Final stage for January release. (#25639)

Co-authored-by: Raj Pochiraju <rajpo@microsoft.com>
Co-authored-by: Mike Ray (Microsoft) <noreply-mikeray@microsoft.com>
Co-authored-by: Alexander (Sasha) Nosov <alex.nosov@hotmail.com>
Co-authored-by: prmerger-automator[bot] <40007230+prmerger-automator[bot]@users.noreply.github.com>
Co-authored-by: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com>

Author: 6 people

azure-sql/virtual-machines/windows/sql-agent-extension-automatic-registration-all-vms.md

@@ -4,7 +4,7 @@ description: Learn how to enable the automatic registration feature to automatic
 author: adbadram
 ms.author: adbadram
 ms.reviewer: mathoma
-ms.date: 10/26/2021
+ms.date: 01/10/2021
 ms.service: virtual-machines-sql
 ms.subservice: management
 ms.topic: how-to
@@ -37,6 +37,21 @@ By default, Azure VMs with SQL Server 2016 or later installed will be automatica
 > [!IMPORTANT]
 > The SQL IaaS Agent extension collects data for the express purpose of giving customers optional benefits when using SQL Server within Azure Virtual Machines. Microsoft will not use this data for licensing audits without the customer's advance consent. See the [SQL Server privacy supplement](/sql/sql-server/sql-server-privacy#non-personal-data) for more information.
 
+## Integration with centrally managed Azure Hybrid Benefit
+
+Centrally managed Azure Hybrid Benefit (CM-AHB) is a service that helps customers optimize their Azure costs and use other benefits such as:
+
+- Moving all pay-as-you-go (full price) SQL PaaS/IaaS workloads to take advantage of your Hybrid Benefits without individually configuring them to enable Azure Hybrid Benefit
+- Ensuring that all your SQL workloads are licensed in compliance with the existing license agreements.
+- Separating the license compliance management roles from devops roles using RBAC
+- Take advantage of free business continuity by ensuring that your passive & DR environments are properly identified. 
+- Leverage your MSDN licenses in Azure for non-production environments. 
+
+CM-AHB uses data provided by the SQL IaaS Agent extension to account for the number of SQL Server licenses used by the individual Azure VMs and provides recommendations to the billing admin during the license assignment process. Using the recommendations ensures that you get the maximum discount by using Azure Hybrid Benefit. If your VMs are not registered with the SQL IaaS Agent extension when CM-AHB is enabled by your billing admin, the service will not receive the full usage data from your Azure subscriptions and therefore the CM-AHB recommendations will be inaccurate.  
+
+> [!IMPORTANT]
+> If automatic registration is activated after CM-AHB is enabled, you will run the risk of unnecessary pay-as-you-go charges for your SQL Server on Azure VM workloads.
+To mitigate this risk, you need to adjust your license assignments in CM-AHB to account for the additional usage that will be reported by the SQL IaaS Agent extension after auto-registration. We published an [open source tool](https://github.com/microsoft/sql-server-samples/tree/master/samples/manage/azure-hybrid-benefit) that provides insights into the utilization of SQL Server licenses, including the utilization by the SQL Servers on Azure Virtual Machines that are not yet registered with the SQL IaaS Agent extension.    
 
 ## Prerequisites
 

docs/sql-server/azure-arc/assess.md

@@ -4,7 +4,7 @@ description: In this article, you learn different ways of connecting SQL Server
 author: anosov1960
 ms.author: sashan
 ms.reviewer: mikeray, randolphwest
-ms.date: 09/06/2022
+ms.date: 01/12/2023
 ms.service: sql
 ms.topic: conceptual
 ---
@@ -65,6 +65,22 @@ You can automatically connect SQL Server instances on multiple Arc-enabled machi
 
 To create an Azure Policy assignment, you need the `Resource Policy Contributor` role assignment on the scope - subscription or resource group - that you are targeting the assignment to. Further, if you are going to create a *new* system assigned managed identity, you need the `User Access Administrator` role assignment in the subscription.
 
