Merge branch 'main' into rw-0907-2017cu31

Author: rwestMSFT

.openpublishing.redirection.azure-sql.json

@@ -539,6 +539,16 @@
       "source_path_from_root": "/azure-sql/database/predictive-model-build-compare-tutorial.md",
       "redirect_url": "/sql/machine-learning/tutorials/r-predictive-model-train?context=/azure/azure-sql/managed-instance/context/ml-context&view=azuresqldb-mi-current",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/azure-sql/managed-instance/custom-dns-configure.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/resolve-private-domain-names",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/azure-sql/managed-instance/synchronize-vnet-dns-servers-setting-on-virtual-cluster.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/resolve-private-domain-names",
+      "redirect_document_id": false
     }
   ]
 }

.openpublishing.redirection.json

@@ -59454,6 +59454,11 @@
       "source_path": "docs/tools/sqlpackage/troubleshooting-import-export-sqlpackage.md",
       "redirect_url": "/sql/tools/sqlpackage/troubleshooting-issues-and-performance-with-sqlpackage",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "docs/sql-server/partner-big-data-cluster.md",
+      "redirect_url": "/sql/big-data-cluster/partner-big-data-cluster",
+      "redirect_document_id": false
     }
   ]
 }

azure-sql/database/audit-write-storage-account-behind-vnet-firewall.md

@@ -39,6 +39,7 @@ For audit to write to a storage account behind a VNet or firewall, the following
 > * The storage account must be on the same tenant and at the same location as the [logical SQL server](logical-servers.md) (it's OK to be on different subscriptions).
 > * The Azure Storage account requires `Allow trusted Microsoft services to access this storage account`. Set this on the Storage Account **Firewalls and Virtual networks**.
 > * You must have `Microsoft.Authorization/roleAssignments/write` permission on the selected storage account. For more information, see [Azure built-in roles](/azure/role-based-access-control/built-in-roles).
+> * **User managed identity authentication** type for enabling auditing to storage behind firewall is not currently supported.
 
 > [!NOTE]
 > When Auditing to stoarge account is already enabled on a server / db, and if the target storage account is moved behind a firewall, we lose write access to 

azure-sql/database/auditing-overview.md

@@ -39,7 +39,7 @@ You can use SQL Database auditing to:
 
 ### Auditing limitations
 
-- **User managed identity** authentication type for enabling auditing to **storage** is not currently supported.
+- **User managed identity** authentication type for enabling auditing to **storage behind firewall** is not currently supported.
 - Enabling auditing on a paused **Azure Synapse** is not supported. To enable auditing, resume Azure Synapse.
 - Auditing for **Azure Synapse SQL pools** supports default audit action groups **only**.
 - When you configure the auditing for your [logical server in Azure](logical-servers.md) or Azure SQL Database with log destination as the storage account, the target storage account must be enabled with access to storage account keys. If the storage account is configured to use Azure AD authentication only and not configured for access key usage, the auditing cannot be configured. <!-- REST API reference: - /rest/api/sql/2021-08-01-preview/server-blob-auditing-policies/create-or-update -->
@@ -52,7 +52,7 @@ An auditing policy can be defined for a specific database or as a default [serve
 
 - If *server auditing is enabled*, it *always applies to the database*. The database will be audited, regardless of the database auditing settings.
 
