11/18 AM Publish (#35869)

* SQL Server 2025 GA

* Updated CES limitations around online index operations (#35794)

* Updated CES limitations around online index operations

CES does not support online index operations. I have added a clarification on this.

* Update docs/relational-databases/track-changes/change-event-streaming/configure.md

---------

Co-authored-by: nzagorac-ms <118456134+nzagorac-ms@users.noreply.github.com>

* DACPAC

* Linux 2025 release

* SQL Server migration in Azure Arc (#35736)

* SQL Server migration in Azure Arc

* pencil edit

---------

Co-authored-by: Stacy Chambers <102548089+Stacyrch140@users.noreply.github.com>

* 20251118 deleted logical server restore notes (#35822)

Co-authored-by: Jay Patel <jaypatel@microsoft.com>

* [AFTER IGNITE] Update sql-data-sync-data-sql-server-sql-database.md (#35811)

* Learn Editor: Update sql-data-sync-data-sql-server-sql-database.md

* Learn Editor: Update sql-data-sync-data-sql-server-sql-database.md

* 20251112 note edit

---------

Co-authored-by: WilliamDAssafMSFT <74387232+WilliamDAssafMSFT@users.noreply.github.com>

* Refine formatting of vector_embeddings in AI_GENERATE_EMBEDDINGS table definition (#35834)

* Port updated instructions from SupportArticles-docs (#35833)

Clarified the instruction to restart SQL Server services after modifying the configuration.

* Updating CES configure page (#35797)

* Update DTA CLI article for GA (#35680)

* Update release notes for JDBC driver version 13.2 (#35828)

* Update release notes for JDBC driver version 13.2

Updated the release notes for the JDBC driver to reflect the breaking change regarding VECTOR data type support and its implications.

* Acrolinx suggestions

* Linux updates for GA (#35853)

* 20251118 security overview edit pass (#35824)

Co-authored-by: Pieter Vanhove <pieter.vanhove@microsoft.com>

* [AFTER IGNITE] 20251113 edit pass, add Fabric DW applicability (#35827)

* 20251118 edit pass, add Fabric DW applicability

* 20251118 acrolinx

* raising acrolinx

---------

Co-authored-by: Diana Richards <v-dirichards@microsoft.com>

---------

Co-authored-by: Randolph West MSFT <97149825+rwestMSFT@users.noreply.github.com>
Co-authored-by: Masha Thomas (MSFT) <32783170+MashaMSFT@users.noreply.github.com>
Co-authored-by: nzagorac-ms <118456134+nzagorac-ms@users.noreply.github.com>
Co-authored-by: Stacy Chambers <102548089+Stacyrch140@users.noreply.github.com>
Co-authored-by: William Assaf MSFT <74387232+WilliamDAssafMSFT@users.noreply.github.com>
Co-authored-by: Jay Patel <jaypatel@microsoft.com>
Co-authored-by: Hugo Queiroz <65417957+HugoMSFT@users.noreply.github.com>
Co-authored-by: Mike Ray <15928587+MikeRayMSFT@users.noreply.github.com>
Co-authored-by: Sloan Haywood <haywood.sloan@yahoo.com>
Co-authored-by: David Engel <davidengel@microsoft.com>
Co-authored-by: Pieter Vanhove <pieter.vanhove@microsoft.com>
Co-authored-by: Diana Richards <v-dirichards@microsoft.com>

Author: 13 people

azure-sql/database/deleted-logical-server-restore.md

@@ -5,7 +5,7 @@ description: Learn about restoring a deleted logical server in Azure SQL Databas
 author: WilliamDAssafMSFT
 ms.author: wiassaf
 ms.reviewer: dinethi, jaypatel
-ms.date: 09/11/2025
+ms.date: 11/18/2025
 ms.service: azure-sql-database
 ms.subservice: backup-restore
 ms.topic: how-to
@@ -21,7 +21,7 @@ monikerRange: "=azuresql || =azuresql-db"
 This article provides steps to restore an Azure SQL Database server, also known as a logical server, if it was accidentally deleted.
 
 > [!IMPORTANT]
-> This feature is in preview and is currently only enabled for certain subscriptions.
+> Currently, the ability to restore a deleted logical server is in preview. The ability to restore a deleted logical server is enabled only for specific subscriptions, and also for all SQL logical servers that are at least two years old.
 
 You can restore a deleted Azure SQL logical server and its underlying databases with one of the following two methods:
 
@@ -82,10 +82,10 @@ Use the following steps to restore your deleted Azure SQL logical server using [
    Install-Module Az.Accounts -Repository PSGallery
    ```
 
-1. Use the `Az.Tools.Installer` to install the NuGet package.
+1. Update the `Az.Sql` module to the latest version.
 
    ```powershell
-   Install-AzModule -Path https://azposhpreview.blob.core.windows.net/public/Az.Sql.5.2.0.nupkg 
+   Update-Module Az.Sql -Force
    ```
 
 1. Sign in and connect to your Azure account.
@@ -112,7 +112,9 @@ Use the following steps to restore your deleted Azure SQL logical server using [
 
 Once the logical server is restored, restoring the databases is next. Look in the **Deleted databases** tab on the **Backups** page, by browsing to the server resource in Azure portal. For more information, see [Restore a database from a backup in Azure SQL Database](recovery-using-backups.md).
 
