Merge branch 'main' into release-dallas

Author: v-alje

azure-sql/database/database-copy.md

@@ -111,9 +111,9 @@ Database1 can be a single or pooled database. Copying between different tier poo
 
    ```sql
    -- Execute on the master database to start copying
-   CREATE DATABASE "Database2"
-   AS COPY OF "Database1"
-   (SERVICE_OBJECTIVE = ELASTIC_POOL( name = "pool1" ) );
+   CREATE DATABASE Database2
+   AS COPY OF Database1
+   (SERVICE_OBJECTIVE = ELASTIC_POOL( name = 'pool1' ) );
    ```
 
 ### Copy to a different server
@@ -130,6 +130,13 @@ CREATE DATABASE Database2 AS COPY OF server1.Database1;
 > [!IMPORTANT]
 > Both servers' firewalls must be configured to allow inbound connection from the IP of the client issuing the T-SQL CREATE DATABASE ... AS COPY OF command. To determine the source IP address of current connection, execute `SELECT client_net_address FROM sys.dm_exec_connections WHERE session_id = @@SPID;`
 
+Similarly, the below command copies Database1 on server1 to a new database named Database2 within an elastic pool called pool2, on server2.
+
+```sql
+-- Execute on the master database of the target server (server2) to start copying from Server1 to Server2
+CREATE DATABASE Database2 AS COPY OF server1.Database1 (SERVICE_OBJECTIVE = ELASTIC_POOL( name = 'pool2' ) );
+```
+
 ### Copy to a different subscription
 
 You can use the steps in the [Copy a SQL Database to a different server](#copy-to-a-different-server) section to copy your database to a server in a different subscription using T-SQL. Make sure you use a login that has the same name and password as the database owner of the source database. Additionally, the login must be a member of the `dbmanager` role or a server administrator, on both source and target servers.

azure-sql/database/elastic-jobs-overview.md

@@ -10,7 +10,7 @@ ms.topic: conceptual
 author: srinia
 ms.author: srinia
 ms.reviewer: kendralittle, mathoma
-ms.date: 12/18/2018
+ms.date: 05/03/2022
 ---
 # Create, configure, and manage elastic jobs (preview)
 [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
@@ -81,6 +81,7 @@ These are the current limitations to the Elastic Jobs service.  We're actively w
 | :---- | :--------- |
 | The Elastic Job agent needs to be recreated and started in the new region after a failover/move to a new Azure region. | The Elastic Jobs service stores all its job agent and job metadata in the jobs database. Any failover or move of Azure resources to a new Azure region will also move the jobs database, job agent and jobs metadata to the new Azure region. However, the Elastic Job agent is a compute only resource and needs to be explicitly re-created and started in the new region before jobs will start executing again in the new region. Once started, the Elastic Job agent will resume executing jobs in the new region as per the previously defined job schedule. |
 | Concurrent jobs limit. | Currently, the preview is limited to 100 concurrent jobs. |
+| Excessive Audit logs from Jobs database | The Elastic Job agent operates by constantly polling the Job database to check for the arrival of new jobs and other CRUD operations. If auditing is enabled on the server that houses a Jobs database, a large amount of audit logs may be generated by the Jobs database. This can be mitigated by filtering out these audit logs using the `Set-AzSqlServerAudit` command with a predicate expression.<BR/><BR/>For example:<BR/> `Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -BlobStorageTargetState Enabled -StorageAccountResourceId "/subscriptions/7fe3301d-31d3-4668-af5e-211a890ba6e3/resourceGroups/resourcegroup01/providers/Microsoft.Storage/storageAccounts/mystorage" -PredicateExpression "database_principal_name <> '##MS_JobAccount##'"`<BR/><BR/>This command will only filter out Job Agent to Jobs database audit logs, not Job Agent to any target databases audit logs.|
 
