Merge pull request #29008 from MicrosoftDocs/main

11/6/2023 PM Publish

Author: Taojunshen

azure-sql/database/media/passwordless-connections/enable-active-directory-small.png

@@ -4,7 +4,7 @@ description: Describes extended events (XEvents) in Azure SQL Database, and how
 author: WilliamDAssafMSFT
 ms.author: wiassaf
 ms.reviewer: wiassaf, mathoma, randolphwest
-ms.date: 10/22/2023
+ms.date: 11/06/2023
 ms.service: sql-database
 ms.subservice: performance
 ms.topic: reference
@@ -59,6 +59,10 @@ Azure SQL Database supports the following targets:
 - [ring_buffer](/sql/relational-databases/extended-events/targets-for-extended-events-in-sql-server#ring_buffer-target) target. Holds event data in memory until replaced by new event data.
 - [event_counter](/sql/relational-databases/extended-events/targets-for-extended-events-in-sql-server#event_counter-target) target. Counts all events that occur during an extended events session.
 - [histogram](/sql/relational-databases/extended-events/targets-for-extended-events-in-sql-server#histogram-target) target. Counts the occurrences of different values of fields or actions in separate buckets.
+- [event_stream](/sql/relational-databases/extended-events/targets-for-extended-events-in-sql-server#event_stream-target). Streams event data to a .Net application.
+
+> [!NOTE]
+> The `event_stream` target in Azure SQL Database is in preview.
 
 ## Transact-SQL differences
 

azure-sql/database/media/passwordless-connections/enable-active-directory.png

@@ -17,8 +17,8 @@ Secure, passwordless connections to Azure SQL Database require certain database
         > - [Configure Azure SQL Database firewall rules](/azure/azure-sql/database/firewall-configure).
         > - [Configure a virtual network with private endpoints](/azure/private-link/tutorial-private-endpoint-sql-portal).
 
-1) The server must also have Azure AD authentication enabled with an Azure Active Directory admin account assigned. For local development connections, the Azure Active Directory admin account should be an account you can also log into Visual Studio or the Azure CLI with locally. You can verify whether your server has Azure AD authentication enabled on the **Azure Active Directory** page.
+1) The server must also have Microsoft Entra authentication enabled and have a Microsoft Entra admin account assigned. For local development connections, the Microsoft Entra admin account should be an account you can also log into Visual Studio or the Azure CLI with locally. You can verify whether your server has Microsoft Entra authentication enabled on the **Microsoft Entra ID** page of your logical server.
 
-    :::image type="content" source="../database/media/passwordless-connections/enable-active-directory-small.png" lightbox="../database/media/passwordless-connections/enable-active-directory.png" alt-text="A screenshot showing how to enable Active Directory authentication.":::
+    :::image type="content" source="../database/media/passwordless-connections/enable-active-directory-small.png" lightbox="../database/media/passwordless-connections/enable-active-directory.png" alt-text="A screenshot showing how to enable Microsoft Entra authentication.":::
 
-1) If you're using a personal Azure account, make sure you have [Azure Active Directory setup and configured for Azure SQL Database](../database/authentication-aad-configure.md) in order to assign your account as a server admin. If you're using a corporate account, Azure Active Directory will most likely already be configured for you.
+1) If you're using a personal Azure account, make sure you have [Microsoft Entra setup and configured for Azure SQL Database](../database/authentication-aad-configure.md) in order to assign your account as a server admin. If you're using a corporate account, Microsoft Entra ID will most likely already be configured for you.

azure-sql/database/media/passwordless-connections/migration-enable-active-directory-small.png

@@ -7,19 +7,19 @@ ms.topic: include
 ms.custom: generated
 ---
 
-Passwordless connections use Azure Active Directory (Azure AD) authentication to connect to Azure services, including Azure SQL Database. With Azure AD authentication, you can manage identities in a central location to simplify permission management. Learn more about configuring Azure AD authentication for your Azure SQL Database:
+Passwordless connections use Microsoft Entra authentication to connect to Azure services, including Azure SQL Database. Microsoft Entra authentication, you can manage identities in a central location to simplify permission management. Learn more about configuring Microsoft Entra authentication for your Azure SQL Database:
 
-- [Azure AD authentication overview](/azure/azure-sql/database/authentication-aad-overview)
-- [Configure Azure AD auth](/azure/azure-sql/database/authentication-aad-configure)
+- [Microsoft Entra authentication overview](/azure/azure-sql/database/authentication-aad-overview)
+- [Configure Microsoft Entra auth](/azure/azure-sql/database/authentication-aad-configure)
 
-For this migration guide, ensure you have an Azure AD admin assigned to your Azure SQL Database.
+For this migration guide, ensure you have a Microsoft Entra admin assigned to your Azure SQL Database.
 
