Merging changes synced from https://github.com/MicrosoftDocs/sql-docs-pr (branch live)

Author: Learn Build Service GitHub App

azure-sql/database/transparent-data-encryption-byok-identity.md

@@ -56,6 +56,7 @@ In addition to the system-assigned managed identity that is already supported fo
 - If the key vault is behind a VNet that uses a firewall, the option to **Allow Trusted Microsoft Services to bypass this firewall** must be enabled in the key vault's **Networking** menu if you want to use a user-assigned managed identity. Once this option is enabled, available keys can't be listed in the SQL server TDE menu in the Azure portal. To set an individual CMK, a *key identifier* must be used. When the option to **Allow Trusted Microsoft Services to bypass this firewall** isn't enabled, the following error is returned:
   - `The managed identity with ID '/subscriptions/subsriptionID/resourcegroups/resource_name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/umi_name' requires the following Azure Key Vault permissions: 'Get, WrapKey, UnwrapKey' to the key 'https://keyvault_name/keys/key_name'. Please grant the missing permissions to the identity. (https://aka.ms/sqltdebyokcreateserver).`
   - If you get the above error, check if the key vault is behind a virtual network or firewall, and make sure the option **Allow Trusted Microsoft Services to bypass this firewall** is enabled.
+- The **Allow Trusted Microsoft Services to bypass this firewall** option is currently not available in [National clouds](/azure/active-directory/develop/authentication-national-cloud).
 - A system-assigned managed identity can be used without the option to **Allow Trusted Microsoft Services to bypass this firewall** enabled. For more information, see [Configure Azure Key Vault firewalls and virtual networks](/azure/key-vault/general/network-security).
 - User Assigned Managed Identity for SQL Managed Instance is currently not supported when AKV firewall is enabled.
 - When multiple user-assigned managed identities are assigned to the server or managed instance, if a single identity is removed from the server using the *Identity* blade of the Azure portal, the operation succeeds but the identity doesn't get removed from the server. Removing all user-assigned managed identities together from the Azure portal works successfully.
@@ -68,4 +69,4 @@ In addition to the system-assigned managed identity that is already supported fo
 
 ## See also
 
-- [Create an Azure SQL Managed Instance with a user-assigned managed identity](../managed-instance/authentication-azure-ad-user-assigned-managed-identity-create-managed-instance.md)
+- [Create an Azure SQL Managed Instance with a user-assigned managed identity](../managed-instance/authentication-azure-ad-user-assigned-managed-identity-create-managed-instance.md)

