moved another batch of files

Author: MashaMSFT

azure-sql/database/aad-authentication-configure.md

@@ -16,7 +16,7 @@ ms.date: 02/13/2019
 
 This article shows you how to configure [active geo-replication for Azure SQL Database](active-geo-replication-overview.md#active-geo-replication-terminology-and-capabilities) using the [Azure portal](https://portal.azure.com) and to initiate failover.
 
-For best practices using auto-failover groups, see [Best practices for Azure SQL Database](../../sql-database/sql-database-auto-failover-group.md#best-practices-for-sql-database) and [Best practices for Azure SQL Managed Instance](../../sql-database/sql-database-auto-failover-group.md#best-practices-for-sql-managed-instance). 
+For best practices using auto-failover groups, see [Best practices for Azure SQL Database](auto-failover-group-overview.md#best-practices-for-sql-database) and [Best practices for Azure SQL Managed Instance](auto-failover-group-overview.md#best-practices-for-sql-managed-instance). 
 
 
 
@@ -90,5 +90,5 @@ This operation permanently terminates the replication to the secondary database,
 ## Next steps
 
 * To learn more about active geo-replication, see [active geo-replication](active-geo-replication-overview.md).
-* To learn about auto-failover groups, see [Auto-failover groups](../../sql-database/sql-database-auto-failover-group.md)
-* For a business continuity overview and scenarios, see [Business continuity overview](../../sql-database/sql-database-business-continuity.md).
+* To learn about auto-failover groups, see [Auto-failover groups](auto-failover-group-overview.md)
+* For a business continuity overview and scenarios, see [Business continuity overview](business-continuity-high-availability-disaster-recover-hadr-overview.md).

azure-sql/database/aad-authentication-overview.md

@@ -18,7 +18,7 @@ ms.date: 04/28/2020
 Active geo-replication is an Azure SQL Database feature that allows you to create readable secondary databases of individual databases on a server in the same or different data center (region).
 
 > [!NOTE]
-> Active geo-replication is not supported by Azure SQL Managed Instance. For geographic failover of SQL Managed Instances, use [Auto-failover groups](../../sql-database/sql-database-auto-failover-group.md).
+> Active geo-replication is not supported by Azure SQL Managed Instance. For geographic failover of SQL Managed Instances, use [Auto-failover groups](auto-failover-group-overview.md).
 
 Active geo-replication is designed as a business continuity solution that allows the application to perform quick disaster recovery of individual databases in case of a regional disaster or large scale outage. If geo-replication is enabled, the application can initiate failover to a secondary database in a different Azure region. Up to four secondaries are supported in the same or different regions, and the secondaries can also be used for read-only access queries. The failover must be initiated manually by the application or the user. After failover, the new primary has a different connection end point.
 
@@ -30,7 +30,7 @@ The following diagram illustrates a typical configuration of a geo-redundant clo
 ![active geo-replication](./media/active-geo-replication-overview/geo-replication.png )
 
 > [!IMPORTANT]
-> SQL Database also supports auto-failover groups. For more information, see using [auto-failover groups](../../sql-database/sql-database-auto-failover-group.md).
+> SQL Database also supports auto-failover groups. For more information, see using [auto-failover groups](auto-failover-group-overview.md).
 
 If for any reason your primary database fails, or simply needs to be taken offline, you can initiate failover to any of your secondary databases. When failover is activated to one of the secondary databases, all other secondaries are automatically linked to the new primary.
 