-## Delete the logical server without recovery using PowerShell and REST API
+<a id="delete-the-logical-server-without-recovery-using-powershell-and-rest-api"></a>
+
+## Delete the logical server without possibility of recovery using PowerShell and REST API
 
 Follow these steps to set up the variables needed to hard-delete the soft-deleted logical server, using PowerShell to invoke a REST API call.
 

azure-sql/database/logins-create-manage.md

@@ -58,7 +58,7 @@ When a user attempts to connect to a database, they provide a user account and a
 - A **login** is an individual account in the `master` database, to which a user account in one or more databases can be linked. With a login, the credential information for the user account is stored with the login.
 - A **user account** is an individual account in any database that might be, but doesn't have to be, linked to a login. With a user account that isn't linked to a login, the credential information is stored with the user account.
 
-[**Authorization**](security-overview.md#authorization) to access data and perform various actions are managed using database roles and explicit permissions. Authorization refers to the permissions assigned to a user, and determines what that user is allowed to do. Authorization is controlled by your user account's database [role memberships](/sql/relational-databases/security/authentication-access/database-level-roles) and [object-level permissions](/sql/relational-databases/security/permissions-database-engine). As a best practice, you should grant users the least privileges necessary.
+[**Authorization**](security-overview.md#authorization-and-access-management) to access data and perform various actions are managed using database roles and explicit permissions. Authorization refers to the permissions assigned to a user, and determines what that user is allowed to do. Authorization is controlled by your user account's database [role memberships](/sql/relational-databases/security/authentication-access/database-level-roles) and [object-level permissions](/sql/relational-databases/security/permissions-database-engine). As a best practice, you should grant users the least privileges necessary.
 
 ## Existing logins and user accounts after creating a new database
 

azure-sql/database/media/security-overview/advanced-threat-detection.png

@@ -4,7 +4,7 @@ description: This overview introduces SQL Data Sync for Azure, which allows you
 author: WilliamDAssafMSFT
 ms.author: wiassaf
 ms.reviewer: mathoma, hudequei
-ms.date: 11/03/2025
+ms.date: 11/12/2025
 ms.service: azure-sql-database
 ms.subservice: sql-data-sync
 ms.topic: concept-article
@@ -77,6 +77,11 @@ Data Sync isn't the preferred solution for the following scenarios:
 | **Advantages** | - Active-active support<br/>- Bi-directional between on-premises and Azure SQL Database | - Lower latency<br/>- Transactional consistency<br/>- Reuse existing topology after migration <br/>-Azure SQL Managed Instance support |
 | **Disadvantages** | - No transactional consistency<br/>- Higher performance impact | - Can't publish from Azure SQL Database <br/>-    High maintenance cost |
 
+> [!CAUTION]
+> **SQL Data Sync requires SQL authentication** for connections to the hub and member databases. Microsoft Entra (Azure AD) authentication isn't supported by SQL Data Sync. 
+> Because SQL authentication relies on static passwords, it doesn't benefit from modern protections like multifactor authentication (MFA), Conditional Access, or managed identities. This can increase exposure for the entire SQL instance to credential theft, brute‑force attacks, and operational overhead for password rotation and policy enforcement. 
+> Where possible, prefer solutions that support Microsoft Entra authentication or managed identities. Since SQL Data Sync is scheduled for retirement, migrate to an alternative that aligns with your organization's security standards.
+
 ## Private link for Data Sync
 
 > [!NOTE]

…/security-overview/azure-database-ae.png …a/security-overview/always-encrypted.pngazure-sql/database/media/security-overview/azure-database-ae.png renamed to azure-sql/database/media/security-overview/always-encrypted.png azure-sql/database/media/security-overview/azure-database-ae.png renamed to azure-sql/database/media/security-overview/always-encrypted.png

@@ -18,6 +18,11 @@ To use the SQL Agent to test network connectivity, you need the following requir
 - The user doing the test must have [permissions to create a job](/sql/ssms/agent/configure-a-user-to-create-and-manage-sql-server-agent-jobs) (either as a **sysadmin** or belongs to the SQLAgentOperator role for `msdb`) for both SQL Server and SQL Managed Instance. 
 - The SQL Server Agent service must be [running](/sql/ssms/agent/start-stop-or-pause-the-sql-server-agent-service) on SQL Server. Since the Agent is on by default on SQL Managed Instance, no additional action is necessary.
 
+Consider the following:
+- To avoid false negatives, all firewalls along the network path must allow Internet Control Message Protocol (ICMP) traffic.
+- To avoid false positives, all firewalls along the network path must allow traffic on the proprietary SQL Server UCS protocol. Blocking the protocol can lead to a successful connection test, but the link fails to create.
+- Advanced firewall setups with packet-level guardrails in place need to be properly configured to properly allow traffic between SQL Server and SQL Managed Instance.
+
 
 ### [SSMS](#tab/ssms)