Merge branch 'release-arcee-ga' of

MikeRayMSFT · MikeRayMSFT · commit 17bae13aa131 · 2022-02-23T12:43:16.000-08:00
diff --git a/docs/sql-server/azure-arc/connect-at-scale.md b/docs/sql-server/azure-arc/connect-at-scale.md
@@ -57,7 +57,9 @@ Each machine must have [Azure PowerShell](/powershell/azure/install-az-ps) insta
     ```
 
    > [!NOTE]
-   > When you create a service principal, your account must be an Owner or User Access Administrator in the subscription that you want to use for onboarding. If you don't have sufficient permissions to create role assignments, the service principal might be created, but it won't be able to onboard machines. The instructions on how to create a custom role are provided in [Required permissions](overview.md#required-permissions).
+   > - When you create a service principal, your account must be an Owner or User Access Administrator in the subscription that you want to use for onboarding. If you don't have sufficient permissions to create role assignments, the service principal might be created, but it won't be able to onboard machines. The instructions on how to create a custom role are provided in [Required permissions](overview.md#required-permissions).
+   > 
+   > - The service principal must have *Directory.ReadAll* permissions in Microsoft graph. For instructions how to assign [Directory permissions](/graph/permissions-reference.md#directory-permissions) to a service principal, see [Manage API permissions](/graph/migrate-azure-ad-graph-configure-permissions.md#option-1-use-the-azure-portal-to-find-the-apis-your-organization-uses).
 
 2. Give the service principle permissions to access Microsoft Graph:
     ```azurepowershell-interactive
@@ -67,7 +69,7 @@ Each machine must have [Azure PowerShell](/powershell/azure/install-az-ps) insta
 1. Retrieve the password stored in the `$sp` variable:
 
    ```azurepowershell-interactive
-   $credential = New-Object pscredential -ArgumentList "temp", $sp.Secret
+   $credential = New-Object pscredential -ArgumentList "temp", $sp.PasswordCredentials.SecretText 
    $credential.GetNetworkCredential().password
    ```
 
diff --git a/docs/sql-server/azure-arc/connect.md b/docs/sql-server/azure-arc/connect.md
@@ -93,7 +93,7 @@ To assign the *Azure Connected SQL Server Onboarding* role to Arc machine manage
 
 ```azurecli
 spID=$(az resource list -n <ArcMachineName> --query [*].identity.principalId --out tsv)
-az role assignment create --assignee $spID --role 'Azure Connected SQL Server Onboarding ' --scope /subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>
+az role assignment create --assignee $spID --role 'Azure Connected SQL Server Onboarding' --scope /subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>
 ```
 
 To install the SQL Server extension, run:
