MicrosoftDocs
diff --git a/‎azure-sql/database/network-access-controls-overview.md‎
Lines changed: 9 additions & 11 deletions b/‎azure-sql/database/network-access-controls-overview.md‎
Lines changed: 9 additions & 11 deletions
diff --git a/‎azure-sql/virtual-machines/windows/availability-group-azure-portal-configure.md‎
Lines changed: 2 additions & 2 deletions b/‎azure-sql/virtual-machines/windows/availability-group-azure-portal-configure.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎azure-sql/virtual-machines/windows/media/availability-group-az-portal-configure/windows-ad-domain.png‎
-1.96 KB b/‎azure-sql/virtual-machines/windows/media/availability-group-az-portal-configure/windows-ad-domain.png‎
-1.96 KB
diff --git a/‎docs/big-data-cluster/deployment-upgrade.md‎
Lines changed: 21 additions & 21 deletions b/‎docs/big-data-cluster/deployment-upgrade.md‎
Lines changed: 21 additions & 21 deletions
@@ -5,7 +5,7 @@ description: Overview of how to manage and control network access for Azure SQL
 author: rohitnayakmsft
 ms.author: rohitna
 ms.reviewer: wiassaf, vanto, mathoma
-ms.date: 07/18/2022
+ms.date: 03/07/2023
 ms.service: sql-database
 ms.subservice: security
 ms.topic: conceptual
@@ -20,7 +20,7 @@ When you create a logical server from the [Azure portal](single-database-create-
 
 You can use the following network access controls to selectively allow access to a database via the public endpoint:
 
-- Allow Azure Services: When set to ON, other resources within the Azure boundary, for example an Azure Virtual Machine, can access SQL Database
+- Allow Azure services and resources to access this server: When enabled, other resources within the Azure boundary, for example an Azure Virtual Machine, can access SQL Database
 - IP firewall rules: Use this feature to explicitly allow connections from a specific IP address, for example from on-premises machines
 
 You can also allow private access to the database from [virtual networks](/azure/virtual-network/virtual-networks-overview) via:
@@ -37,26 +37,25 @@ See the below video for a high-level explanation of these access controls and wh
 
 ## Allow Azure services
 
-By default during creation of a new logical server [from the Azure portal](single-database-create-quickstart.md), this setting is set to **OFF**. This setting appears when connectivity is allowed using public service endpoint.
+By default during creation of a new logical server [from the Azure portal](single-database-create-quickstart.md), **Allow Azure services and resources to access this server** is unchecked and not enabled. This setting appears when connectivity is allowed using public service endpoint.
 
 You can also change this setting via the **Networking** setting after the logical server is created as follows: 
 
 ![Screenshot of manage server firewall][2]
 
-When set  to **ON**, your server allows communications from all resources inside the Azure boundary, that may or may not be part of your subscription.
+When **Allow Azure services and resources to access this server** is enabled, your server allows communications from all resources inside the Azure boundary, that may or may not be part of your subscription.
 
-In many cases, the **ON** setting is more permissive than what most customers want. You may want to set this setting to **OFF** and replace it with more restrictive IP firewall rules or virtual network firewall rules. 
+In many cases, enabling the setting is more permissive than what most customers want. You may want to uncheck this setting and replace it with more restrictive IP firewall rules or virtual network firewall rules. 
 
 However, doing so affects the following features that run on virtual machines in Azure that aren't part of your virtual network and hence connect to the database via an Azure IP address:
 
 ### Import Export Service
 
-Import Export Service doesn't work when **Allow access to Azure services** is set to **OFF**. However you can work around the problem [by manually running SqlPackage from an Azure VM or performing the export](./database-import-export-azure-services-off.md) directly in your code by using the DACFx API.
+Import Export Service doesn't work when **Allow Azure services and resources to access this server** is not enabled. However you can work around the problem [by manually running SqlPackage from an Azure VM or performing the export](./database-import-export-azure-services-off.md) directly in your code by using the DACFx API.
 