-1) Navigate to the **Azure Active Directory** page of your logical server.
+1) Navigate to the **Microsoft Entra** page of your logical server.
 
-1) Select **Set admin**.
+1) Select **Set admin** to open the **Microsoft Entra ID** flyout menu.
 
-1) In the **Azure Active Directory** flyout menu, search for the user you want to assign as admin.
+1) In the **Microsoft Entra ID** flyout menu, search for the user you want to assign as admin.
 
 1) Select the user and choose **Select**.
 
-    :::image type="content" source="../../database/media/passwordless-connections/migration-enable-active-directory-small.png" lightbox="../../database/media/passwordless-connections/migration-enable-active-directory.png" alt-text="A screenshot showing how to enable active directory admin.":::
+    :::image type="content" source="../../database/media/passwordless-connections/migration-enable-active-directory-small.png" lightbox="../../database/media/passwordless-connections/migration-enable-active-directory.png" alt-text="A screenshot showing how to enable Microsoft Entra admin.":::

azure-sql/database/xevent-db-diff-from-svr.md

@@ -1,13 +1,13 @@
 ---
-title: Connect to SQL using Azure Active Directory (Azure AD) with SSMS 18.6 and later
-description: Message to explain starting December 2021, you can only use Azure Active Directory (Azure AD) with SSMS 18.6 and later
+title: Connect to SQL using Microsoft Entra with SSMS 18.6 and later
+description: Message to explain starting December 2021, you can only use Microsoft Entra with SSMS 18.6 and later
 author: markingmyname
 ms.author: maghan
 ms.reviewer: drskwier
 ms.topic: include
 ---
 
 > [!NOTE]
-> In December 2021, releases of SSMS prior to 18.6 will no longer authenticate through Azure Active Directory with MFA.
+> In December 2021, releases of SSMS prior to 18.6 will no longer authenticate through Microsoft Entra ID with MFA.
 >
-> To continue utilizing Azure Active Directory authentication with MFA, you need [SSMS 18.6 or later](/sql/ssms/download-sql-server-management-studio-ssms).
+> To continue utilizing Microsoft Entra authentication with MFA, you need [SSMS 18.6 or later](/sql/ssms/download-sql-server-management-studio-ssms).

azure-sql/includes/passwordless-configure-server-networking.md

@@ -11,7 +11,7 @@ SQL Server features and capabilities provide a method of security at the data le
 - Use [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-introduction) to discover and mitigate potential database vulnerabilities, as well as detect anomalous activities that could indicate a threat to your SQL Server instance and database layer.
 - [Vulnerability Assessment](/azure/defender-for-cloud/sql-azure-vulnerability-assessment-overview) is a part of [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-introduction) that can discover and help remediate potential risks to your SQL Server environment. It provides visibility into your security state, and includes actionable steps to resolve security issues.
 - Use [Azure confidential VMs](../virtual-machines/windows/security-considerations-best-practices.md#confidential-vms) to reinforce protection of your data in-use, and data-at-rest against host operator access. Azure confidential VMs allow you to confidently store your sensitive data in the cloud and meet strict compliance requirements.
-- If you're on SQL Server 2022, consider using [Azure Active Directory authentication](../virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm.md) to connect to your instance of SQL Server.
+- If you're on SQL Server 2022, consider using [Microsoft Entra authentication](../virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm.md) to connect to your instance of SQL Server.
 - [Azure Advisor](/azure/advisor/advisor-security-recommendations) analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. Leverage Azure Advisor at the virtual machine, resource group, or subscription level to help identify and apply best practices to optimize your Azure deployments.
 - Use [Azure Disk Encryption](/azure/virtual-machines/windows/disk-encryption-windows) when your compliance and security needs require you to encrypt the data end-to-end using your encryption keys, including encryption of the ephemeral (locally attached temporary) disk.
 - [Managed Disks are encrypted](/azure/virtual-machines/disk-encryption) at rest by default using Azure Storage Service Encryption, where the encryption keys are Microsoft-managed keys stored in Azure.

azure-sql/includes/passwordless/configure-the-azure-sql-database.md

@@ -14,7 +14,7 @@ tags: azure-service-management
 To use Azure Key Vault Integration to configure your SQL Server VM, there are several prerequisites: 
 
 1. [Install Azure PowerShell](#install)
-2. [Create an Azure Active Directory](#register)
+2. [Create a Microsoft Entra tenant](#register)
 3. [Create a key vault](#createkeyvault)
 
 The following sections describe these prerequisites and the information you need to collect to later run the PowerShell cmdlets.
@@ -24,13 +24,13 @@ The following sections describe these prerequisites and the information you need
 ### <a id="install"></a> Install Azure PowerShell
 Make sure you have installed the latest Azure PowerShell module. For more information, see [How to install and configure Azure PowerShell](/powershell/azure/install-az-ps).
 
