MicrosoftDocs
diff --git a/‎azure-sql/database/connectivity-settings.md‎
Lines changed: 68 additions & 23 deletions b/‎azure-sql/database/connectivity-settings.md‎
Lines changed: 68 additions & 23 deletions
diff --git a/‎azure-sql/database/firewall-create-server-level-portal-quickstart.md‎
Lines changed: 9 additions & 9 deletions b/‎azure-sql/database/firewall-create-server-level-portal-quickstart.md‎
Lines changed: 9 additions & 9 deletions
@@ -10,7 +10,7 @@ ms.topic: how-to
 author: rohitnayakmsft
 ms.author: rohitna
 ms.reviewer: wiassaf, mathoma, vanto
-ms.date: 08/03/2021
+ms.date: 07/14/2022
 ms.custom:
   - "devx-track-azurepowershell"
   - "devx-track-azurecli"
@@ -23,21 +23,20 @@ ms.devlang:
 
 This article introduces settings that control connectivity to the server for Azure SQL Database and [dedicated SQL pool (formerly SQL DW)](/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is) in Azure Synapse Analytics. These settings apply to all SQL Database and dedicated SQL pool (formerly SQL DW) databases associated with the server.
 
-> [!IMPORTANT]
-> This article doesn't apply to Azure SQL Managed Instance. This article also does not apply to dedicated SQL pools in Azure Synapse Analytics workspaces. See [Azure Synapse Analytics IP firewall rules](/azure/synapse-analytics/security/synapse-workspace-ip-firewall) for guidance on how to configure IP firewall rules for Azure Synapse Analytics with workspaces.
 
-The connectivity settings are accessible from the **Firewalls and virtual networks** screen as shown in the following screenshot:
+You can change these settings from the networking tab of your [logical server](logical-servers.md): 
 
-:::image type="content" source="media/single-database-create-quickstart/manage-connectivity-settings.png" alt-text="Screenshot of the Firewalls and virtual networks settings in Azure portal for SQL server":::
+:::image type="content" source="media/connectivity-settings/manage-connectivity-settings.png" alt-text="Screenshot of the Firewalls and virtual networks settings in Azure portal for SQL server.":::
+
+> [!IMPORTANT]
+> This article doesn't apply to Azure SQL Managed Instance. This article also does not apply to dedicated SQL pools in Azure Synapse Analytics workspaces. See [Azure Synapse Analytics IP firewall rules](/azure/synapse-analytics/security/synapse-workspace-ip-firewall) for guidance on how to configure IP firewall rules for Azure Synapse Analytics with workspaces.
 
-> [!NOTE]
-> These settings take effect immediately after they're applied. Your customers might experience connection loss if they don't meet the requirements for each setting.
 
 ## Deny public network access
 
-The default for this setting is **No** so that customers can connect by using either public endpoints (with IP-based server- level firewall rules or with virtual-network firewall rules) or private endpoints (by using Azure Private Link), as outlined in the [network access overview](network-access-controls-overview.md).
+The default for the **Connectivity method** setting is **No access** so that customers can connect by using either public endpoints (with IP-based server- level firewall rules or with virtual-network firewall rules) or private endpoints (by using Azure Private Link), as outlined in the [network access overview](network-access-controls-overview.md).
 
-When **Deny public network access** is set to **Yes**, only connections via private endpoints are allowed. All connections via public endpoints will be denied with an error message similar to:  
+When **Connectivity method** is set to **No access**, only connections via private endpoints are allowed. All connections via public endpoints will be denied with an error message similar to:  
 
 ```output
 Error 47073
@@ -46,16 +45,37 @@ The public network interface on this server is not accessible.
 To connect to this server, use the Private Endpoint from inside your virtual network.
 ```
 
-When **Deny public network access** is set to **Yes**, any attempts to add, remove or edit any firewall rules will be denied with an error message similar to:
+When **Connectivity method** is set to **No access**, any attempts to add, remove or edit any firewall rules will be denied with an error message similar to:
 
 ```output
 Error 42101
 Unable to create or modify firewall rules when public network interface for the server is disabled. 
 To manage server or database level firewall rules, please enable the public network interface.
 ```
-Ensure that **Deny public network access** is set to **No** to be able to add, remove or edit any firewall rules for Azure Sql
 
