback?view=azuresqlmi-current&preserve-view=true) <br /> - [Optimized locking](/sql/relational-databases/performance/optimized-locking?view=azuresqlmi-current&preserve-view=true)  | - [Restore database to SQL Server 2022](restore-database-to-sql-server.md)  <br /> - [Link with bidirectional failover and disaster recovery](managed-instance-link-disaster-recovery.md)   |
 
 The following features are impacted by the configured update policy: 
 

docs/relational-databases/performance/optimized-locking.md

@@ -4,7 +4,7 @@ description: "Learn about the optimized locking enhancement to the database engi
 author: MikeRayMSFT
 ms.author: mikeray
 ms.reviewer: randolphwest, peskount, praspu, dfurman
-ms.date: 07/29/2025
+ms.date: 07/30/2025
 ms.service: sql
 ms.subservice: performance
 ms.topic: conceptual
@@ -15,7 +15,7 @@ helpviewer_keywords:
   - "optimized locking"
 dev_langs:
   - "TSQL"
-monikerRange: "=azuresqldb-current || =fabric || >=sql-server-ver17 || >=sql-server-linux-ver17"
+monikerRange: "=azuresqldb-current || =azuresqldb-mi-current || =fabric || >=sql-server-ver17 || >=sql-server-linux-ver17"
 ---
 
 # Optimized locking

docs/relational-databases/security/authentication-access/server-level-roles.md

@@ -51,7 +51,7 @@ The following table shows the fixed server-level roles and their capabilities.
 | **securityadmin** | Members of the **securityadmin** fixed server role manage logins and their properties. They can `GRANT`, `DENY`, and `REVOKE` server-level permissions. **securityadmin** can also `GRANT`, `DENY`, and `REVOKE` database-level permissions if they have access to a database. Additionally, **securityadmin** can reset passwords for [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)] logins.<br /><br />**IMPORTANT:** The ability to grant access to the [!INCLUDE [ssDE](../../../includes/ssde-md.md)] and to configure user permissions allows the security admin to assign most server permissions. The **securityadmin** role should be treated as equivalent to the **sysadmin** role. As an alternative, starting with [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)], consider using the new fixed server role **##MS_LoginManager##**. |
 | **processadmin** | Members of the **processadmin** fixed server role can end processes that are running in an instance of [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)]. |
 | **setupadmin** | Members of the **setupadmin** fixed server role can add and remove linked servers by using [!INCLUDE [tsql](../../../includes/tsql-md.md)] statements. (**sysadmin** membership is needed when using [!INCLUDE [ssManStudio](../../../includes/ssmanstudio-md.md)].) |
-| **bulkadmin** | Members of the **bulkadmin** fixed server role can run the `BULK INSERT` statement.<br /><br />The **bulkadmin** role or `ADMINISTER BULK OPERATIONS` permissions aren't supported for [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)] on Linux.<br /><br />Bulk operations (`BULK INSERT` statements) are not supported for logins based on Microsoft Entra authentication, on either Linux or Windows. In this scenario, only members of the **sysadmin** role can perform bulk inserts for [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)]. |
+| **bulkadmin** | Members of the **bulkadmin** fixed server role can run the `BULK INSERT` statement. Members of this role can potentially elevate their privileges under certain conditions. Apply the principle of least privilege when assigning this role and monitor all activity performed by its members. <br /><br />The **bulkadmin** role or `ADMINISTER BULK OPERATIONS` permissions aren't supported for [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)] on Linux.<br /><br />Bulk operations (`BULK INSERT` statements) are not supported for logins based on Microsoft Entra authentication, on either Linux or Windows. In this scenario, only members of the **sysadmin** role can perform bulk inserts for [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)]. |
 | **diskadmin** | The **diskadmin** fixed server role is used for managing disk files. |
 | **dbcreator** | Members of the **dbcreator** fixed server role can create, alter, drop, and restore any database. |
 | **public** | Every [!INCLUDE [ssNoVersion](../../../includes/ssnoversion-md.md)] login belongs to the **public** server role. When a server principal isn't granted or denied specific permissions on a securable object, the user inherits the permissions granted to **public** on that object. Only assign **public** permissions on any object when you want the object to be available to all users. You can't change membership in **public**.<br /><br />**Note:** **public** is implemented differently than other roles, and permissions can be granted, denied, or revoked from the **public** fixed server roles. |
@@ -63,14 +63,14 @@ The following table shows the fixed server-level roles and their capabilities.
 
