Merge pull request #32550 from MashaMSFT/202412_sqlvm

Updating permissions and management

Author: JamesJBarnett

azure-sql/includes/sql-vm-feature-benefits.md

@@ -12,14 +12,13 @@ ms.topic: include
 | **Automated backup** |Automates the scheduling of backups for all databases for either the default instance or a [properly installed named instance](../virtual-machines/windows/frequently-asked-questions-faq.yml#can-i-use-a-named-instance-of-sql-server-with-the-iaas-extension-) of SQL Server on the VM. For more information, see [Automated backup for SQL Server in Azure virtual machines (Resource Manager)](../virtual-machines/windows/automated-backup-sql-2014.md). <br /> <br /> Requires SQL IaaS Agent extension. |
 | **Automatic patching** | Automatically install Windows and SQL Server security updates (including Cumulative Updates for SQL Server) to your virtual machine during a configured maintenance window to avoid updating during peak times for your workload. For more information, see [Automatic patching through Azure Update Manager](../virtual-machines/azure-update-manager-sql-vm.md). <br /> <br /> Requires SQL IaaS Agent extension.  |
 | **Azure Key Vault integration** |Enables you to automatically install and configure Azure Key Vault on your SQL Server VM. For more information, see [Configure Azure Key Vault integration for SQL Server on Azure Virtual Machines (Resource Manager)](../virtual-machines/windows/azure-key-vault-integration-configure.md). <br /> <br /> Requires SQL IaaS Agent extension. |
-| **Configure tempdb** | You can [configure your tempdb](../virtual-machines/windows/manage-sql-vm-portal.md#storage-configuration) directly from the Azure portal, such as specifying the number of files, their initial size, their location, and the autogrowth ratio. Restart your SQL Server service for the changes to take effect. <br /> <br /> Requires SQL IaaS Agent extension.  | 
+| **Configure tempdb** | You can [configure your tempdb](../virtual-machines/windows/manage-sql-vm-portal.md#storage) directly from the Azure portal, such as specifying the number of files, their initial size, their location, and the autogrowth ratio. Restart your SQL Server service for the changes to take effect. <br /> <br /> Requires SQL IaaS Agent extension.  | 
 | **Defender for Cloud portal integration** | If you've enabled [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-usage), then you can view Defender for Cloud recommendations directly in the [SQL virtual machines](../virtual-machines/windows/manage-sql-vm-portal.md) resource of the Azure portal. See [Security best practices](../virtual-machines/windows/security-considerations-best-practices.md) to learn more. <br /> <br /> Requires SQL IaaS Agent extension. |
 | **Extended security updates** | Automatically receive security updates for your SQL Server on Azure VMs, up to three years after extended [SQL Server lifecycle support](/lifecycle/products/?terms=sql%20server) ends. | 
 | **Flexible licensing** | Save on cost by [seamlessly transitioning](../virtual-machines/windows/licensing-model-azure-hybrid-benefit-ahb-change.md) from the bring-your-own-license (also known as the Azure Hybrid Benefit) to the pay-as-you-go licensing model and back again. <br /> <br /> Included with basic registration. | 
 | **Flexible version / edition** | If you decide to change the [version](../virtual-machines/windows/change-sql-server-version.md) or [edition](../virtual-machines/windows/change-sql-server-edition.md) of SQL Server, you can update the metadata within the Azure portal without having to redeploy the entire SQL Server VM.  <br /> <br /> Included with basic registration.   | 
-| **I/O Performance Analysis** | [Analyze I/O performance](../virtual-machines/windows/storage-performance-analysis.md) for your SQL Server on Azure VMs. This feature is currently in preview. <br /> <br /> Requires SQL IaaS Agent extension. |
+| **I/O Analysis** |  View an [analysis of your I/O performance](../virtual-machines/windows/storage-performance-analysis.md) in the Azure portal to find issues that result from exceeding virtual machines and data disks limits. This feature is currently in preview. <br /> <br /> Requires SQL IaaS Agent extension. |
 | **Microsoft Entra authentication** | Enhance the security of your SQL Server VM by using [Microsoft Entra ID for authentication](../virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm.md) to your SQL Server VM. <br /> <br /> Requires SQL IaaS Agent extension. | 
-| **I/O Analysis (Preview)** | View an [analysis of your I/O performance](../virtual-machines/windows/storage-performance-analysis.md) in the Azure portal to find issues that result from exceeding virtual machines and data disks limits. This feature is currently in preview. <br /> <br /> Requires SQL IaaS Agent extension. |
 | **SQL best practices assessment** | Enables you to assess the health of your SQL Server VMs by using configuration best practices. For more information, see [SQL best practices assessment](../virtual-machines/windows/sql-assessment-for-sql-vm.md). <br /> <br /> Requires SQL IaaS Agent extension. | 
 | **View disk utilization in portal** | Allows you to view a graphical representation of the disk utilization of your SQL data files in the Azure portal. <br /> <br /> Requires SQL IaaS Agent extension. | 
 

