Modified the extension installatiomn steps

anosov1960 · anosov1960 · commit 87ec91251ef4 · 2021-07-29T01:47:06.000-07:00
diff --git a/docs/sql-server/azure-arc/connect.md b/docs/sql-server/azure-arc/connect.md
@@ -44,30 +44,59 @@ az provider register --namespace 'Microsoft.AzureArcData'
 ```
 ---
 
+
 ## Initiate the connection from Azure
 
 If the machine with SQL Server is already connected to Azure Arc, you can register the SQL Server instances on that machine by installing the SQL Server extension (*WindowsAgent.SqlServer*).  Once installed, the SQL Server extension will recognize all the installed SQL Server instances and register them with Azure Arc. The extension will run continuously to detect changes of the SQL Server configuration. For example, if a new SQL Server instance is installed on the machine, if will be automatically registered with Azure. See [virtual machine extension management](/azure/azure-arc/servers/manage-vm-extensions) for instructions how to install and uninstall extensions using  Azure Portal, Azure PowerShell or Azure CLI.
 
 > [!IMPORTANT]
-> The __SQL Server - Azure Arc__ resource for each SQL Server instance installed on the machine will be created in the same region and the resource group as the corresponding __Machine - Azure Arc__ resource.
+>1. The Managed System Identity for the corresponding **Machine - Azure Arc** must have the *Azure Connected SQL Server Onboarding* role at resource group level.
+>2. The __SQL Server - Azure Arc__ resource for each SQL Server instance installed on the machine will be created in the same region and the resource group as the corresponding __Machine - Azure Arc__ resource.
 
 # [Azure portal](#tab/azure)
 
+To assign the *Azure Connected SQL Server Onboarding* role to Arc machine managed identity, use the following steps:
+
+* Select the resource group with the **Machine - Azure Arc** resource.
+* Select **Access control (IAM)**
+* Click **+ Add** and select **Add role assignment**
+For **Role**, select `Azure Connected SQL Server Onboarding`
+For **Assign access to**, select `User, group or service principal`
+For **Select**, search for your **Machine - Azure Arc** name and select it.
+* Click **Save**.
+
+To install the SQL Server extension, use the following steps:
+
 1. Open the __Machine - Azure Arc__ resource. 
 2. Under __Extensions__, click __+ Add__ 
 1. Select `WindowsAgent.SqlServer` from the list and click __Create__.
 
 # [PowerShell](#tab/powershell)
 
+To assign *Azure Connected SQL Server Onboarding* role to the machine's managed identity, run:
+
 ```powershell
-$Settings = @{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}
+$spID = (Get-AzADServicePrincipal -DisplayName $arcMachineName).Id
+New-AzRoleAssignment -ObjectId $spID RoleDefinitionName "Azure Connected SQL Server Onboarding" -ResourceGroupName {resource group name}
+```
+
+To install the SQL Server extension, run:
 
+```powershell
+$Settings = @{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}
 New-AzConnectedMachineExtension -Name "WindowsAgent.SqlServer" -ResourceGroupName {your resource group name} -MachineName {your machine name} -Location {azure region} -Publisher "Microsoft.AzureData" -Settings $Settings -ExtensionType "WindowsAgent.SqlServer"
 ```
 
 # [Azure CLI](#tab/az)
 
-Run:
+To assign the *Azure Connected SQL Server Onboarding* role to Arc machine managed identity, run:
+
+```azurecli
+spID=$(az resource list -n <ArcMachineName> --query [*].identity.principalId --out tsv)
+az role assignment create --assignee $spID --role 'Azure Connected SQL Server Onboarding ' --scope /subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>
+```
+
+To install the SQL Server extension, run:
 
 ```azurecli
    az connectedmachine extension create --machine-name "{your machine name}" --location {"azure region"} --name "WindowsAgent.SqlServer" --resource-group "{your resource group name}" --type "WindowsAgent.SqlServer" --publisher "Microsoft.AzureData" --settings '{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}'
diff --git a/docs/sql-server/azure-arc/release-notes.md b/docs/sql-server/azure-arc/release-notes.md
@@ -19,6 +19,8 @@ Azure Arc-enabled SQL Server releases for general availability support
 
 This release introduces a SQL Server extension that continuously monitors for changes of the SQL Server configuration and automatically updates the corresponding __SQL Server - Azure Arc__ resources. The extension is installed as part of the SQL Server instance registration process. To upgrade your existing __SQL Server - Azure Arc__ resources to an agent-based configuration, use any of the methods described in [Connect your SQL Server to Azure Arc](connect.md).
 
+This release also introduces a built-in role *Azure Connected SQL Server Onboarding* that defines the minimal permissions that would allow the hosting machine's MSI to onboard both the machine and the SQL Server instances to to Azure Arc.
+
 > [!NOTE]
 > In this release, the SQL Server extension is only available for  Windows. A Linux version of the extension will be announced separately.  
 