+### Connect at-scale using Azure Policy assignment
+
+If you want to select an existing user assigned managed identity or have more granular control over the configuration of the at-scale onboarding policy, you can create the Azure Policy assignment. 
+
+1. Navigate to **Azure Policy** in the Azure portal and choose **Definitions**. 
+1. Search for *Configure Arc-enabled machines running SQL Server to have SQL Server extension installed.* and click on the policy.
+1. Select **Assign**. 
+1. Choose a Scope. 
+1. Select **Next**, and **Next**.  
+1. On the **Remediation** tab, click **Create a remediation task**.
+1. Choose **System assigned managed identity** (recommended) or **User assigned managed identity** and choose a managed identity which has *User Access Administration* and *Log Analytics Contributor* role assignments. 
+1. Click **Review + Create**.
+1. Click **Create**.
+
+See [Azure Policy documentation](/azure/governance/policy) for general instructions about how to assign an Azure policy using Azure portal or an API of your choice.
+
 > [!IMPORTANT]
 > The Arc-enabled SQL Server resources for the `SQL Server - Azure Arc` resources are created in the same region and the resource group as the `Server - Azure Arc` resources on which they are hosted.
 
@@ -85,21 +101,7 @@ To do this,
 
 These steps create a new Azure Policy assignment of the *Configure Arc-enabled machines running SQL Server to have SQL Server extension installed* policy definition to the selected subscription and, optionally, a specific resource group scope. A new system assigned managed identity is created and granted the required permissions to onboard Arc-enabled SQL Servers. This new managed identity is used by the policy remediation to install the Azure extension for SQL Server.
 
-### Connect at-scale using Azure Policy assignment
-
-If you want to select an existing user assigned managed identity or have more granular control over the configuration of the at-scale onboarding policy, you can create the Azure Policy assignment. 
 
-1. Navigate to **Azure Policy** in the Azure portal and choose **Definitions**. 
-1. Search for *Configure Arc-enabled machines running SQL Server to have SQL Server extension installed.* and click on the policy.
-1. Select **Assign**. 
-1. Choose a Scope. 
-1. Select **Next**, and **Next**.  
-1. On the **Remediation** tab, click **Create a remediation task**.
-1. Choose **System assigned managed identity** (recommended) or **User assigned managed identity** and choose a managed identity which has *User Access Administration* and *Log Analytics Contributor* role assignments. 
-1. Click **Review + Create**.
-1. Click **Create**.
-
-See [Azure Policy documentation](/azure/governance/policy) for general instructions about how to assign an Azure policy using Azure portal or an API of your choice.
 
 ## Connect multiple SQL Server instances using script
 

docs/sql-server/azure-arc/billing.md

@@ -4,7 +4,7 @@ description: Connect an instance of SQL Server to Azure Arc. Allows you to manag
 author: anosov1960
 ms.author: sashan
 ms.reviewer: mikeray, maghan
-ms.date: 12/06/2022
+ms.date: 01/12/2023
 ms.service: sql
 ms.topic: conceptual
 ms.custom: event-tier1-build-2022
@@ -26,6 +26,8 @@ You can connect your existing SQL Server instance to Azure Arc by following thes
 
    Microsoft.AzureArcData/sqlServerInstances/write
 
+Users can be assigned to built-in roles that have these permissions, for example Contributor or Owner. See [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal) for more information.
+
 > [!NOTE]  
 > SQL Server on Azure Arc-enabled servers does not support SQL Server Failover Cluster Instances.
 
@@ -64,7 +66,6 @@ If the machine with SQL Server is already connected to Azure Arc, you can connec
 
 > [!IMPORTANT]  
 >
-> - The Managed System Identity used by the Azure connected machine agent must have the *Azure Connected SQL Server Onboarding* role at the resource group level.
 > - The Azure resource with type `SQL Server - Azure Arc` representing the SQL Server instance installed on the machine uses the same region and resource group as the Azure resources for Arc-enabled servers.
 