azure-sql/virtual-machines/windows/doc-changes-updates-release-notes-whats-new-archive.md

@@ -49,7 +49,7 @@ Return to [What's new in SQL Server on Azure VMs?](doc-changes-updates-release-n
 | **Least privilege permission model for SQL IaaS Agent extension** | There is a new permissions model available for the SQL Server IaaS Agent extension that grants the least privileged permission for each feature used by the extension. To learn more, review [SQL IaaS Agent extension permissions](sql-server-iaas-agent-extension-automate-management.md#permissions-models). | 
 | **Confidential VMs** | SQL Server on Azure VMs has added support to deploy to [SQL Server on Azure confidential VMs](sql-vm-create-confidential-vm-how-to.md). To get started, review the [Quickstart: Deploy SQL Server to an Azure confidential VM](sql-vm-create-portal-quickstart.md?tabs=confidential-vm). 
 | **Azure CLI for SQL best practices assessment**| It's now possible to configure the [SQL best practices assessment](sql-assessment-for-sql-vm.md) feature using the Azure CLI. |
-| **Configure tempdb from Azure portal** | It's now possible to configure your `tempdb` settings, such as the number of files, initial size, and autogrowth ratio for an existing SQL Server instance by using the Azure portal. See [manage SQL Server VM from portal](manage-sql-vm-portal.md#storage-configuration) to learn more. |
+| **Configure tempdb from Azure portal** | It's now possible to configure your `tempdb` settings, such as the number of files, initial size, and autogrowth ratio for an existing SQL Server instance by using the Azure portal. See [manage SQL Server VM from portal](manage-sql-vm-portal.md#storage) to learn more. |
 | **SDK-style SQL projects**| Use [Microsoft.Build.Sql](https://www.nuget.org/packages/Microsoft.Build.Sql) for SDK-style SQL projects in the SQL Database Projects extension in Azure Data Studio or VS Code. This feature is currently in preview. To learn more, see [SDK-style SQL projects](/azure-data-studio/extensions/sql-database-project-extension-sdk-style-projects). |
 | **Ebdsv5-series** | The new [Ebdsv5-series](/azure/virtual-machines/ebdsv5-ebsv5-series#ebdsv5-series) provides the highest I/O throughput-to-vCore ratio in Azure along with a memory-to-vCore ratio of 8. This series offers the best price-performance for SQL Server workloads on Azure VMs. Consider this series first for most SQL Server workloads. To learn more, see the updates in [VM sizes](performance-guidelines-best-practices-vm-size.md). |
 | **Security best practices** | The [SQL Server VM security best practices](security-considerations-best-practices.md) have been rewritten and refreshed! |

azure-sql/virtual-machines/windows/manage-sql-vm-portal.md

@@ -4,7 +4,7 @@ description: Learn how to manage SQL Server on Azure VMs in the Azure portal by
 author: bluefooted
 ms.author: pamela
 ms.reviewer: mathoma
-ms.date: 10/16/2023
+ms.date: 12/19/2024
 ms.service: azure-vm-sql-server
 ms.subservice: management
 ms.topic: how-to
@@ -42,15 +42,15 @@ To access the **SQL virtual machines** resource, follow these steps:
 Selecting your SQL Server VM opens the **SQL virtual machines** resource. 
 
