fix merge conflict

Author: VanMSFT

azure-sql/database/analyze-prevent-deadlocks.md

@@ -814,6 +814,6 @@ Learn more about performance in Azure SQL Database:
 - [Understand and resolve Azure SQL Database blocking problems](understand-resolve-blocking.md)
 - [Transaction Locking and Row Versioning Guide](/sql/relational-databases/sql-server-transaction-locking-and-row-versioning-guide)
 - [SET TRANSACTION ISOLATION LEVEL](/sql/t-sql/statements/set-transaction-isolation-level-transact-sql)
-- [Azure SQL Database: Improving Performance Tuning with Automatic Tuning](/Shows/Data-Exposed/Azure-SQL-Database-Improving-Performance-Tuning-with-Automatic-Tuning)
+- [Azure SQL Database: improving performance tuning with automatic tuning](/Shows/Data-Exposed/Azure-SQL-Database-Improving-Performance-Tuning-with-Automatic-Tuning)
 - [Deliver consistent performance with Azure SQL](/training/modules/azure-sql-performance/)
 - [Retry logic for transient errors](troubleshoot-common-connectivity-issues.md#retry-logic-for-transient-errors).

azure-sql/database/arm-templates-content-guide.md

@@ -1,8 +1,8 @@
 ---
-title: Azure Resource Manager templates - Azure SQL Database & SQL Managed Instance
+title: Azure Resource Manager templates
 description: Use Azure Resource Manager templates to create and configure Azure SQL Database and Azure SQL Managed Instance.
-author: srdan-bozovic-msft
-ms.author: srbozovi
+author: urosmil
+ms.author: urmilano
 ms.reviewer: wiassaf, mathoma
 ms.date: 06/30/2021
 ms.service: sql-db-mi

azure-sql/database/connectivity-settings.md

@@ -118,7 +118,7 @@ Currently, we support TLS 1.0, 1.1, and 1.2. Setting a minimal TLS version ensur
 > [!IMPORTANT]
 > The default for the minimal TLS version is to allow all versions. After you enforce a version of TLS, it's not possible to revert to the default.
 
-For customers with applications that rely on older versions of TLS, we recommend setting the minimal TLS version according to the requirements of your applications. For customers that rely on applications to connect by using an unencrypted connection, we recommend not setting any minimal TLS version.
+For customers with applications that rely on older versions of TLS, we recommend setting the minimal TLS version according to the requirements of your applications. If application requirements are unknown or workloads rely on older drivers that are no longer maintained, we recommend not setting any minimal TLS version.
 
 For more information, see [TLS considerations for SQL Database connectivity](connect-query-content-reference-guide.md#tls-considerations-for-database-connectivity).
 

azure-sql/database/understand-resolve-blocking.md

@@ -456,7 +456,7 @@ The Waittype, Open_Tran, and Status columns refer to information returned by [sy
 
 ## Next steps
 
-* [Azure SQL Database: Improving Performance Tuning with Automatic Tuning](/Shows/Data-Exposed/Azure-SQL-Database-Improving-Performance-Tuning-with-Automatic-Tuning)
+* [Azure SQL Database: improving performance tuning with automatic tuning](/Shows/Data-Exposed/Azure-SQL-Database-Improving-Performance-Tuning-with-Automatic-Tuning)
 * [Deliver consistent performance with Azure SQL](/training/modules/azure-sql-performance/)
 * [Troubleshooting connectivity issues and other errors with Azure SQL Database and Azure SQL Managed Instance](troubleshoot-common-errors-issues.md)
 * [Transient Fault Handling](/aspnet/aspnet/overview/developing-apps-with-windows-azure/building-real-world-cloud-apps-with-windows-azure/transient-fault-handling)

azure-sql/managed-instance/connect-application-instance.md

@@ -2,8 +2,8 @@
 title: Connect your application to SQL Managed Instance
 titleSuffix: Azure SQL Managed Instance
 description: This article discusses how to connect your application to Azure SQL Managed Instance.
-author: srdan-bozovic-msft
-ms.author: srbozovi
+author: zoran-rilak-msft
+ms.author: zoranrilak
 ms.reviewer: mathoma, bonova, vanto
 ms.date: 08/20/2021
 ms.service: sql-managed-instance