-## Change public network access via PowerShell
+Ensure that **Connectivity method** is set to **Public endpoint** or **Private endpoint** to be able to add, remove or edit any firewall rules for Azure SQL Database and Azure Synapse Analytics. 
+
+## Change public network access 
+
+It's possible to change the public network access via the Azure portal, Azure PowerShell, and the Azure CLI. 
+
+### [Portal](#tab/azure-portal)
+
+To enable public network access for the logical server hosting your databases, go to the **Networking page** in the [Azure portal](https://portal.azure.com), choose the **Public access** tab, and then set the **Public network access** to **Select networks**. 
+
+
+From this page, you can add a virtual network rule, as well as configure firewall rules for your public endpoint. 
+
+Choose the **Private access** tab to configure a [private endpoint](private-endpoint-overview.md). 
+
+
+> [!NOTE]
+> These settings take effect immediately after they're applied. Your customers might experience connection loss if they don't meet the requirements for each setting.
+
+### [PowerShell](#tab/azure-powershell)
+
+It's possible to change public network access by using Azure PowerShell. 
+
 
 > [!IMPORTANT]
 > Azure SQL Database still supports the PowerShell Azure Resource Manager module, but all future development is for the Az.Sql module. For these cmdlets, see [AzureRM.Sql](/powershell/module/AzureRM.Sql/). The arguments for the commands in the Az module and in the AzureRm modules are substantially identical. The following script requires the [Azure PowerShell module](/powershell/azure/install-az-ps).
@@ -72,13 +92,13 @@ $SecureString = ConvertTo-SecureString "password" -AsPlainText -Force
 Set-AzSqlServer -ServerName sql-server-name -ResourceGroupName sql-server-group -SqlAdministratorPassword $SecureString -PublicNetworkAccess "Disabled"
 ```
 
-## Change public network access via CLI
+### [Azure CLI](#tab/azure-cli)
+
+It's possible to change the public network settings by using the Azure CLI. 
 
 > [!IMPORTANT]
 > All scripts in this section require the [Azure CLI](/cli/azure/install-azure-cli).
 
-### Azure CLI in a Bash shell
-
 The following CLI script shows how to change the **Public Network Access** setting in a Bash shell:
 
 ```azurecli-interactive
@@ -90,9 +110,11 @@ az sql server show -n sql-server-name -g sql-server-group --query "publicNetwork
 az sql server update -n sql-server-name -g sql-server-group --set publicNetworkAccess="Disabled"
 ```
 
+---
+
 ## Minimal TLS version 
 
-The minimal [Transport Layer Security (TLS)](https://support.microsoft.com/help/3135244/tls-1-2-support-for-microsoft-sql-server) version setting allows customers to choose which version of TLS their SQL database uses.
+The minimal [Transport Layer Security (TLS)](https://support.microsoft.com/help/3135244/tls-1-2-support-for-microsoft-sql-server) version setting allows customers to choose which version of TLS their SQL database uses. It's possible to change the minimum TLS version by using the Azure portal, Azure PowerShell, and the Azure CLI. 
 
 Currently, we support TLS 1.0, 1.1, and 1.2. Setting a minimal TLS version ensures that newer TLS versions are supported. For example, choosing a TLS version 1.1 means only connections with TLS 1.1 and 1.2 are accepted, and connections with TLS 1.0 are rejected. After you test to confirm that your applications support it, we recommend setting the minimal TLS version to 1.2. This version includes fixes for vulnerabilities in previous versions and is the highest version of TLS that's supported in Azure SQL Database.
 
@@ -110,11 +132,15 @@ Error 47072
 Login failed with invalid TLS version
 ```
 
-## Set the minimal TLS version in Azure portal
+### [Portal](#tab/azure-portal)
 
-In the [Azure portal](https://portal.azure.com), go to your **SQL server** resource. Under the **Security** settings, select **Firewalls and virtual networks**. Select the **Minimum TLS Version** desired for all SQL Databases associated with the server, and select **Save**.
+In the [Azure portal](https://portal.azure.com), go to your **SQL server** resource. Under the **Security** settings, select **Networking** and then choose the **Connectivity** tab. Select the **Minimum TLS Version** desired for all databases associated with the server, and select **Save**.
 