 > [!TIP]
-> The **SQL virtual machines** resource is for dedicated SQL Server settings. Select the name of the VM under **Virtual machine** on the **Overview** page to open settings that are specific to the underlying virtual machine. 
+> The **SQL virtual machines** resource is to manage settings dedicated to the SQL Server instance. Select the name of the VM under **Virtual machine** on the **Overview** page to open settings that are specific to the underlying virtual machine. 
 
 ## Overview page
 
 The **Overview** page of the SQL virtual machines resource provides basic information about the SQL Server VM, such as the resource group, location, license type, the name of the underlying Azure virtual machine, and storage utilization metrics. 
 
 You can also see the status of the SQL Iaas Agent extension under **Extension health status**. If your status is **Unhealthy**, or **Failed**, you can find out more information from the **Notifications** tab. 
 
-The **Notifications** tab displays information from [SQL best practices assessments](sql-assessment-for-sql-vm.md) and about issues with the [Extension health](sql-agent-extension-troubleshoot-known-issues.md#check-extension-health). 
+The **Notifications** tab displays information from [SQL best practices assessments](sql-assessment-for-sql-vm.md) and [extension health](sql-agent-extension-troubleshoot-known-issues.md#check-extension-health) while the **Features** tab shows which recommended features are and aren't configured: 
 
    :::image type="content" source="./media/manage-sql-vm-portal/sql-vm-resource.png" alt-text="Screenshot of the Azure portal, the overview pane of the SQL virtual machines resource." lightbox="./media/manage-sql-vm-portal/sql-vm-resource.png":::
 
@@ -60,26 +60,25 @@ Use the **Configure** page of the SQL virtual machines resource to change your S
 
 :::image type="content" source="./media/manage-sql-vm-portal/sql-vm-license-edition.png" alt-text="Screenshot of the Azure portal, SQL virtual machines resource, showing where to change the version and edition of SQL Server VM metadata.":::
 
-You can also modify the edition of SQL Server from the **Configure** page as well, such as **Enterprise**, **Standard**, or **Developer**. 
+You can modify the edition of SQL Server from the **Configure** page as well, such as **Enterprise**, **Standard**, or **Developer**. 
 
 Changing the license and edition metadata in the Azure portal is only supported once the version and edition of SQL Server has been modified internally to the VM. To learn more see, change the [version](change-sql-server-version.md) and [edition](change-sql-server-edition.md) of SQL Server on Azure VMs. 
 
-## Storage configuration
+## Storage
 
-> [!NOTE]
-> Making changes to [Premium SSD v2](storage-configuration-premium-ssd-v2.md) for SQL Server VMs in the Azure portal is not currently supported so the **Storage Configuration** page of the SQL virtual machines resource shows **Not extendable** for Premium SSD v2 disks.  Review [Adjust performance](/azure/virtual-machines/disks-deploy-premium-v2?tabs=azure-cli#adjust-disk-performance) to learn more.
-
-Use the **Storage Configuration** page of the SQL virtual machines resource to extend your data, log, and `tempdb` drives. For guidance, review [storage configuration](storage-configuration.md) and [Storage: Performance best practices for SQL Server on Azure VMs](performance-guidelines-best-practices-storage.md).
+The **Storage** page of the **SQL virtual machines** resource allows you to analyze the I/O performance of your SQL Server workloads (currently in preview), identify missing best practices, and configure the storage settings for your SQL Server VM: 
 