@@ -42,7 +42,7 @@ You can manage replication and failover of an individual database or a set of da
 - [Transact-SQL: Single database or elastic pool](/sql/t-sql/statements/alter-database-azure-sql-database)
 - [REST API: Single database](https://docs.microsoft.com/rest/api/sql/replicationlinks)
 
-Active geo-replication leverages the [Always On availability group](https://docs.microsoft.com/sql/database-engine/availability-groups/windows/overview-of-always-on-availability-groups-sql-server) technology of the SQL database engine to asynchronously replicate committed transactions on the primary database to a secondary database using snapshot isolation. Auto-failover groups provide the group semantics on top of active geo-replication but the same asynchronous replication mechanism is used. While at any given point, the secondary database might be slightly behind the primary database, the secondary data is guaranteed to never have partial transactions. Cross-region redundancy enables applications to quickly recover from a permanent loss of an entire datacenter or parts of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts. The specific RPO data can be found at [Overview of Business Continuity](../../sql-database/sql-database-business-continuity.md).
+Active geo-replication leverages the [Always On availability group](https://docs.microsoft.com/sql/database-engine/availability-groups/windows/overview-of-always-on-availability-groups-sql-server) technology of the SQL database engine to asynchronously replicate committed transactions on the primary database to a secondary database using snapshot isolation. Auto-failover groups provide the group semantics on top of active geo-replication but the same asynchronous replication mechanism is used. While at any given point, the secondary database might be slightly behind the primary database, the secondary data is guaranteed to never have partial transactions. Cross-region redundancy enables applications to quickly recover from a permanent loss of an entire datacenter or parts of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts. The specific RPO data can be found at [Overview of Business Continuity](business-continuity-high-availability-disaster-recover-hadr-overview.md).
 
 > [!NOTE]
 > If there is a network failure between two regions, we retry every 10 seconds to re-establish connections.
@@ -61,7 +61,7 @@ In addition to disaster recovery active geo-replication can be used in the follo
 - **Database migration**: You can use active geo-replication to migrate a database from one server to another online with minimum downtime.
 - **Application upgrades**: You can create an extra secondary as a fail back copy during application upgrades.
 
-To achieve real business continuity, adding database redundancy between datacenters is only part of the solution. Recovering an application (service) end-to-end after a catastrophic failure requires recovery of all components that constitute the service and any dependent services. Examples of these components include the client software (for example, a browser with a custom JavaScript), web front ends, storage, and DNS. It is critical that all components are resilient to the same failures and become available within the recovery time objective (RTO) of your application. Therefore, you need to identify all dependent services and understand the guarantees and capabilities they provide. Then, you must take adequate steps to ensure that your service functions during the failover of the services on which it depends. For more information about designing solutions for disaster recovery, see [Designing Cloud Solutions for Disaster Recovery Using active geo-replication](../../sql-database/sql-database-designing-cloud-solutions-for-disaster-recovery.md).
+To achieve real business continuity, adding database redundancy between datacenters is only part of the solution. Recovering an application (service) end-to-end after a catastrophic failure requires recovery of all components that constitute the service and any dependent services. Examples of these components include the client software (for example, a browser with a custom JavaScript), web front ends, storage, and DNS. It is critical that all components are resilient to the same failures and become available within the recovery time objective (RTO) of your application. Therefore, you need to identify all dependent services and understand the guarantees and capabilities they provide. Then, you must take adequate steps to ensure that your service functions during the failover of the services on which it depends. For more information about designing solutions for disaster recovery, see [Designing Cloud Solutions for Disaster Recovery Using active geo-replication](designing-cloud-solutions-for-disaster-recovery.md).
 
 ## Active geo-replication terminology and capabilities
 
@@ -104,10 +104,10 @@ To achieve real business continuity, adding database redundancy between datacent
 
 ## Preparing secondary database for failover
 
-To ensure that your application can immediately access the new primary after failover,  ensure the authentication requirements for your secondary server and database are properly configured. For details, see [SQL Database security after disaster recovery](geo-replication-security-configure.md). To guarantee compliance after failover, make sure that the backup retention policy on the secondary database matches that of the primary. These settings are not part of the database and are not replicated. By default, the secondary will be configured with a default PITR retention period of seven days. For details, see [SQL Database automated backups](../../sql-database/sql-database-automated-backups.md).
+To ensure that your application can immediately access the new primary after failover,  ensure the authentication requirements for your secondary server and database are properly configured. For details, see [SQL Database security after disaster recovery](geo-replication-security-configure.md). To guarantee compliance after failover, make sure that the backup retention policy on the secondary database matches that of the primary. These settings are not part of the database and are not replicated. By default, the secondary will be configured with a default PITR retention period of seven days. For details, see [SQL Database automated backups](automated-backups-overview.md).
 