 ## [Azure portal](#tab/azure)
@@ -75,15 +76,18 @@ To install the Azure extension for SQL Server, use the following steps:
 1. Search for the connected server with the SQL Server instance that you want to connect to Azure.
 1. Under **Extensions**, select **+ Add**.
 1. Select `Azure extension for SQL Server` and select **Next**.
-1. Specify the SQL Server instance(s) you want to exclude from registering (if you have multiple instances installed on the server) and select **Review + Create**.
+1. Specify the SQL Server edition and license type you are using on this machine.
+1. Specify the SQL Server instance(s) you want to exclude from registering (if you have multiple instances to skip, separate them by spaces) and select **Review + Create**.
+   :::image type="content" source="media/join/license-type-in-extension.png" alt-text="Screenshot for license type and exclude instances.":::
 1. Select **Create**.
 
 ## [PowerShell](#tab/powershell)
 
 To install *Azure extension for SQL Server*, run:
 
 ```powershell
-$Settings = @{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}
+$Settings = @{ SqlManagement = @{ IsEnabled = $true }; ExcludedSqlInstances = @(<Comma separated names of SQL Server instances, eg: "MSSQLSERVER01","MSSQLSERVER">); LicenseType="<License Type>"}
+
 New-AzConnectedMachineExtension -Name "WindowsAgent.SqlServer" -ResourceGroupName {your resource group name} -MachineName {your machine name} -Location {azure region} -Publisher "Microsoft.AzureData" -Settings $Settings -ExtensionType "WindowsAgent.SqlServer"
 ```
 
@@ -92,15 +96,18 @@ New-AzConnectedMachineExtension -Name "WindowsAgent.SqlServer" -ResourceGroupNam
 To install *Azure extension for SQL Server* for Windows Operating System, run:
 
 ```azurecli
-   az connectedmachine extension create --machine-name "{your machine name}" --location "{azure region}" --name "WindowsAgent.SqlServer" --resource-group "{your resource group name}" --type "WindowsAgent.SqlServer" --publisher "Microsoft.AzureData" --settings '{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}'
+az connectedmachine extension create --machine-name "{your machine name}" --location "{azure region}" --name "WindowsAgent.SqlServer" --resource-group "{your resource group name}" --type "WindowsAgent.SqlServer" --publisher "Microsoft.AzureData" --settings "{\"SqlManagement\":{\"IsEnabled\":true}, \"LicenseType\":\"<License Type>\", \"ExcludedSqlInstances\":[]}"
 ```
 
 To install *Azure extension for SQL Server* for Linux operating system, run:
 
 ```azurecli
-   az connectedmachine extension create --machine-name "{your machine name}" --location "{azure region}" --name "LinuxAgent.SqlServer" --resource-group "{your resource group name}" --type "LinuxAgent.SqlServer" --publisher "Microsoft.AzureData" --settings '{\"SqlManagement\":{\"IsEnabled\":true},  \"excludedSqlInstances\":[]}'
+settings="{\"SqlManagement\":{\"IsEnabled\":true},\"LicenseType\":\"<License Type>\"}"
+az connectedmachine extension create --machine-name "{your machine name}" --location "{azure region}" --name "LinuxAgent.SqlServer" --resource-group "{your resource group name}" --type "LinuxAgent.SqlServer" --publisher "Microsoft.AzureData" --settings $settings
 ```
 
+The possible licensing types that you can set are, PAYG, Paid and LicenseOnly
+
 *Azure extension for SQL Server* for Linux is available for preview.
 