-For example, you can extend your storage:
+:::image type="content" source="./media/manage-sql-vm-portal/sql-vm-storage.png" alt-text="Screenshot of the Azure portal, SQL virtual machines resource, showing where to view storage information.":::
 
-:::image type="content" source="./media/manage-sql-vm-portal/sql-vm-storage-configuration.png" alt-text="Screenshot of the Azure portal, SQL virtual machines resource, showing where to extend storage.":::
+The **Storage** page has the following tabs: 
 
+- The [I/O Analysis](storage-performance-analysis.md) tab (currently in preview) provides insights into the I/O performance of your SQL Server workloads. Use this tab to identify VM level or disk level I/O throttling, as well as suggestions for remediation. 
+- Run I/O related best practices assessments from the [I/O Related Best Practices](sql-assessment-for-sql-vm.md) tab to identify missing storage best practices configurations for your SQL Server VM.
+- Use the [Storage Configuration](storage-configuration.md) tab to configure your data, log, and `tempdb` drives, such as to extend them. For guidance, review [storage configuration](storage-configuration.md) and [Storage: Performance best practices for SQL Server on Azure VMs](performance-guidelines-best-practices-storage.md).
 
 > [!NOTE]
-> Storage is only extendable for SQL Server VMs that were deployed from a SQL Server image in Azure Marketplace, and not currently supported for [Premium SSD v2](storage-configuration-premium-ssd-v2.md) disks.
-
-
+> - Storage is only extendable for SQL Server VMs that were deployed from a SQL Server image in Azure Marketplace, and not currently supported for [Premium SSD v2](storage-configuration-premium-ssd-v2.md) disks.
+> - Making changes to [Premium SSD v2](storage-configuration-premium-ssd-v2.md) for SQL Server VMs in the Azure portal is not currently supported so the **Storage Configuration** page of the SQL virtual machines resource shows **Not extendable** for Premium SSD v2 disks. Review [Adjust performance](/azure/virtual-machines/disks-deploy-premium-v2?tabs=azure-cli#adjust-disk-performance) to manage your Premium SSD v2 disks.
 
 ## Updates
 
@@ -99,12 +98,9 @@ If you've never enabled Update Manager before, then to enable Automated Patching
 
 ## Backups
 
-Use the **Backups** page of the SQL virtual machines resource to configure your automated backup settings, such as the retention period, which storage account to use, encryption, whether or not to back up system databases, and a backup schedule. 
-
-:::image type="content" source="./media/manage-sql-vm-portal/sql-vm-automated-backup.png" alt-text="Screenshot of the Azure portal, SQL virtual machines resource, showing where to configure automated backup and schedule.":::
-
-To learn more, see, [Automated patching](automated-backup.md). 
+Use the **Backups** page of the SQL virtual machines resource to choose between [Azure Backup](backup-restore.md#azbackup) and [Automated Backup](automated-backup.md). 
 
+Regardless of which backup solution you choose, you can use the **Backups** page to configure your backup settings, such as the retention period, backup storage location, encryption, whether or not to back up system databases, and a backup schedule. 
 
 ## High availability
 
@@ -120,7 +116,7 @@ To learn more, see [SQL best practices assessment for SQL Server on Azure VMs](s
 
 ## Security Configuration 
 
-Use the **Security Configuration** page of the SQL virtual machines resource to configure SQL Server security settings such as Azure Key Vault integration, [least privilege mode](sql-server-iaas-agent-extension-automate-management.md) or if you're on SQL Server 2022, [authentication](configure-azure-ad-authentication-for-sql-vm.md) with Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)). 
+Use the **Security Configuration** page of the SQL virtual machines resource to configure SQL Server security settings such as Azure Key Vault integration, and if you're on SQL Server 2022, [authentication](configure-azure-ad-authentication-for-sql-vm.md) with Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)). 
 