-- When auditing policy is defined at the database-level to a Log Analytics workspace or an Event Hub destination, the following operations will not keep the source database-level auditing policy:
+- When auditing policy is defined at the database-level to a Log Analytics workspace or an Event Hubs destination, the following operations will not keep the source database-level auditing policy:
     - [Database copy](database-copy.md)
     - [Point-in-time restore](recovery-using-backups.md)
     - [Geo-replication](active-geo-replication-overview.md) (Secondary database will not have database-level auditing)
@@ -78,7 +78,7 @@ An auditing policy can be defined for a specific database or as a default [serve
 - For details about the log format, hierarchy of the storage folder and naming conventions, see the [Blob Audit Log Format Reference](./audit-log-format.md).
 - Auditing on [Read-Only Replicas](read-scale-out.md) is automatically enabled. For further details about the hierarchy of the storage folders, naming conventions, and log format, see the [SQL Database Audit Log Format](audit-log-format.md).
 - When using Azure AD Authentication, failed logins records will *not* appear in the SQL audit log. To view failed login audit records, you need to visit the [Azure Active Directory portal](/azure/active-directory/reports-monitoring/concept-sign-ins), which logs details of these events.
-- Logins are routed by the gateway to the specific instance where the database is located.  In the case of AAD logins, the credentials are verified before attempting to use that user to login into the requested database.  In the case of failure, the requested database is never accessed, so no auditing occurs.  In the case of SQL logins, the credentials are verified on the requested data, so in this case they can be audited.  Successful logins, which obviously reach the database, are audited in both cases.
+- Logins are routed by the gateway to the specific instance where the database is located.  In the case of Azure AD logins, the credentials are verified before attempting to use that user to login into the requested database.  In the case of failure, the requested database is never accessed, so no auditing occurs.  In the case of SQL logins, the credentials are verified on the requested data, so in this case they can be audited.  Successful logins, which obviously reach the database, are audited in both cases.
 - After you've configured your auditing settings, you can turn on the new threat detection feature and configure emails to receive security alerts. When you use threat detection, you receive proactive alerts on anomalous database activities that can indicate potential security threats. For more information, see [Getting started with threat detection](threat-detection-overview.md).
 - After a database with auditing enabled is copied to another [logical server](logical-servers.md), you may receive an email notifying you that the audit failed. This is a known issue and auditing should work as expected on the newly copied database.
 
@@ -97,7 +97,7 @@ The following section describes the configuration of auditing using the Azure po
 
   > [!NOTE]
   > - Enabling auditing on a paused dedicated SQL pool is not possible. To enable auditing, un-pause the dedicated SQL pool. Learn more about [dedicated SQL pool](/azure/synapse-analytics/sql/best-practices-dedicated-sql-pool).
-  > - When auditing is configured to a Log Analytics workspace or to an Event Hub destination via the Azure portal or PowerShell cmdlet, a [Diagnostic Setting](/azure/azure-monitor/essentials/diagnostic-settings) is created with "SQLSecurityAuditEvents" category enabled.
+  > - When auditing is configured to a Log Analytics workspace or to an Event Hubs destination via the Azure portal or PowerShell cmdlet, a [Diagnostic Setting](/azure/azure-monitor/essentials/diagnostic-settings) is created with "SQLSecurityAuditEvents" category enabled.
 
 1. Go to the [Azure portal](https://portal.azure.com).
 2. Navigate to **Auditing** under the Security heading in your **SQL database** or **SQL server** pane.
@@ -132,8 +132,9 @@ You have the option of choosing a different storage destination for this auditin
 
 ### <a id="audit-storage-destination"></a>Audit to storage destination
 
-To configure writing audit logs to a storage account, select **Storage** when you get to the **Auditing** section. Select the Azure storage account where logs will be saved, and then select the retention period by opening **Advanced properties**. Then click **Save**. Logs older than the retention period are deleted.
+To configure writing audit logs to a storage account, select **Storage** when you get to the **Auditing** section. Select the Azure storage account where you want to save your logs. You can use the following two storage authentication types:  managed identity and storage access keys. For managed identity, system and user managed identity is supported. By default, the primary user identity assigned to the server is selected. If there is no user identity, then a system assigned identity is created and used for authentication purposes. After you have chosen an authentication type, select a retention period by opening **Advanced properties* and selecting **Save**. Logs older than the retention period are deleted.
 
+ 
 > [!NOTE] 
 > If you are deploying from the Azure portal, be sure that the storage account is in the same region as your database and server. If you are deploying through other methods, the storage account can be in any region.
 