-## Set the minimal TLS version via PowerShell
+:::image type="content" source="media/connectivity-settings/minimal-tls-version.png" alt-text="Screenshot of the Connectivity tab of the Networking settings for your logical server, minimal TLS version drop-down selected." lightbox="media/connectivity-settings/minimal-tls-version.png":::
+
+### [PowerShell](#tab/azure-powershell)
+
+It's possible to change the minimum TLS version by using Azure PowerShell. 
 
 > [!IMPORTANT]
 > Azure SQL Database still supports the PowerShell Azure Resource Manager module, but all future development is for the Az.Sql module. For these cmdlets, see [AzureRM.Sql](/powershell/module/AzureRM.Sql/). The arguments for the commands in the Az module and in the AzureRm modules are substantially identical. The following script requires the [Azure PowerShell module](/powershell/azure/install-az-ps).
@@ -131,12 +157,13 @@ $SecureString = ConvertTo-SecureString "password" -AsPlainText -Force
 Set-AzSqlServer -ServerName sql-server-name -ResourceGroupName sql-server-group -SqlAdministratorPassword $SecureString  -MinimalTlsVersion "1.2"
 ```
 
-## Set the minimal TLS version via the Azure CLI
+### [Azure CLI](#tab/azure-cli)
+
+It's possible to change the minimum TLS settings by using the Azure CLI. 
 
 > [!IMPORTANT]
 > All scripts in this section require the [Azure CLI](/cli/azure/install-azure-cli).
 
-### Azure CLI in a Bash shell
 
 The following CLI script shows how to change the **Minimal TLS Version** setting in a Bash shell:
 
@@ -148,11 +175,25 @@ az sql server show -n sql-server-name -g sql-server-group --query "minimalTlsVer
 az sql server update -n sql-server-name -g sql-server-group --set minimalTlsVersion="1.2"
 ```
 
+---
+
 ## Change the connection policy
 
 [Connection policy](connectivity-architecture.md#connection-policy) determines how customers connect to Azure SQL Database.
 
-## Change the connection policy via PowerShell
+It's possible to change the connection policy by using the Azure portal, Azure PowerShell, and the Azure CLI. 
+
+### [Portal](#tab/azure-portal)
+
+It's possible to change your connection policy for your logical server by using the Azure portal. 
+
+In the [Azure portal](https://portal.azure.com), go to your **SQL server** resource. Under the **Security** settings, select **Networking** and then choose the **Connectivity** tab. Choose the desired connection policy, and select **Save**.
+
+:::image type="content" source="media/connectivity-settings/change-connection-policy.png" alt-text="Screenshot of the Connectivity tab of the Networking page, Connection policy selected.":::
+
+### [PowerShell](#tab/azure-powershell)
+
+It's possible to change the connection policy for your logical server by using Azure PowerShell. 
 
 > [!IMPORTANT]
 > Azure SQL Database still supports the PowerShell Azure Resource Manager module, but all future development is for the Az.Sql module. For these cmdlets, see [AzureRM.Sql](/powershell/module/AzureRM.Sql/). The arguments for the commands in the Az module and in the AzureRm modules are substantially identical. The following script requires the [Azure PowerShell module](/powershell/azure/install-az-ps).
@@ -173,7 +214,9 @@ $id="$sqlserverid/connectionPolicies/Default"
 Set-AzResource -ResourceId $id -Properties @{"connectionType" = "Proxy"} -f
 ```
 
-## Change the connection policy via the Azure CLI
+### [Azure CLI](#tab/azure-cli)
+
+It's possible to change the connection policy for your logical server by using the Azure CLI. 
 
 > [!IMPORTANT]
 > All scripts in this section require the [Azure CLI](/cli/azure/install-azure-cli).
@@ -211,6 +254,8 @@ az resource show --ids %sqlserverid%
 az resource update --ids %sqlserverid% --set properties.connectionType=Proxy
 ```
 
+---
+
 ## Next steps
 
 - For an overview of how connectivity works in Azure SQL Database, refer to [Connectivity architecture](connectivity-architecture.md).
 