 > [!IMPORTANT]
-> If your database is a member of a failover group, you cannot initiate its failover using the geo-replication failover command. Use the failover command for the group. If you need to failover an individual database, you must remove it from the failover group first. See  [failover groups](../../sql-database/sql-database-auto-failover-group.md) for details.
+> If your database is a member of a failover group, you cannot initiate its failover using the geo-replication failover command. Use the failover command for the group. If you need to failover an individual database, you must remove it from the failover group first. See  [failover groups](auto-failover-group-overview.md) for details.
 
 ## Configuring secondary database
 
@@ -285,8 +285,8 @@ As discussed previously, active geo-replication can also be managed programmatic
 - For sample scripts, see:
   - [Configure and failover a single database using active geo-replication](scripts/setup-geodr-and-failover-database-powershell.md)
   - [Configure and failover a pooled database using active geo-replication](scripts/setup-geodr-and-failover-elastic-pool-powershell.md)
-- SQL Database also supports auto-failover groups. For more information, see using [auto-failover groups](../../sql-database/sql-database-auto-failover-group.md).
-- For a business continuity overview and scenarios, see [Business continuity overview](../../sql-database/sql-database-business-continuity.md)
-- To learn about Azure SQL Database automated backups, see [SQL Database automated backups](../../sql-database/sql-database-automated-backups.md).
+- SQL Database also supports auto-failover groups. For more information, see using [auto-failover groups](auto-failover-group-overview.md).
+- For a business continuity overview and scenarios, see [Business continuity overview](business-continuity-high-availability-disaster-recover-hadr-overview.md)
+- To learn about Azure SQL Database automated backups, see [SQL Database automated backups](automated-backups-overview.md).
 - To learn about using automated backups for recovery, see [Restore a database from the service-initiated backups](../../sql-database/sql-database-recovery-using-backups.md).
 - To learn about authentication requirements for a new primary server and database, see [SQL Database security after disaster recovery](geo-replication-security-configure.md).

azure-sql/database/active-geo-replication-configure-portal.md

@@ -77,5 +77,5 @@ https://www.microsoft.com/download/details.aspx?id=56567
 https://techcommunity.microsoft.com/t5/DataCAT/Connect-to-Azure-SQL-Database-V12-via-Redirection/ba-p/305362
 
 * [TDS protocol version list](https://www.freetds.org/userguide/tdshistory.htm)
-* [SQL Database Development Overview](../../sql-database/sql-database-develop-overview.md)
+* [SQL Database Development Overview](develop-overview.md)
 * [Azure SQL Database firewall](firewall-configure.md)

