Merge pull request #34865 from PratimDasgupta/250731-managed-identity-versioning

prmerger-automator[bot] · web-flow · commit b6d88134c8e2 · 2025-08-04T16:46:40.000Z
Managed Identity Support
diff --git a/docs/includes/entra-id-tutorial.md b/docs/includes/entra-id-tutorial.md
@@ -2,7 +2,7 @@
 author: MikeRayMSFT
 ms.author: mikeray
 ms.reviewer: randolphwest
-ms.date: 07/11/2025
+ms.date: 07/31/2025
 ms.service: sql
 ms.topic: include
 ---
@@ -179,6 +179,10 @@ Or,
 
 ## Configure Microsoft Entra authentication for SQL Server through Azure portal
 
+The steps in Azure portal apply to [!INCLUDE [sssql22-md](sssql22-md.md)].
+
+The steps in Azure portal do not apply to [!INCLUDE [sssql25-md](sssql25-md.md)].
+
 > [!NOTE]  
 > You can configure Microsoft Entra authentication with any of the following experiences:
 >
@@ -238,7 +242,7 @@ After the Azure Arc agent on the SQL Server host has completed its operation, th
 The same syntax for creating Microsoft Entra logins and users on Azure SQL Database and Azure SQL Managed Instance can now be used on SQL Server.
 
 > [!NOTE]  
-> On SQL Server, any account that has the `ALTER ANY LOGIN` or `ALTER ANY USER` permission can create Microsoft Entra logins or users, respectively. The account doesn't need to be a Microsoft Entra login.
+> On SQL Server, any Microsoft Entra account that has the `ALTER ANY LOGIN` or `ALTER ANY USER` permission can create Microsoft Entra logins or users, respectively. Otherwise, only accounts with `sysadmin` permissions can create Microsoft Entra logins or users.
 
 To create a login for a Microsoft Entra account, execute the following T-SQL command in the `master` database:
 
diff --git a/docs/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial.md b/docs/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial.md
@@ -4,7 +4,7 @@ description: Tutorial on how to set up Microsoft Entra authentication for SQL Se
 author: PratimDasgupta
 ms.author: prdasgu
 ms.reviewer: vanto, randolphwest
-ms.date: 04/04/2025
+ms.date: 07/31/2025
 ms.service: sql
 ms.subservice: security
 ms.topic: tutorial
@@ -13,6 +13,6 @@ monikerRange: ">=sql-server-ver16||>= sql-server-linux-ver16"
 
 # Tutorial: Set up Microsoft Entra authentication for SQL Server
 
-[!INCLUDE [SQL Server 2022](../../../includes/applies-to-version/sqlserver2022.md)]
+[!INCLUDE [SQL Server 2022](../../../includes/applies-to-version/sqlserver2022.md)] only.
 
 [!INCLUDE [entra-id-tutorial](../../../includes/entra-id-tutorial.md)]
diff --git a/docs/relational-databases/security/authentication-access/microsoft-entra-authentication-sql-server-enable-without-arc.md b/docs/relational-databases/security/authentication-access/microsoft-entra-authentication-sql-server-enable-without-arc.md
@@ -4,7 +4,7 @@ description: Tutorial on how to set up Microsoft Entra authentication for SQL Se
 author: PratimDasgupta
 ms.author: prdasgu
 ms.reviewer: vanto
-ms.date: 05/09/2025
+ms.date: 07/31/2025
 ms.service: sql
 ms.subservice: security
 ms.topic: tutorial
@@ -13,7 +13,7 @@ monikerRange: ">=sql-server-ver16 || >=sql-server-linux-ver16"
 
 # Tutorial: Enable Microsoft Entra authentication for SQL Server on Windows without Azure Arc
 
-[!INCLUDE [SQL Server 2022](../../../includes/applies-to-version/sqlserver2022.md)]
+[!INCLUDE [SQL Server 2022](../../../includes/applies-to-version/sqlserver2022.md)] and later.
 
 This article describes how to authenticate with Microsoft Entra ID without setting up Azure Arc for your on-premises SQL Server 2022 and later versions. Microsoft Entra authentication is a cloud-based identity management service that provides secure access to SQL Server databases. This tutorial guides you through the process of setting up Microsoft Entra authentication for SQL Server on Windows without Azure Arc.
 
diff --git a/docs/sql-server/azure-arc/managed-identity.md b/docs/sql-server/azure-arc/managed-identity.md
@@ -4,7 +4,7 @@ description: Learn how to use a managed identity with SQL Server 2025.
 author: PratimDasgupta
 ms.author: prdasgu
 ms.reviewer: mikeray, randolphwest, mathoma, vanto
-ms.date: 07/06/2025
+ms.date: 07/28/2025
 ms.service: sql
 ms.topic: how-to
 ms.custom:
@@ -38,6 +38,7 @@ When using managed identity with SQL Server enabled by Azure Arc, consider the f
   - `Inbound connections` are logins and users connecting to SQL Server. Inbound connections can also be achieved by using [App registration](entra-authentication-setup-tutorial.md), starting in [!INCLUDE [sssql22-md](../../includes/sssql22-md.md)].
   - `Outbound connections` are SQL Server connections to Azure resources, like backup to URL, or connecting to Azure Key Vault.
 - App Registration **can't** enable a SQL Server to make outbound connections. Outbound connections need a primary managed identity assigned to the SQL Server.
+- For SQL Server 2025 and later, we recommend that you use managed identity based Microsoft Entra setup, as detailed in this article. Alternatively, you can configure an [app registration for SQL Server 2025.](/sql/relational-databases/security/authentication-access/microsoft-entra-authentication-sql-server-enable-without-arc)
 
 ## Prerequisites
 