azure-sql/managed-instance/connection-types-overview.md

@@ -2,8 +2,8 @@
 title: Connection types
 titleSuffix: Azure SQL Managed Instance
 description: Learn about Azure SQL Managed Instance connection types
-author: srdan-bozovic-msft
-ms.author: srbozovi
+author: zoran-rilak-msft
+ms.author: zoranrilak
 ms.reviewer: vanto
 ms.date: 12/01/2021
 ms.service: sql-managed-instance

azure-sql/managed-instance/connectivity-architecture-overview.md

@@ -2,8 +2,8 @@
 title: Connectivity architecture
 titleSuffix: Azure SQL Managed Instance
 description: Learn about Azure SQL Managed Instance communication and connectivity architecture and how the components direct traffic for a managed instance.
-author: srdan-bozovic-msft
-ms.author: srbozovi
+author: zoran-rilak-msft
+ms.author: zoranrilak
 ms.reviewer: mathoma, bonova
 ms.date: 11/16/2022
 ms.service: sql-managed-instance

azure-sql/managed-instance/create-template-quickstart.md

@@ -1,8 +1,8 @@
 ---
 title: "Azure Resource Manager: Create an Azure SQL Managed Instance"
 description: Learn how to create an Azure SQL Managed Instance by using an Azure Resource Manager template.
-author: srdan-bozovic-msft
-ms.author: srbozovi
+author: urosmil
+ms.author: urmilano
 ms.reviewer: mathoma
 ms.date: 06/22/2020
 ms.service: sql-managed-instance

azure-sql/managed-instance/log-replay-service-migrate.md

@@ -75,7 +75,7 @@ When you're using LRS, consider the following best practices:
 - Enable backup compression to help the network transfer speeds.
 - Use Cloud Shell to run PowerShell or CLI scripts, because it will always be updated to use the latest released cmdlets.
 - Configure a [maintenance window](../database/maintenance-window.md) to allow scheduling of system updates at a specific day and time. This configuration helps achieve a more predictable time for database migrations, because system upgrades can interrupt in-progress migrations.
-- Plan to complete a single LRS migration job within a maximum of 30 days. On expiration of this time frame, the LRS job will be automatically canceled.
+- Plan to complete a single LRS migration job within a maximum of 30 days. On expiration of this time frame, the LRS job is automatically canceled.
 - For a faster database restore, enable `CHECKSUM` when you're taking your backups. SQL Managed Instance performs an integrity check on backups without `CHECKSUM`, which increases restore time. 
 
 System updates for SQL Managed Instance take precedence over database migrations in progress. During a system update on an instance, all pending LRS migrations are suspended and resumed only after the update is applied. This system behavior might prolong migration time, especially for large databases. 
@@ -116,6 +116,40 @@ You use an Azure Blob Storage account as intermediary storage for backup files b
 1. [Create a storage account](/azure/storage/common/storage-account-create?tabs=azure-portal).
 1. [Create a blob container](/azure/storage/blobs/storage-quickstart-blobs-portal) inside the storage account.
 
+### Configure Azure storage behind a firewall
+
+Using Azure Blob storage that's protected behind a firewall is supported, but requires additional configuration. To enable read / write access to Azure Storage with Azure Firewall turned on, you have to add the subnet of the SQL managed instance to the firewall rules of the vNet for the storage account by using MI subnet delegation and the Storage service endpoint. The storage account and the managed instance must be in the same region, or two paired regions. 
+
+If your Azure storage is behind a firewall, you] may see the following message in the SQL managed instance error log: 
+
+```
+Audit: Storage access denied user fault. Creating an email notification:
+```
+
+This generates an email that notifies you that auditing for the SQL managed instance is failing to write audit logs to the storage account.  If you see this error, or receive this email, follow the steps in this section to configure your firewall. 
+
+To configure the firewall, follow these steps: 
+
+1. Go to your managed instance in the [Azure portal](https://portal.azure.com) and select the subnet to open the **Subnets** page.
+
+   :::image type="content" source="media/log-replay-service-migrate/sql-managed-instance-overview-page.png" alt-text="Screenshot of the SQL managed instance Overview page of the Azure portal, with the subnet selected.":::
+
+1. On the **Subnets** page, select the name of the subnet to open the subnet configuration page. 
+
+   :::image type="content" source="media/log-replay-service-migrate/sql-managed-instance-subnet.png" alt-text="Screenshot of the SQL managed instance Subnet page of the Azure portal, with the subnet selected.":::
+
+1. Under **Subnet delegation**, choose **Microsoft.Sql/managedInstances** from the **Delegate subnet to a service** drop-down menu. Wait about an hour for permissions to propagate, and then, under **Service endpoints**, choose **Microsoft.Storage** from the **Services** drop-down. 
+
+   :::image type="content" source="media/log-replay-service-migrate/sql-managed-instance-subnet-configuration.png" alt-text="Screenshot of the SQL managed instance Subnet configuration page of the Azure portal.":::
+
+1. Next, go to your storage account in the Azure portal, select **Networking** under **Security + networking** and then choose the **Firewalls and virtual networks**  tab. 
+1. On the **Firewalls and virtual networks** tab for your storage account, choose **+Add existing virtual network** to open the **Add networks** page. 
+
+   :::image type="content" source="media/log-replay-service-migrate/storage-neteworking.png" alt-text="Screenshot of the Storage Account Networking page of the Azure portal, with Add existing virtual network selected.":::
+
+1. Select the appropriate subscription, virtual network, and managed instance subnet from the drop-down menus and then select **Add** to add the virtual network of the SQL managed instance to the storage account. 
+
+
 ## Authenticate to your Blob Storage account
 