@@ -150,7 +151,7 @@ To configure writing audit logs to a Log Analytics workspace, select **Log Analy
 
 For more details about Azure Monitor Log Analytics workspace, see [Designing your Azure Monitor Logs deployment](/azure/azure-monitor/logs/design-logs-deployment)
 
-### <a id="audit-event-hub-destination"></a>Audit to Event Hub destination
+### <a id="audit-event-hub-destination"></a>Audit to Event Hubs destination
 
 To configure writing audit logs to an event hub, select **Event Hub**. Select the event hub where logs will be written and then click **Save**. Be sure that the event hub is in the same region as your database and server.
 

azure-sql/database/auto-failover-group-configure-sql-db.md

@@ -107,6 +107,9 @@ Create your failover group and add your database to it using PowerShell.
    Write-host "Successfully added the database to the failover group..."
    ```
 
+> [!NOTE]
+> It's possible to deploy your auto-failover group across subscriptions by using the `-PartnerSubscriptionId` parameter in Azure Powershell starting with [Az.SQL 3.11.0](https://www.powershellgallery.com/packages/Az.Sql/3.11.0). To learn more, review the following [Example](/powershell/module/az.sql/new-azsqldatabasefailovergroup#example-3). 
+
 ---
 
 ## Test failover

azure-sql/database/automated-backups-overview.md

@@ -5,7 +5,7 @@ description: Learn how Azure SQL Database automatically backs up all databases a
 author: SudhirRaparla
 ms.author: nvraparl
 ms.reviewer: mathoma, wiassaf, danil
-ms.date: 07/20/2022
+ms.date: 09/14/2022
 ms.service: sql-database
 ms.subservice: backup-restore
 ms.topic: conceptual
@@ -211,7 +211,7 @@ If you delete a database, the system keeps backups in the same way that it would
 
 For SQL Database, you can configure full LTR backups for up to 10 years in Azure Blob Storage. After the LTR policy is configured, full backups are automatically copied to a different storage container weekly. 
 
-To meet various compliance requirements, you can select different retention periods for weekly, monthly, and/or yearly full backups. The frequency depends on the policy. For example, setting `W=0, M=1` would create an LTR copy monthly. For more information about LTR, see [Long-term retention](long-term-retention-overview.md). Databases in the Hyperscale service tier don't currently support long-term retention. 
+To meet various compliance requirements, you can select different retention periods for weekly, monthly, and/or yearly full backups. The frequency depends on the policy. For example, setting `W=0, M=1` would create an LTR copy monthly. For more information about LTR, see [Long-term retention](long-term-retention-overview.md). Databases in the Hyperscale service tier don't currently support long-term retention.
 
 Updating the backup storage redundancy for an existing database applies the change only to subsequent backups taken in the future and not for existing backups. All existing LTR backups for the database will continue to reside in the existing storage blob. New backups will be replicated based on the configured backup storage redundancy. 
 

azure-sql/database/connect-query-nodejs.md

@@ -152,6 +152,7 @@ Open a command prompt and create a folder named *sqltest*. Open the folder you c
       } else {
         queryDatabase();
       }
+      connection.close();
     });
 
     connection.connect();

azure-sql/database/dns-alias-overview.md

@@ -18,7 +18,7 @@ Azure SQL Database has a Domain Name System (DNS) server. PowerShell and REST AP
 A *DNS alias* can be used in place of the server name. Client programs can use the alias in their connection strings. The DNS alias provides a translation layer that can redirect your client programs to different servers. This layer spares you the difficulties of having to find and edit all the clients and their connection strings.
 
 > [!NOTE]
-> In Azure Synapse Analytics, the Azure SQL logical server DNS alias is only supported for dedicated SQL Pool (formerly DW). For dedicated SQL pools in Azure Synapse workspaces, the DNS alias is not currently supported.
+> In Azure Synapse Analytics, the Azure SQL logical server DNS alias is only supported for dedicated SQL Pool (formerly DW). For dedicated SQL pools in Azure Synapse workspaces, the DNS alias is not currently supported. [What's the difference?](https://aka.ms/dedicatedSQLpooldiff)
 
 Common uses for a DNS alias include the following cases:
 
@@ -114,4 +114,4 @@ Presently, a DNS alias has the following limitations:
 