@@ -8,7 +8,7 @@ ms.topic: quickstart
 author: rohitnayakmsft
 ms.author: rohitna
 ms.reviewer: kendralittle, mathoma, vanto
-ms.date: 06/06/2022
+ms.date: 07/14/2022
 ms.custom: kr2b-contr-experiment
 ---
 # Quickstart: Create a server-level firewall rule in Azure portal
@@ -35,27 +35,27 @@ Sign in to [Azure portal](https://portal.azure.com/).
 
 We'll use the following steps to create a server-level IP-based, firewall rule for a specific, client IP address. This enables external connectivity for that IP address through the Azure SQL Database firewall.
 
-1. After the [database](#prerequisites) deployment completes, select **SQL databases** from the left-hand menu and then select **mySampleDatabase** on the **SQL databases** page. The overview page for your database opens. It displays the fully qualified server name (such as **mynewserver-20170824.database.windows.net**) and provides options for further configuration.
+1. After the [database](#prerequisites) deployment completes, select **SQL databases** from the left-hand menu and then select **mySampleDatabase** on the **SQL databases** page. The overview page for your database opens. It displays the fully qualified server name (such as **mydocssampleserver.database.windows.net**) and provides options for further configuration. You can also find the firewall settings by navigating directly to your server, and selecting **Networking** under **Security**. 
 
-2. Copy the fully qualified server name. You will use it when you connect to your server and its databases in other quickstarts.
+2. Copy the fully qualified server name. You will use it when you connect to your server and its databases in other quickstarts. Select **Set server firewall** on the toolbar. 
 
-   :::image type="content" source="./media/firewall-create-server-level-portal-quickstart/server-name.png" alt-text="A screenshot that shows where to copy your server name.":::
+   :::image type="content" source="./media/firewall-create-server-level-portal-quickstart/server-name.png" alt-text="A screenshot that shows where to copy your server name, and how to set server firewall on the toolbar." lightbox="./media/firewall-create-server-level-portal-quickstart/server-name.png":::
 
-3. Select **Set server firewall** on the toolbar. The **Firewall settings** page for the server opens.
+3. Set **Public network access** to **Selected networks** to reveal the virtual networks and firewall rules. When set to **Disabled**, virtual networks and firewall rule settings are hidden. 
 
-   :::image type="content" source="./media/firewall-create-server-level-portal-quickstart/server-firewall-rule.png" alt-text="A screenshot that shows configuration of a server-level IP firewall rule.":::
+   :::image type="content" source="./media/firewall-create-server-level-portal-quickstart/server-firewall-rule.png" alt-text="A screenshot that shows configuration of a server-level IP firewall rule." lightbox="./media/firewall-create-server-level-portal-quickstart/server-firewall-rule.png":::
 
-4. Choose **Add client IP** on the toolbar to add your current IP address to a new, server-level, firewall rule. This rule can open Port 1433 for a single IP address or for a range of IP addresses.
+4. Choose **Add your client IP** to add your current IP address to a new, server-level, firewall rule. This rule can open Port 1433 for a single IP address or for a range of IP addresses. You can also configure firewall settings by choosing **Add a firewall rule**. 
 
    > [!IMPORTANT]
    > By default, access through the Azure SQL Database firewall is disabled for all Azure services. Choose **ON** on this page to enable access for all Azure services.
    >
 
 5. Select **Save**. Port 1433 is now open on the server and a server-level IP-based, firewall rule is created for your current IP address.
 
-6. Close the **Firewall settings** page.
+6. Close the **Networking** page.
 
- Open SQL Server Management Studio or another tool of your choice. Use the server admin account you created earlier to connect to the server and its databases from your IP address.
+   Open SQL Server Management Studio or another tool of your choice. Use the server admin account you created earlier to connect to the server and its databases from your IP address.
 
 7. Save the resources from this quickstart to complete additional SQL database tutorials.