 ## Best practices for creating jobs
 

azure-sql/database/elastic-jobs-tsql-create-manage.md

@@ -12,7 +12,7 @@ ms.topic: how-to
 author: srinia
 ms.author: srinia
 ms.reviewer: kendralittle, mathoma
-ms.date: 02/01/2021
+ms.date: 05/03/2022
 ---
 # Use Transact-SQL (T-SQL) to create and manage Elastic Database Jobs (preview)
 [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
@@ -243,7 +243,7 @@ SELECT @poolEndTime = dateadd(minute, -30, @endTime)
 SELECT elastic_pool_name , end_time, elastic_pool_dtu_limit, avg_cpu_percent, avg_data_io_percent, avg_log_write_percent, max_worker_percent, max_session_percent,
         avg_storage_percent, elastic_pool_storage_limit_mb FROM sys.elastic_pool_resource_stats
         WHERE end_time > @poolStartTime and end_time <= @poolEndTime;
-'),
+',
 @credential_name = 'job_credential',
 @target_group_name = 'ElasticJobGroup',
 @output_type = 'SqlDatabase',

azure-sql/database/sql-database-vulnerability-assessment-rules.md

@@ -8,14 +8,14 @@ ms.topic: reference
 author: davidtrigano
 ms.author: datrigan
 ms.reviewer: kendralittle, vanto, mathoma
-ms.date: 05/06/2021
+ms.date: 05/02/2021
 monikerRange: "=azuresql||=azuresql-db||=azuresql-mi"
 ---
 
 # SQL Vulnerability Assessment rules reference guide
 [!INCLUDE[appliesto-sqldb-sqlmi-asa](../includes/appliesto-sqldb-sqlmi-asa.md)]  :::image type="icon" source="../media/applies-to/yes.png" border="false"::: SQL Server (all supported versions)
 
-This article lists the set of built-in rules that are used to flag security vulnerabilities and highlight deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. The rules are based on Microsoft's best practices and focus on the security issues that present the biggest risks to your database and its valuable data. They cover both database-level issues as well as server-level security issues, like server firewall settings and server-level permissions. These rules also represent many of the requirements from various regulatory bodies to meet their compliance standards.
+This article lists the set of built-in rules that are used to flag security vulnerabilities and highlight deviations from best practices, such as misconfigurations and excessive permissions. The rules are based on Microsoft's best practices and focus on the security issues that present the biggest risks to your database and its valuable data. They cover both database-level issues as well as server-level security issues, like server firewall settings and server-level permissions. These rules also represent many of the requirements from various regulatory bodies to meet their compliance standards.
 
 The rules shown in your database scans depend on the SQL version and platform that was scanned. 
 
@@ -107,7 +107,6 @@ SQL Vulnerability Assessment rules have five categories, which are in the follow
 |VA1223     |Certificate keys should use at least 2048 bits          |High         |Certificate keys are used in RSA and other encryption algorithms to protect data. These keys need to be of enough length to secure the user's data. This rule checks that the key's length is at least 2048 bits for all certificates.         |<nobr>SQL Server 2012+<nobr/><br/><br/>SQL Managed Instance<br/><br/>SQL Database<br/><br/>Azure Synapse         |
 |VA1224     |Asymmetric keys' length should be at least 2048 bits          |High         |Database asymmetric keys are used in many encryption algorithms these keys need to be of enough length to secure the encrypted data this rule checks that all asymmetric keys stored in the database are of length of at least 2048 bits         |<nobr>SQL Server 2012<nobr/><br/><br/><nobr>SQL Server 2014<nobr/><br/><br/>SQL Database         |
 |VA1279     |Force encryption should be enabled for TDS          |High         |When the Force Encryption option for the Database Engine is enabled all communications between client and server is encrypted regardless of whether the 'Encrypt connection' option (such as from SSMS) is checked or not. This rule checks that Force Encryption option is enabled.         |<nobr>SQL Server 2012+<nobr/>         |
-|VA1288     |Sensitive data columns should be classified          |Medium         |This rule checks if the scanned database has potentially sensitive data that has not been classified.         |<nobr/>SQL Database         |
 |VA2060     |SQL Threat Detection should be enabled at the server level          |Medium         |SQL Threat Detection provides a layer of security that detects potential vulnerabilities and anomalous activity in databases such as SQL injection attacks and unusual behavior patterns. When a potential threat is detected Threat Detection sends an actionable real-time alert by email and in Microsoft Defender for Cloud, which includes clear investigation and remediation steps for the specific threat. For more information, please see [Configure threat detection](./threat-detection-configure.md). This check verifies that SQL Threat Detection is enabled         |<nobr/><br/>SQL Managed Instance<br/><br/>SQL Database<br/><br/>Azure Synapse         |
 