azure-sql/includes/sql-vm-feature-benefits.md

@@ -8,15 +8,15 @@ ms.topic: include
 
 | Feature | Description |
 | --- | --- |
-| **Portal management** | Unlocks [management in the portal](../virtual-machines/windows/manage-sql-vm-portal.md), so that you can view all of your SQL Server VMs in one place, and enable or disable SQL specific features directly from the portal. <br/> Management mode: Lightweight & full|  
-| **Automated backup** |Automates the scheduling of backups for all databases for either the default instance or a [properly installed named instance](../virtual-machines/windows/frequently-asked-questions-faq.yml#can-i-use-a-named-instance-of-sql-server-with-the-iaas-extension-) of SQL Server on the VM. For more information, see [Automated backup for SQL Server in Azure virtual machines (Resource Manager)](../virtual-machines/windows/automated-backup-sql-2014.md). <br/> Management mode: Full|
-| **Automated patching** |Configures a maintenance window during which important Windows and SQL Server security updates to your VM can take place, so you can avoid updates during peak times for your workload. For more information, see [Automated patching for SQL Server in Azure virtual machines (Resource Manager)](../virtual-machines/windows/automated-patching.md). <br/> Management mode: Full|
-| **Azure Key Vault integration** |Enables you to automatically install and configure Azure Key Vault on your SQL Server VM. For more information, see [Configure Azure Key Vault integration for SQL Server on Azure Virtual Machines (Resource Manager)](../virtual-machines/windows/azure-key-vault-integration-configure.md). <br/> Management mode: Full|
-| **Flexible licensing** | Save on cost by [seamlessly transitioning](../virtual-machines/windows/licensing-model-azure-hybrid-benefit-ahb-change.md) from the bring-your-own-license (also known as the Azure Hybrid Benefit) to the pay-as-you-go licensing model and back again. <br/> Management mode: Lightweight & full| 
-| **Flexible version / edition** | If you decide to change the [version](../virtual-machines/windows/change-sql-server-version.md) or [edition](../virtual-machines/windows/change-sql-server-edition.md) of SQL Server, you can update the metadata within the Azure portal without having to redeploy the entire SQL Server VM.  <br/> Management mode: Lightweight & full| 
-| **Configure tempdb** | You can [configure your tempdb](../virtual-machines/windows/manage-sql-vm-portal.md#storage) directly from the Azure portal, such as specifying the number of files, their initial size, their location, and the autogrowth ratio. Restart your SQL Server service for the changes to take effect. <br/> Management mode: Full | 
-| **Defender for Cloud portal integration** | If you've enabled [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-usage), then you can view Defender for Cloud recommendations directly in the [SQL virtual machines](../virtual-machines/windows/manage-sql-vm-portal.md) resource of the Azure portal. See [Security best practices](../virtual-machines/windows/security-considerations-best-practices.md) to learn more.  <br/> Management mode: Lightweight & full|
-| **SQL best practices assessment** | Enables you to assess the health of your SQL Server VMs using configuration best practices. For more information, see [SQL best practices assessment](../virtual-machines/windows/sql-assessment-for-sql-vm.md).  <br/> Management mode: Full| 
-| **View disk utilization in portal** | Allows you to view a graphical representation of the disk utilization of your SQL data files in the Azure portal.  <br/> Management mode: Full | 
+| **Portal management** | Unlocks [management in the portal](../virtual-machines/windows/manage-sql-vm-portal.md), so that you can view all of your SQL Server VMs in one place, and enable or disable SQL specific features directly from the portal. <br /> <br /> Included with basic registration.  |  
+| **Automated backup** |Automates the scheduling of backups for all databases for either the default instance or a [properly installed named instance](../virtual-machines/windows/frequently-asked-questions-faq.yml#can-i-use-a-named-instance-of-sql-server-with-the-iaas-extension-) of SQL Server on the VM. For more information, see [Automated backup for SQL Server in Azure virtual machines (Resource Manager)](../virtual-machines/windows/automated-backup-sql-2014.md). <br /> <br /> Requires SQL IaaS Agent extension. |
+| **Automated patching** |Configures a maintenance window during which important Windows and SQL Server security updates to your VM can take place, so you can avoid updates during peak times for your workload. For more information, see [Automated patching for SQL Server in Azure virtual machines (Resource Manager)](../virtual-machines/windows/automated-patching.md). <br /> <br /> Requires SQL IaaS Agent extension. |
+| **Azure Key Vault integration** |Enables you to automatically install and configure Azure Key Vault on your SQL Server VM. For more information, see [Configure Azure Key Vault integration for SQL Server on Azure Virtual Machines (Resource Manager)](../virtual-machines/windows/azure-key-vault-integration-configure.md). <br /> <br /> Requires SQL IaaS Agent extension. |
+| **Flexible licensing** | Save on cost by [seamlessly transitioning](../virtual-machines/windows/licensing-model-azure-hybrid-benefit-ahb-change.md) from the bring-your-own-license (also known as the Azure Hybrid Benefit) to the pay-as-you-go licensing model and back again. <br /> <br /> Included with basic registration. | 
+| **Flexible version / edition** | If you decide to change the [version](../virtual-machines/windows/change-sql-server-version.md) or [edition](../virtual-machines/windows/change-sql-server-edition.md) of SQL Server, you can update the metadata within the Azure portal without having to redeploy the entire SQL Server VM.  <br /> <br /> Included with basic registration.   | 
+| **Configure tempdb** | You can [configure your tempdb](../virtual-machines/windows/manage-sql-vm-portal.md#storage) directly from the Azure portal, such as specifying the number of files, their initial size, their location, and the autogrowth ratio. Restart your SQL Server service for the changes to take effect. <br /> <br /> Requires SQL IaaS Agent extension.  | 
+| **Defender for Cloud portal integration** | If you've enabled [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-usage), then you can view Defender for Cloud recommendations directly in the [SQL virtual machines](../virtual-machines/windows/manage-sql-vm-portal.md) resource of the Azure portal. See [Security best practices](../virtual-machines/windows/security-considerations-best-practices.md) to learn more. <br /> <br /> Requires SQL IaaS Agent extension. |
+| **SQL best practices assessment** | Enables you to assess the health of your SQL Server VMs using configuration best practices. For more information, see [SQL best practices assessment](../virtual-machines/windows/sql-assessment-for-sql-vm.md). <br /> <br /> Requires SQL IaaS Agent extension. | 
+| **View disk utilization in portal** | Allows you to view a graphical representation of the disk utilization of your SQL data files in the Azure portal. <br /> <br /> Requires SQL IaaS Agent extension. | 
 