 ### Data Sync
 
-To use the Data sync feature with **Allow access to Azure services** set to **OFF**, you need to create individual firewall rule entries to [add IP addresses](firewall-create-server-level-portal-quickstart.md) from the **Sql service tag** for the region hosting the **Hub** database.
-Add these server-level firewall rules to the servers hosting both **Hub** and **Member** databases (which may be in different regions)
+To use the Data sync feature with **Allow Azure services and resources to access this server** not enabled, you need to create individual firewall rule entries to [add IP addresses](firewall-create-server-level-portal-quickstart.md) from the **Sql service tag** for the region hosting the **Hub** database. Add these server-level firewall rules to the servers hosting both **Hub** and **Member** databases (which may be in different regions)
 
 Use the following PowerShell script to generate IP addresses corresponding to the SQL service tag for West US region
 
@@ -97,16 +96,15 @@ start          end
 13.86.216.192  13.86.216.223
 ```
 
-You can now add these as distinct firewall rules and then set **Allow Azure services to access server**  to OFF.
+You can now add these as distinct firewall rules and then disable the setting **Allow Azure services and resources to access this server**.
 
 ## IP firewall rules
 
 Ip based firewall is a feature of the logical server in Azure that prevents all access to your server until you explicitly [add IP addresses](firewall-create-server-level-portal-quickstart.md) of the client machines.
 
 ## Virtual network firewall rules
 
-In addition to IP rules, the server firewall allows you to define *virtual network rules*.  
-To learn more, see [Virtual network service endpoints and rules for Azure SQL Database](vnet-service-endpoint-rule-overview.md) or watch this video:
+In addition to IP rules, the server firewall allows you to define *virtual network rules*. To learn more, see [Virtual network service endpoints and rules for Azure SQL Database](vnet-service-endpoint-rule-overview.md) or watch this video:
 
 > [!VIDEO https://learn.microsoft.com/shows/Data-Exposed/Data-Exposed--Demo--Vnet-Firewall-Rules-for-SQL-Database/player?WT.mc_id=dataexposed-c9-niner]
 
 
@@ -51,9 +51,9 @@ To configure an Always On availability group by using the Azure portal, you must
 
 - The following account permissions:
 
-  - A domain admin user account that has **Create Computer Object** permissions in the domain. This user will create the cluster and availability group, and will install SQL Server. 
+  - A domain user account that has **Create Computer Object** permissions in the domain. This user will create the cluster and availability group, and will install SQL Server.
 
-    For example, a domain admin account (`account@domain.com`) typically has sufficient permission. This account should also be part of the local administrator group on each VM to create the cluster.
+    For example, a domain user account (`account@domain.com`) typically has sufficient permission. This account should also be part of the local administrator group on each VM to create the cluster.
 
   - A domain SQL Server service account to control SQL Server. This should be the same account for every SQL Server VM that you want to add to the availability group.
 
 
@@ -4,13 +4,12 @@ titleSuffix: SQL Server Big Data Clusters
 description: Learn how to upgrade SQL Server Big Data Clusters to a new release.
 author: HugoMSFT
 ms.author: hudequei
-ms.reviewer: wiassaf
-ms.date: 09/21/2021
+ms.reviewer: wiassaf, randolphwest
+ms.date: 03/07/2023
 ms.service: sql
 ms.subservice: big-data-cluster
 ms.topic: conceptual
 ---
-
 # How to upgrade [!INCLUDE[big-data-clusters-2019](../includes/ssbigdataclusters-ss-nover.md)]
 
 [!INCLUDE[SQL Server 2019](../includes/applies-to-version/sqlserver2019.md)]
@@ -22,14 +21,14 @@ The upgrade path depends on the current version of SQL Server Big Data Cluster.
 - [Upgrade from supported release](#upgrade-from-supported-release)
 - [Update a BDC deployment from CTP or release candidate](#update-a-bdc-deployment-from-ctp-or-release-candidate)
 
->[!NOTE]
->The oldest currently supported release of Big Data Clusters is SQL Server 2019 CU8.
+> [!NOTE]  
+> The oldest currently supported release of Big Data Clusters is SQL Server 2019 CU8.
 
 ## Upgrade release notes
 
 Before you proceed, check the [upgrade release notes for known issues](release-notes-big-data-cluster.md#known-issues).
 
-> [!WARNING]
+> [!WARNING]  
 > The parameter ```imagePullPolicy``` was required to be set as ```"Always"``` in the deployment profile control.json file when the cluster was initially deployed. This parameter can't be changed after deployment.
 > In the case that it is set with a different value, unexpected results may happen during the upgrade process and a cluster redeployment will be required.
 
@@ -51,22 +50,22 @@ This section explains how to upgrade a SQL Server BDC from a supported release (
    ```
    azdata bdc hdfs cp --from-path <path> --to-path <path>
    ```
-   
-   For example: 
+
+   For example:
 
    ```
    azdata bdc hdfs cp --from-path hdfs://user/hive/warehouse/%%D --to-path ./%%D
    ```
 
 1. Update [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)].
 