 ---
@@ -119,18 +126,31 @@ If the server that runs your SQL Server instance isn't yet connected to Azure, y
 
    :::image type="content" source="media/join/start-creation-of-sql-server-azure-arc-resource.png" alt-text="Screenshot of the start creation.":::
 
-1. Select **Connect SQL Server to Azure Arc**
+1. Under **Connect SQL Server to Azure Arc**, select **Connect Servers**
 
 1. Review the prerequisites and select **Next: Server details**
 
-1. Select the subscription, resource group, Azure region, and host operating system. If necessary, specify the proxy your network uses to connect to the Internet.
+1. Specify:
+
+    - **Subscription**
+    - **Resource group**
+    - **Region**
+    - **Operating system**
+
+    If necessary, specify the proxy your network uses to connect to the Internet.
+
+   :::image type="content" source="media/join/server-details-sql-server-azure-arc.png" alt-text="Screenshot of server details.":::
+
+1. Select the SQL Server edition and license type you are using on this machine. [Learn more:](billing.md).
+
+1. Specify the SQL Server instance(s) you want to exclude from registering (if you have multiple instances installed on the server).  Separate each excluded instance by a space.
 
    > [!IMPORTANT]  
    > If the machine hosting the SQL Server instance is already [connected to Azure Arc](/azure/azure-arc/servers/onboard-portal), make sure to select the same resource group that contains the corresponding **Server - Azure Arc** resource.
 
-   :::image type="content" source="media/join/server-details-sql-server-azure-arc.png" alt-text="Screenshot of server details.":::
+   :::image type="content" source="media/join/server-details-sql-server-management-azure-arc.png" alt-text="Screenshot of server management details.":::
 
-1. Select **Tags** to optionally add tags to the resource for your SQL Server instance.
+1. Select **Next: Tags** to optionally add tags to the resource for your SQL Server instance.
 
 1. Select **Run script** to generate the onboarding script.
 Screenshot of
@@ -182,15 +202,15 @@ Alternatively, you can also onboard your SQL Servers to Azure Arc by directly us
 
    If you use Azure Active Directory service principal to authenticate, execute the command below on the target SQL Server.
 
-   ```powershell
-   '& "$env:ProgramW6432\AzureExtensionForSQLServer\AzureExtensionForSQLServer.exe" --subId <subscriptionid> --resourceGroup <resourceGroupName> --location <AzureLocation> --tenantid <TenantId> --service-principal-app-id <servicePrincipalAppId> --service-principal-secret <servicePrincipalSecret> --proxy <proxy> --tags ""'
-   ```
+  ```powershell
+  '& "$env:ProgramW6432\AzureExtensionForSQLServer\AzureExtensionForSQLServer.exe" --subId <subscriptionid> --resourceGroup <resourceGroupName> --location <AzureRegion> --tenantid <TenantId> --service-principal-app-id <servicePrincipalAppId> --service-principal-secret <servicePrincipalSecret> --proxy <proxy> --licenseType <licenseType> --excluded-SQL-instances <"MSSQLSERVER01 MSSQLSERVER02 MSSQLSERVER15">'
+  ```
 
    Otherwise, execute the command below on the target SQL Server.
 
-   ```powershell
-   '& "$env:ProgramW6432\AzureExtensionForSQLServer\AzureExtensionForSQLServer.exe" --subId  <subscriptionid>--resourceGroup <resourceGroupName> --location <AzureLocation> --tenantid <TenantId>  --proxy  <proxy> --tags ""'
-   ```
+  ```powershell
+  '& "$env:ProgramW6432\AzureExtensionForSQLServer\AzureExtensionForSQLServer.exe" --subId <subscriptionid> --resourceGroup <resourceGroupName> --location $location --tenantid <TenantId> --proxy <proxy> --licenseType <licenseType> --excluded-SQL-instances <"MSSQLSERVER01 MSSQLSERVER02 MSSQLSERVER15">'
+  ```
 
  > [!IMPORTANT]  
  > Microsoft Azure Arc-enabled SQL Server is licensed to you as part of your or your company's subscription license for Microsoft Azure Services. You may only use the software with Microsoft Azure Services and are subject to the terms and conditions of the agreement under which you obtained Microsoft Azure Services. You may not use the software if you do not have an active subscription license for Microsoft Azure Services.