 The following table shows fixed server-level roles introduced in [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)], and their capabilities.
 
-> [!NOTE]  
+> [!NOTE]
 > These server-level permissions aren't available for Azure SQL Managed Instance or Azure Synapse Analytics. `##MS_PerformanceDefinitionReader##`, `##MS_ServerPerformanceStateReader##`, and `##MS_ServerSecurityStateReader##` is introduced in [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)], and aren't available in Azure SQL Database.
 
 | Fixed server-level role | Description |
 | --- | --- |
 | `##MS_DatabaseConnector##` | Members of the `##MS_DatabaseConnector##` fixed server role can connect to any database without requiring a User-account in the database to connect to.<br /><br />To deny the `CONNECT` permission to a specific database, users can create a matching user account for this login in the database and then `DENY` the `CONNECT` permission to the database-user. This `DENY` permission overrules the `GRANT CONNECT` permission coming from this role. |
 | `##MS_LoginManager##` | Members of the `##MS_LoginManager##` fixed server role can create, delete, and modify logins. Contrary to the old fixed server role **securityadmin**, this role doesn't allow members to `GRANT` privileges. It's a more limited role that helps to comply with the *Principle of least Privilege*. |
-| `##MS_DatabaseManager##` | Members of the `##MS_DatabaseManager##` fixed server role can create and delete databases. A member of the `##MS_DatabaseManager##` role that creates a database, becomes the owner of that database, which allows that user to connect to that database as the `dbo` user. The `dbo` user has all database permissions in the database. Members of the `##MS_DatabaseManager##` role don't necessarily have permission to access databases that they don't own. This server role has the same privileges as the **dbcreator** role in SQL Server, but we recommend using this new role over the former, since this role exists also in Azure SQL Database and thus helps using the same scripts across different environments. |
+| `##MS_DatabaseManager##` | Members of the `##MS_DatabaseManager##` fixed server role can create and delete databases. A member of the `##MS_DatabaseManager##` role that creates a database, becomes the owner of that database, which allows that user to connect to that database as the `dbo` user. The `dbo` user has all database permissions in the database. Members of the `##MS_DatabaseManager##` role don't necessarily have permission to access databases that they don't own. This server role has the same privileges as the **dbcreator** role in SQL Server, but we recommend using this new role over the former, since this role exists also in Azure SQL Database and thus helps using the same scripts across different environments. <br /><br /> Members of this role can potentially elevate their privileges under certain conditions. Apply the principle of least privilege when assigning this role and monitor all activity performed by its members. |
 | `##MS_ServerStateManager##` | Members of the `##MS_ServerStateManager##` fixed server role have the same permissions as the `##MS_ServerStateReader##` role. Also, it holds the `ALTER SERVER STATE` permission, which allows access to several management operations, such as: `DBCC FREEPROCCACHE`, `DBCC FREESYSTEMCACHE ('ALL')`, `DBCC SQLPERF()` |
 | `##MS_ServerStateReader##` | Members of the `##MS_ServerStateReader##` fixed server role can read all dynamic management views (DMVs) and functions that are covered by `VIEW SERVER STATE`, and respectively has `VIEW DATABASE STATE` permission on any database on which the member of this role has a user account. |
 | `##MS_ServerPerformanceStateReader##` | Members of the `##MS_ServerPerformanceStateReader##` fixed server role can read all dynamic management views (DMVs) and functions that are covered by `VIEW SERVER PERFORMANCE STATE`, and respectively has `VIEW DATABASE PERFORMANCE STATE` permission on any database on which the member of this role has a user account. Subset of what the `##MS_ServerStateReader##` server role has access to, which helps to comply with the *Principle of least Privilege*. |