 ## Installation Updates and Patches

azure-sql/docfx.json

@@ -67,7 +67,8 @@
       "recommendations": true,
       "_op_documentIdPathDepotMapping": {
         "./": {
-           "depot_name": "Azure.azure-documents"
+          "depot_name": "Azure.azure-documents",
+          "folder_relative_path_in_docset": "articles/azure-sql/"
         }
       }
     },

docs/big-data-cluster/release-notes-big-data-cluster.md

@@ -5,13 +5,13 @@ description: This article describes the latest updates and known issues for SQL
 author: WilliamDAssafMSFT
 ms.author: wiassaf
 ms.reviewer: hudequei
-ms.date: 01/31/2022
+ms.date: 05/03/2022
 ms.topic: conceptual
 ms.prod: sql
 ms.technology: big-data-cluster
 ---
 
-# SQL Server Big Data Clusters platform release notes
+# SQL Server 2019 Big Data Clusters platform release notes
 
 [!INCLUDE[SQL Server 2019](../includes/applies-to-version/sqlserver2019.md)]
 
@@ -34,6 +34,7 @@ The following table contains the tested configuration matrix for each release of
 
 | Release | Container OS | Kubernetes API | Runtime | Data Storage | Log Storage |
 | ----------- | ------------ | ------- | ------- | ------------ | ----------- |
+| CU16 | Ubuntu 20.04 LTS | 1.21 | containerd 1.4.6<br/>CRI-O 1.20.4 | Block only | Block only |
 | CU15 | Ubuntu 20.04 LTS | 1.21 | containerd 1.4.6<br/>CRI-O 1.20.4 | Block only | Block only |
 | CU14 | Ubuntu 20.04 LTS | 1.21 | containerd 1.4.6<br/>CRI-O 1.20.4 | Block only | Block only |
 | CU13 | Ubuntu 20.04 LTS | 1.20 | containerd 1.4.6<br/>CRI-O 1.20.0 | Block only | Block only |
@@ -49,14 +50,15 @@ Restrictions:
 Reference architecture and white papers for [!INCLUDE[big-data-clusters-nover](../includes/ssbigdataclusters-ss-nover.md)] can be found on the following pages:
 
 * [SQL Server 2019](https://www.microsoft.com/sql-server/sql-server-2019)
-* [SQL Server Big Data Clusters partners](../sql-server/partner-big-data-cluster.md)
+* [SQL Server 2019 Big Data Clusters partners](../sql-server/partner-big-data-cluster.md)
 
 ## Release history
 
 The following table lists the release history for [!INCLUDE[ssbigdataclusters-ver15](../includes/ssbigdataclusters-ver15.md)].
 
 | Release <sup>1</sup> | [!INCLUDE[ssbigdataclusters-ver15](../includes/ssbigdataclusters-ver15.md)] version | [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)] version <sup>2</sup> | Release date |
 |--|--|--|--|
+| [CU16](release-notes-cumulative-update-16.md) |  15.0.4223.1  | 20.3.11   | May 2 2022 |
 | [CU15](release-notes-cumulative-update-15.md) |  15.0.4198.2  | 20.3.10   | Jan 27 2022 |
 | [CU14](release-notes-cumulative-update-14.md) |  15.0.4188.2  | 20.3.9    | Nov 22 2021 |
 | [CU13](release-notes-cumulative-update-13.md) |  15.0.4178.15 | 20.3.8    | Sept 9 2021 |