 ## Next steps
 
-- [PowerShell for DNS Alias to Azure SQL Database](dns-alias-powershell-create.md)
+- [PowerShell for DNS Alias to Azure SQL Database](dns-alias-powershell-create.md)

azure-sql/database/doc-changes-updates-release-notes-whats-new.md

@@ -4,7 +4,7 @@ titleSuffix: Azure SQL Database
 description: Learn about the new features and documentation improvements for Azure SQL Database.
 author: MashaMSFT
 ms.author: mathoma
-ms.date: 08/01/2022
+ms.date: 09/14/2022
 ms.service: sql-database
 ms.subservice: service-overview
 ms.topic: conceptual
@@ -42,7 +42,7 @@ The following table lists the features of Azure SQL Database that are currently
 | [SQL Database emulator](local-dev-experience-sql-database-emulator.md) | The Azure SQL Database emulator provides the ability to locally validate database and query design together with client application code in a simple and frictionless model as part of the application development process. | 
 | [SQL Database Projects extension](/sql/azure-data-studio/extensions/sql-database-project-extension) | An extension to develop databases for Azure SQL Database with Azure Data Studio and VS Code. A SQL project is a local representation of SQL objects that comprise the schema for a single database, such as tables, stored procedures, or functions. | 
 | [SQL Insights](/azure/azure-monitor/insights/sql-insights-overview) | SQL Insights (preview) is a comprehensive solution for monitoring any product in the Azure SQL family. SQL Insights (preview) uses dynamic management views to expose the data you need to monitor health, diagnose problems, and tune performance.|
-
+| [UMI for auditing](auditing-overview.md) | Configure the storage account for your SQL auditing logs by using User Managed Identity (UMI). | 
 
 ## General availability (GA)
 
@@ -68,11 +68,20 @@ The following table lists the features of Azure SQL Database that have transitio
 
 Learn about significant changes to the Azure SQL Database documentation.
 
+### September 2022
+
+| Changes | Details |
+| --- | --- |
+| **Cross-subscription failover group with Azure PowerShell** | It's now possible to deploy your auto-failover group for a single database across subscriptions by using Azure PowerShell. To learn more, review [Configure auto-failover group](auto-failover-group-configure-sql-db.md?view=azuresql&tabs=azure-powershell&pivots=azure-sql-single-db&preserve-view=true#create-failover-group). |
+| **UMI support for auditing preview** | It's now possible to configure the storage account used for SQL auditing logs by using User Managed Identity (UMI). This feature is currently in preview. Review [auditing](auditing-overview.md) to learn more. |
+
+
 ### August 2022
 
 | Changes | Details |
 | --- | --- |
-| **Zone redundant configuration for Hyperscale databases** | The zone redundant configuration feature utilizes [Azure Availability Zones](/azure/availability-zones/az-overview#availability-zones) to replicate databases across multiple physical locations within an Azure region. By selecting [zone redundancy](high-availability-sla.md#hyperscale-service-tier-zone-redundant-availability), you can make your Hyperscale databases resilient to a much larger set of failures, including catastrophic datacenter outages, without any changes to the application logic. This configuration option is now generally available. To learn more, review  [Zone redundant configuration for Hyperscale databases](high-availability-sla.md#hyperscale-service-tier-zone-redundant-availability). |
+| **Zone redundant configuration for Hyperscale databases GA** | The zone redundant configuration feature utilizes [Azure Availability Zones](/azure/availability-zones/az-overview#availability-zones) to replicate databases across multiple physical locations within an Azure region. By selecting [zone redundancy](high-availability-sla.md#hyperscale-service-tier-zone-redundant-availability), you can make your Hyperscale databases resilient to a much larger set of failures, including catastrophic datacenter outages, without any changes to the application logic. This configuration option is now generally available. To learn more, review  [Zone redundant configuration for Hyperscale databases](high-availability-sla.md#hyperscale-service-tier-zone-redundant-availability). |
+| **Query Store hints GA** | You can use query hints to optimize your query execution via the OPTION clause. This feature is now generally available for Azure SQL Database. To learn more, review [Query Store hints](/sql/relational-databases/performance/query-store-hints?view=azuresqldb-current&preserve-view=true). |
 
 ### June 2022
 

azure-sql/database/elastic-query-vertical-partitioning.md

@@ -109,7 +109,10 @@ CREATE EXTERNAL TABLE [dbo].[customer]
       [c_lastname] nvarchar(256) NOT NULL,
       [street] nvarchar(256) NOT NULL,
       [city] nvarchar(256) NOT NULL,
-      [state] nvarchar(20) NULL,
+      [state] nvarchar(20) NULL
+   )
+   WITH
+   (
       DATA_SOURCE = RemoteReferenceData
    );
 ```