-   Follow the instructions for installing [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)]. 
+   Follow the instructions for installing [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)].
    - [Windows installer](../azdata/install/deploy-install-azdata-installer.md)
    - [Linux with apt](../azdata/install/deploy-install-azdata-linux-package.md)
    - [Linux with yum](../azdata/install/deploy-install-azdata-yum.md)
    - [Linux with zypper](../azdata/install/deploy-install-azdata-zypper.md)
 
-   >[!NOTE]
+   > [!NOTE]  
    >If [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)] was installed with `pip` you need to manually remove it before installing with the Windows installer or the Linux package manager.
 
 1. Update the Big Data Cluster.
@@ -75,17 +74,17 @@ This section explains how to upgrade a SQL Server BDC from a supported release (
    azdata bdc upgrade -n <clusterName> -t <imageTag> -r <containerRegistry>/<containerRepository>
    ```
 
-   For example, the following script uses `2019-CU6-ubuntu-16.04` image tag:
+   For example, the following script uses `2019-CU19-ubuntu-20.04` image tag:
 
    ```
-   azdata bdc upgrade -n bdc -t 2019-CU6-ubuntu-16.04 -r mcr.microsoft.com/mssql/bdc
+   azdata bdc upgrade -n bdc -t 2019-CU19-ubuntu-20.04 -r mcr.microsoft.com/mssql/bdc
    ```
 
->[!NOTE]
->The latest image tags are available at [SQL Server 2019 Big Data Clusters release notes](release-notes-big-data-cluster.md).
+> [!NOTE]  
+> The latest image tags are available at [SQL Server 2019 Big Data Clusters release notes](release-notes-big-data-cluster.md).
 
->[!IMPORTANT]
->If you use a private repository to pre-pull the images for deploying or upgrading BDC, ensure that the current build images as well as >the target build images are in the private repository. This enables successful rollback, if necessary. Also, if you changed the >credentials of the private repository since the original deployment, update the corresponding environment variables DOCKER_PASSWORD and >DOCKER_USERNAME. Upgrading using different private repositories for current and target builds is not supported.
+> [!IMPORTANT]  
+> If you use a private repository to pre-pull the images for deploying or upgrading BDC, ensure that the current build images as well as >the target build images are in the private repository. This enables successful rollback, if necessary. Also, if you changed the >credentials of the private repository since the original deployment, update the corresponding environment variables DOCKER_PASSWORD and >DOCKER_USERNAME. Upgrading using different private repositories for current and target builds is not supported.
 
 ### Increase the timeout for the upgrade
 
@@ -105,12 +104,13 @@ A timeout can occur if certain components are not upgraded in the allocated time
 To increase the timeouts for an upgrade, use **--controller-timeout** and **--component-timeout** parameters to specify higher values when you issue the upgrade. This option is only available starting with SQL Server 2019 CU2 release. For example:
 
    ```bash
-   azdata bdc upgrade -t 2019-CU6-ubuntu-16.04 --controller-timeout=40 --component-timeout=40 --stability-threshold=3
+   azdata bdc upgrade -t 2019-CU19-ubuntu-20.04 --controller-timeout=40 --component-timeout=40 --stability-threshold=3
    ```
+
 **--controller-timeout** designates the number of minutes to wait for the controller or controller db to finish upgrading.
 **--component-timeout** designates the amount of time that each subsequent phase of the upgrade has to complete.
 
-To increase the timeouts for an upgrade before the SQL Server 2019 CU2 release, edit the upgrade config map. To edit the upgrade config map:
+To increase the timeouts for an upgrade before the SQL Server 2019 CU19 release, edit the upgrade config map. To edit the upgrade config map:
 
 Run the following command:
 
@@ -142,10 +142,10 @@ There is no in place upgrade for big data clusters deployed before SQL Server 20
     azdata bdc delete --name <old-cluster-name>
    ```
 
-   > [!Important]
+   > [!IMPORTANT]  
    > Use the version of [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)] that matches your cluster. Do not delete an older cluster with the newer version of [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)].
 
-   > [!Note]
+   > [!NOTE]  
    > Issuing a `azdata bdc delete` command will result in all objects created within the namespace identified with the big data cluster name to be deleted, but not the namespace itself. Namespace can be reused for subsequent deployments as long as it is empty and no other applications were created within.
 
 1. Uninstall the old version of [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)].
@@ -168,7 +168,7 @@ There is no in place upgrade for big data clusters deployed before SQL Server 20
    pip3 install -r https://aka.ms/azdata --user
    ```
 
-   > [!IMPORTANT]
+   > [!IMPORTANT]  
    > For each release, the path to the `n-1` version of [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)] changes. Even if you previously installed [!INCLUDE [azure-data-cli-azdata](../includes/azure-data-cli-azdata.md)], you must reinstall from the latest path before creating the new cluster.
 
 ### <a id="azdataversion"></a> Verify the azdata version