 :::image type="content" source="./media/manage-sql-vm-portal/sql-vm-security-configuration.png" alt-text="Screenshot of the Azure portal, the SQL Server security page, where you can enable authentication.":::
 
@@ -131,15 +127,13 @@ To learn more, see the [Security best practices](security-considerations-best-pr
 
 <a name="security-center"></a>
 
-## Defender for Cloud 
-
-Use the **Defender for SQL** page of the SQL virtual machine's resource to view Defender for Cloud recommendations directly in the SQL virtual machine pane. Enable [Microsoft Defender for SQL](/azure/security-center/defender-for-sql-usage) to leverage this feature. 
+## Microsoft Defender for Cloud 
 
-:::image type="content" source="./media/manage-sql-vm-portal/sql-vm-security-center.png" alt-text="Screenshot of the Azure portal, SQL virtual machines resource, showing where to configure SQL Server Defender for Cloud settings.":::
+Use the **Microsoft Defender for Cloud** page of the SQL virtual machine's resource to view Microsoft Defender for SQL server on machines recommendations directly in the SQL virtual machine page. Enable [Microsoft Defender for SQL](/azure/defender-for-cloud/defender-for-sql-usage) to use this feature. 
 
 ## SQL IaaS Agent Extension Settings 
 
-From the **SQL IaaS Agent Extension Settings** page, you can [repair the extension](sql-agent-extension-troubleshoot-known-issues.md#repair-extension) and you can enable auto upgrade to ensure you're automatically receiving updates for the extension each month. 
+From the **SQL IaaS Agent Extension Settings** page, you can [repair the extension](sql-agent-extension-troubleshoot-known-issues.md#repair-extension) and enable auto upgrade to ensure you're automatically receiving updates for the extension each month. 
 
 :::image type="content" source="media/manage-sql-vm-portal/sql-iaas-agent-settings.png" alt-text="Screenshot of the SQL IaaS Agent Extension Settings page for your SQL virtual machines resource in the Azure portal.":::
 

azure-sql/virtual-machines/windows/media/manage-sql-vm-portal/sql-vm-automated-backup.png

@@ -77,7 +77,7 @@ The following is a quick checklist of best practices for SQL Server configuratio
 - Enable [automatic tuning](/sql/relational-databases/automatic-tuning/automatic-tuning) on mission critical application databases.
 - Ensure that all [tempdb best practices](/sql/relational-databases/databases/tempdb-database#optimizing-tempdb-performance-in-sql-server) are followed.
 - [Use the recommended number of files](/troubleshoot/sql/performance/recommendations-reduce-allocation-contention#resolution), using multiple `tempdb` data files starting with one file per core, up to eight files.
-- If available, configure the `tempdb` [data and log files on the D: local SSD volume](manage-sql-vm-portal.md#storage-configuration). The SQL IaaS Agent extension handles the folder and permissions needed upon reprovisioning.
+- If available, configure the `tempdb` [data and log files on the D: local SSD volume](manage-sql-vm-portal.md#storage). The SQL IaaS Agent extension handles the folder and permissions needed upon reprovisioning.
 - Schedule SQL Server Agent jobs to run [DBCC CHECKDB](/sql/t-sql/database-console-commands/dbcc-checkdb-transact-sql#a-checking-both-the-current-and-another-database), [index reorganize](/sql/relational-databases/indexes/reorganize-and-rebuild-indexes#reorganize-an-index), [index rebuild](/sql/relational-databases/indexes/reorganize-and-rebuild-indexes#rebuild-an-index), and [update statistics](/sql/t-sql/statements/update-statistics-transact-sql#examples) jobs.
 - Monitor and manage the health and size of the SQL Server [transaction log file](/sql/relational-databases/logs/manage-the-size-of-the-transaction-log-file#Recommendations).
 - Take advantage of any new [SQL Server features](/sql/sql-server/what-s-new-in-sql-server-ver15) available for the version being used.