 

azure-sql/includes/sql-vm-iaas-extension-permissions.md

@@ -1,11 +1,11 @@
 ---
-title: SQL IaaS extension least privilege 
+title: "SQL IaaS extension note: least privilege & management mode"
 description: An include note to highlight differences in permissions models added for SQL VM in October 2022. 
 author: MashaMSFT
 ms.author: mathoma
 ms.topic: include
 ---
 
 > [!NOTE]
-> October 2022 introduced the least privileged model for the SQL Server IaaS Agent extension. SQL Server VMs deployed via the Azure marketplace after this date have the least privileged model enabled by default. To learn more, review [SQL IaaS extension permissions](../virtual-machines/windows/sql-server-iaas-agent-extension-automate-management.md#permissions-models)
-
+> SQL Server VMs deployed via the Azure marketplace after October 2022 have the [least privileged model](../virtual-machines/windows/sql-server-iaas-agent-extension-automate-management.md#permissions-models) enabled by default. 
+> [Management modes](../virtual-machines/windows/sql-server-iaas-agent-extension-automate-management.md#management-modes) for the SQL IaaS Agent extension were removed in March 2023. 

azure-sql/virtual-machines/linux/rhel-high-availability-stonith-tutorial.md

@@ -5,6 +5,7 @@ author: VanMSFT
 ms.author: vanto
 ms.date: 06/25/2020
 ms.service: virtual-machines-sql
+ms.subservice: hadr
 ms.topic: tutorial
 ---
 # Tutorial: Configure availability groups for SQL Server on RHEL virtual machines in Azure 

azure-sql/virtual-machines/linux/sles-high-availability-stonith-tutorial.md

@@ -6,6 +6,7 @@ ms.author: randolphwest
 ms.reviewer: amitkh
 ms.date: 03/08/2023
 ms.service: virtual-machines-sql
+ms.subservice: hadr
 ms.topic: tutorial
 ---
 # Tutorial: Configure availability groups for SQL Server on SLES virtual machines in Azure

azure-sql/virtual-machines/windows/automated-backup-sql-2014.md

@@ -42,8 +42,7 @@ To use Automated Backup, consider the following prerequisites:
 **Database configuration**:
 
 - Target _user_ databases must use the full recovery model. System databases do not have to use the full recovery model. However, if you require log backups to be taken for `model` or `msdb`, you must use the full recovery model. For more information about the impact of the full recovery model on backups, see [Backup under the full recovery model](/previous-versions/sql/sql-server-2008-r2/ms190217(v=sql.105)). 
-- The SQL Server VM has been registered with the SQL IaaS Agent extension in [full management mode](sql-agent-extension-manually-register-single-vm.md#upgrade-to-full). 
--  Automated backup relies on the full [SQL Server IaaS Agent Extension](sql-server-iaas-agent-extension-automate-management.md). As such, automated backup is only supported on target databases from the default instance, or a single named instance. If there is no default instance, and multiple named instances, the SQL IaaS extension fails and automated backup will not work. 
+- The SQL Server VM has been registered with the [SQL IaaS Agent extension](sql-server-iaas-agent-extension-automate-management.md) and the **automated backup** feature is enabled. Since automated backup relies on the extension, automated backup is only supported on target databases from the default instance, or a single named instance. If there is no default instance, and multiple named instances, the SQL IaaS Agent extension fails and automated backup won't work. 
 