-### <a id="register"></a> Register an application in your Azure Active Directory
+### <a id="register"></a> Register an application in your Microsoft Entra ID
 
-First, you need to have an [Azure Active Directory](https://azure.microsoft.com/trial/get-started-active-directory/) (AAD) in your subscription. Among many benefits, this allows you to grant permission to your key vault for certain users and applications.
+First, you need to have an [Microsoft Entra](https://azure.microsoft.com/trial/get-started-active-directory/) tenant in your subscription. Among many benefits, this allows you to grant permission to your key vault for certain users and applications.
 
-Next, register an application with AAD. This will give you a Service Principal account that has access to your key vault, which your VM will need. In the Azure Key Vault article, you can find these steps in the [Register an application with Azure Active Directory](/azure/key-vault/general/manage-with-cli2#registering-an-application-with-azure-active-directory) section, or you can see the steps with screenshots in the **Get an identity for the application section** of [this blog post](/archive/blogs/kv/azure-key-vault-step-by-step). Before completing these steps, you need to collect the following information during this registration that is needed later when you enable Azure Key Vault Integration on your SQL VM.
+Next, register an application with Microsoft Entra ID. This gives you a Service Principal account that has access to your key vault, which your VM needs. In the Azure Key Vault article, you can find these steps in the [Register an application with Microsoft Entra ID](/azure/key-vault/general/manage-with-cli2#registering-an-application-with-azure-active-directory) section, or you can see the steps with screenshots in the **Get an identity for the application section** of [this blog post](/archive/blogs/kv/azure-key-vault-step-by-step). Before completing these steps, you need to collect the following information during this registration that is needed later when you enable Azure Key Vault Integration on your SQL VM.
 
-* After the application is added, find the **Application ID** (also known as AAD ClientID or AppID) on the **Registered app** blade.
+* After the application is added, find the **Application ID** (also known as ClientID or AppID) on the **Registered app** blade.
     The application ID is assigned later to the **$spName** (Service Principal name) parameter in the PowerShell script to enable Azure Key Vault Integration.
 
    ![Application ID](./media/virtual-machines-sql-server-akv-prepare/aad-application-id.png)
@@ -44,14 +44,14 @@ Next, register an application with AAD. This will give you a Service Principal a
 * You must authorize this new application ID (or client ID) to have the following access permissions: **get**, **wrapKey**, **unwrapKey**. This is done with the [Set-AzKeyVaultAccessPolicy](/powershell/module/az.keyvault/set-azkeyvaultaccesspolicy) cmdlet. For more information, see [Azure Key Vault overview](/azure/key-vault/general/overview).
 
 ### <a id="createkeyvault"></a> Create a key vault
-In order to use Azure Key Vault to store the keys you will use for encryption in your VM, you need access to a key vault. If you have not already set up your key vault, create one by following the steps in the [Getting Started with Azure Key Vault](/azure/key-vault/general/overview) article. Before completing these steps, there is some information you need to collect during this set up that is needed later when you enable Azure Key Vault Integration on your SQL VM.
+In order to use Azure Key Vault to store the keys you'll use for encryption in your VM, you need access to a key vault. If you have not already set up your key vault, create one by following the steps in the [Getting Started with Azure Key Vault](/azure/key-vault/general/overview) article. Before completing these steps, there's some information you need to collect during this set up that is needed later when you enable Azure Key Vault Integration on your SQL VM.
 
 ```azurepowershell
 New-AzKeyVault -VaultName 'ContosoKeyVault' -ResourceGroupName 'ContosoResourceGroup' -Location 'East Asia'
 ```
 
-When you get to the Create a key vault step, note the returned **vaultUri** property, which is the key vault URL. In the example provided in that step, shown below, the key vault name is ContosoKeyVault, therefore the key vault URL would be `https://contosokeyvault.vault.azure.net/`.
+When you get to the Create a key vault step, note the returned **vaultUri** property, which is the key vault URL. In the example provided in that step, shown later, the key vault name is ContosoKeyVault, therefore the key vault URL would be `https://contosokeyvault.vault.azure.net/`.
 
 The key vault URL is assigned later to the **$akvURL** parameter in the PowerShell script to enable Azure Key Vault Integration.
 
-After the key vault is created, we need to add a key to the key vault, this key will be referred when we create an asymmetric key create  in SQL Server later.
+After the key vault is created, we need to add a key to the key vault, this key will be referred when we create an asymmetric key create in SQL Server later.