azure-sql/database/active-geo-replication-overview.md

@@ -0,0 +1,75 @@
+---
+title: Advanced data security
+description: Learn about functionality for discovering and classifying sensitive data, managing your database vulnerabilities, and detecting anomalous activities that could indicate a threat to your Azure SQL Database, Azure SQL Managed Instance, or Azure Synapse.
+services: sql-database
+ms.service: sql-database
+ms.subservice: security
+ms.devlang: 
+ms.custom: sqldbrb=2
+ms.topic: conceptual
+ms.author: memildin
+author: memildin
+manager: rkarlin
+ms.reviewer: vanto
+ms.date: 04/23/2020
+---
+# Advanced data security
+
+Advanced data security (ADS) is a unified package for advanced SQL security capabilities. ADS is available for for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.
+
+## Overview
+
+Advanced data security (ADS) provides a set of advanced SQL security capabilities, including data discovery & classification, vulnerability assessment, and Advanced Threat Protection.
+
+- [Data Discovery & Classification](../../sql-database/sql-database-data-discovery-and-classification.md) provides capabilities built into Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse for discovering, classifying, labeling & reporting the sensitive data in your databases. It can be used to provide visibility into your database classification state, and to track the access to sensitive data within the database and beyond its borders.
+- [Vulnerability Assessment](../../sql-database/sql-vulnerability-assessment.md) is an easy to configure service that can discover, track, and help you remediate potential database vulnerabilities. It provides visibility into your security state, and includes actionable steps to resolve security issues, and enhance your database fortifications.
+- [Advanced Threat Protection](../../sql-database/sql-database-threat-detection-overview.md) detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit your database. It continuously monitors your database for suspicious activities, and provides immediate security alerts on potential vulnerabilities, SQL injection attacks, and anomalous database access patterns. Advanced Threat Protection alerts provide details of the suspicious activity and recommend action on how to investigate and mitigate the threat.
+
+Enable SQL ADS once to enable all of these included features. With one click, you can enable ADS for all databases on your [server](logical-servers.md) in Azure (which hosts SQL Database or Azure Synapse Analytics) or in you instance in Azure SQL Managed Instance. Enabling or managing ADS settings requires belonging to the [SQL security manager](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#sql-security-manager) role, SQL database admin role or SQL server admin role.
+
+ADS pricing aligns with Azure Security Center standard tier, where each protected server or managed instance is counted as one node. Newly protected resources qualify for a free trial of Security Center standard tier. For more information, see the [Azure Security Center pricing page](https://azure.microsoft.com/pricing/details/security-center/).
+
+## Getting Started with ADS
+
+The following steps get you started with ADS.
+
+## 1. Enable ADS
+
+Enable ADS by navigating to **Advanced Data Security** under the **Security** heading for your server or managed instance.
+
+> [!NOTE]
+> A storage account is automatically created and configured to store your **Vulnerability Assessment** scan results. If you've already enabled ADS for another server in the same resource group and region, then the existing storage account is used.
+
+![Enable ADS](./media/advanced-data-security/enable_ads.png)
+
+> [!NOTE]
+> The cost of ADS is aligned with Azure Security Center standard tier pricing per node, where a node is the entire server or managed instance. You are thus paying only once for protecting all databases on the server or managed instance with ADS. You can try ADS out initially with a free trial.
+
+## 2. Start classifying data, tracking vulnerabilities, and investigating threat alerts
+
+Click the **Data Discovery & Classification** card to see recommended sensitive columns to classify and to classify your data with persistent sensitivity labels. Click the **Vulnerability Assessment** card to view and manage vulnerability scans and reports, and to track your security stature. If security alerts have been received, click the **Advanced Threat Protection** card to view details of the alerts and to see a consolidated report on all alerts in your Azure subscription via the Azure Security Center security alerts page.
+
+## 3. Manage ADS settings
+
+To view and manage ADS settings, navigate to **Advanced Data Security** under the **Security** heading for your server or managed instance. On this page, you can enable or disable ADS, and modify vulnerability assessment and Advanced Threat Protection settings for your entire server or managed instance.
+
+![Server settings](./media/advanced-data-security/server_settings.png)
+
+## 4. Manage ADS settings for a SQL database
+
+To override ADS settings for a particular database, check the **Enable Advanced Data Security at the database level** checkbox. Use this option only if you have a particular requirement to receive separate Advanced Threat Protection alerts or vulnerability assessment results for the individual database, in place of or in addition to the alerts and results received for all databases on the server or managed instance.
+
+Once the checkbox is selected, you can then configure the relevant settings for this database.
+
+![Database and Advanced Threat Protection settings](./media/advanced-data-security/database_threat_detection_settings.png)
+
+Advanced data security settings for your server or managed instance can also be reached from the ADS database pane. Click **Settings** in the main ADS pane, and then click **View Advanced Data Security server settings**.
+
+![Database settings](./media/advanced-data-security/database_settings.png)
+
+## Next steps
+
+- Learn more about [Data Discovery & Classification](../../sql-database/sql-database-data-discovery-and-classification.md)
+- Learn more about [vulnerability Assessment](../../sql-database/sql-vulnerability-assessment.md)
+- Learn more about [Advanced Threat Protection](../../sql-database/sql-database-threat-detection.md)
+- Learn more about [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-intro)