 ## Settings
 

azure-sql/virtual-machines/windows/automated-backup.md

@@ -38,8 +38,7 @@ To use Automated Backup v2, review the following prerequisites:
 **Database configuration**:
 
 - Target _user_ databases must use the full recovery model. System databases do not have to use the full recovery model. However, if you require log backups to be taken for `model` or `msdb`, you must use the full recovery model. For more information about the impact of the full recovery model on backups, see [Backup under the full recovery model](/previous-versions/sql/sql-server-2008-r2/ms190217(v=sql.105)). 
-- The SQL Server VM has been registered with the SQL IaaS Agent extension in [full management mode](sql-agent-extension-manually-register-single-vm.md#upgrade-to-full). 
--  Automated backup relies on the full [SQL Server IaaS Agent Extension](sql-server-iaas-agent-extension-automate-management.md). As such, automated backup is only supported on target databases from the default instance, or a single named instance. If there is no default instance, and multiple named instances, the SQL IaaS extension fails and automated backup will not work. 
+- The SQL Server VM has been registered with the [SQL IaaS Agent extension](sql-server-iaas-agent-extension-automate-management.md) and the **automated backup** feature is enabled. Since automated backup relies on the extension, automated backup is only supported on target databases from the default instance, or a single named instance. If there is no default instance, and multiple named instances, the SQL IaaS Agent extension fails and automated backup won't work. 
 
 ## Settings
 The following table describes the options that can be configured for Automated Backup. The actual configuration steps vary depending on whether you use the Azure portal or Azure Windows PowerShell commands. Note that Automated backup uses [backup compression](/sql/database-engine/configure-windows/view-or-configure-the-backup-compression-default-server-configuration-option) by default and you cannot disable it.

azure-sql/virtual-machines/windows/azure-key-vault-integration-configure.md

@@ -29,7 +29,7 @@ When this feature is enabled, it automatically installs the SQL Server Connector
 [!INCLUDE [Prepare for Key Vault integration](../../includes/virtual-machines-sql-server-akv-prepare.md)]
 
   >[!NOTE]
-  > Extensible Key Management (EKM) Provider version  1.0.4.0 is installed on the SQL Server VM through the [SQL infrastructure as a service (IaaS) extension](./sql-server-iaas-agent-extension-automate-management.md). Upgrading the SQL IaaS extension will not update the provider version. Please considering manually upgrading the EKM provider version if needed (for example, when migrating to a SQL Managed Instance).
+  > Extensible Key Management (EKM) Provider version  1.0.4.0 is installed on the SQL Server VM through the [SQL infrastructure as a service (IaaS) extension](./sql-server-iaas-agent-extension-automate-management.md). Upgrading the SQL IaaS Agent extension will not update the provider version. Please considering manually upgrading the EKM provider version if needed (for example, when migrating to a SQL Managed Instance).
 
 
 ## Enable and configure Key Vault integration

azure-sql/virtual-machines/windows/change-sql-server-version.md

@@ -97,7 +97,7 @@ After you change the version of SQL Server, register your SQL Server VM with the
 :::image type="content" source="./media/change-sql-server-version/verify-portal.png" alt-text="Verify version":::
 
 > [!NOTE]
-> If you have already registered with the SQL IaaS Agent extension, [unregister from the RP](sql-agent-extension-manually-register-single-vm.md#unregister-from-extension) and then [Register the SQL VM resource](sql-agent-extension-manually-register-single-vm.md#full-mode) again so that it detects the correct version and edition of SQL Server that is installed on the VM. This updates the metadata and billing information that is associated with this VM.
+> If you have already registered with the SQL IaaS Agent extension, [unregister from the RP](sql-agent-extension-manually-register-single-vm.md#unregister-from-extension) and then [Register the SQL VM resource](sql-agent-extension-manually-register-single-vm.md#register-with-extension) again so that it detects the correct version and edition of SQL Server that is installed on the VM. This updates the metadata and billing information that is associated with this VM.
 
 ## Remarks
 

azure-sql/virtual-machines/windows/create-sql-vm-powershell.md

@@ -445,7 +445,7 @@ $VirtualMachine = Set-AzVMSourceImage -VM $VirtualMachine -PublisherName $Publis
 # Create the VM in Azure
 New-AzVM -ResourceGroupName $ResourceGroupName -Location $Location -VM $VirtualMachine
 
-# Add the SQL IaaS Extension, and choose the license type
+# Add the SQL IaaS Agent Extension, and choose the license type
 New-AzSqlVM -ResourceGroupName $ResourceGroupName -Name $VMName -Location $Location -LicenseType <PAYG/AHUB> 
 ```