 Use either a SAS token or a managed identity to access your Azure Blob Storage account. 
@@ -383,7 +417,7 @@ When you use autocomplete mode, the migration finishes automatically when the la
 
 When you use continuous mode, the service continuously scans the Azure Blob Storage folder and restores any new backup files that get added while migration is in progress. The migration finishes only after the manual cutover has been requested. You need to use continuous mode migration when you don't have the entire backup chain in advance, and when you plan to add new backup files after the migration is in progress. We recommend this mode for active workloads for which data catch-up is required.
 
-Plan to complete a single LRS migration job within a maximum of 30 days. When this time expires, the LRS job will be automatically canceled.
+Plan to complete a single LRS migration job within a maximum of 30 days. When this time expires, the LRS job is automatically canceled.
 
 > [!NOTE]
 > When you're migrating multiple databases, LRS must be started separately for each database and point to the full URI path of the Azure Blob Storage container and the individual database folder.

azure-sql/managed-instance/log-replay-service-overview.md

@@ -147,16 +147,16 @@ Consider the following limitations of LRS:
 - You have to configure a [maintenance window](../database/maintenance-window.md) to allow scheduling of system updates at a specific day and time. Plan to run and finish migrations outside the scheduled maintenance window.
 - Database backups that are taken without `CHECKSUM` take longer to restore than do database backups with `CHECKSUM` enabled. 
 - The shared access signature (SAS) token that LRS uses must be generated for the entire Azure Blob Storage container, and it must have Read and List permissions only. For example, if you grant Read, List, and Write permissions, LRS won't be able to start because of the extra Write permission.
-- Using SAS tokens created with permissions that are set through defining a [stored access policy](/rest/api/storageservices/define-stored-access-policy) isn't supported. 
-
-  Follow the instructions in this article to manually specify Read and List permissions for the SAS token.
-
+- Using SAS tokens created with permissions that are set through defining a [stored access policy](/rest/api/storageservices/define-stored-access-policy) isn't supported. Follow the instructions in this article to manually specify Read and List permissions for the SAS token.
 - Backup files that contain percent sign (%) or dollar sign ($) characters in the file name can't be consumed by LRS. Consider renaming such file names.
 - You must place backup files for different databases in separate folders on the Blob Storage account in a flat-file structure. Nesting folders inside database folders isn't supported.
 - If you're using autocomplete mode, the entire backup chain needs to be available in advance on the Blob Storage account. It isn't possible to add new backup files in autocomplete mode. Use continuous mode if you need to add new backup files while migration is in progress.
 - You must start LRS separately for each database that points to the full URI path that contains an individual database folder. 
 - LRS can support up to 100 simultaneous restore processes per single managed instance.
 - A single LRS job can run for a maximum of 30 days, after which it will be automatically canceled.
+- While it's possible to use an Azure Storage account behind a firewall, extra configuration is necessary, and the storage account and managed instance must either be in the same region, or two paired regions. Review [Configure firewall](log-replay-service-migrate.md#configure-azure-storage-behind-a-firewall) to learn more. 
+
+   
 
 > [!TIP]
 > If you require a database to be read-only accessible during the migration, with a much longer time frame for performing the migration and with minimal downtime, consider using the [Azure SQL Managed Instance link](managed-instance-link-feature-overview.md) feature as a recommended migration solution.