MicrosoftDocs
diff --git a/‎docs/analysis-services/tabular-models/data-sources-supported-ssas-tabular-1400.md‎
Lines changed: 11 additions & 6 deletions b/‎docs/analysis-services/tabular-models/data-sources-supported-ssas-tabular-1400.md‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎docs/connect/oledb/applications/using-connection-string-keywords-with-oledb-driver-for-sql-server.md‎
Lines changed: 18 additions & 7 deletions b/‎docs/connect/oledb/applications/using-connection-string-keywords-with-oledb-driver-for-sql-server.md‎
Lines changed: 18 additions & 7 deletions
diff --git a/‎docs/connect/oledb/features/oledb-driver-for-sql-server-features.md‎
Lines changed: 4 additions & 1 deletion b/‎docs/connect/oledb/features/oledb-driver-for-sql-server-features.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎docs/connect/oledb/features/toc.yml‎
Lines changed: 2 additions & 0 deletions b/‎docs/connect/oledb/features/toc.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/connect/oledb/features/using-azure-active-directory.md‎
Lines changed: 240 additions & 0 deletions b/‎docs/connect/oledb/features/using-azure-active-directory.md‎
Lines changed: 240 additions & 0 deletions
diff --git a/‎docs/connect/oledb/help-topics/data-link-pages.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/connect/oledb/help-topics/data-link-pages.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/connect/oledb/help-topics/sql-server-login-dialog.md‎
Lines changed: 4 additions & 1 deletion b/‎docs/connect/oledb/help-topics/sql-server-login-dialog.md‎
Lines changed: 4 additions & 1 deletion
@@ -1,6 +1,6 @@
 ---
 title: "Data sources supported in SQL Server Analysis Services tabular 1400 models | Microsoft Docs"
-ms.date: 05/07/2018
+ms.date: 02/12/2019
 ms.prod: sql
 ms.technology: analysis-services
 ms.custom: tabular-models
@@ -23,18 +23,23 @@ For Azure Analysis Services, see [Data sources supported in Azure Analysis Servi
 
 ## Cloud data sources
 
-|Azure datasource  |In-memory  |DirectQuery  |
+|Datasource  |In-memory  |DirectQuery  |
 |---------|---------|---------|
 |Azure SQL Database     |   Yes      |    Yes      |
 |Azure SQL Data Warehouse     |   Yes      |   Yes       |
 |Azure Blob Storage     |   Yes       |    No      |
 |Azure Table Storage    |   Yes       |    No      |
-|Azure Cosmos DB      |  Yes        |  No        |
-|Azure Data Lake Store     |   Yes       |    No      |
-|Azure HDInsight HDFS     |     Yes     |   No       |
-|Azure HDInsight Spark (Beta)     |   Yes       |   No       |
+|Azure Cosmos DB     |  Yes        |  No        |
+|Azure Data Lake Store (Gen1)<sup>[1](#gen2)</sup>      |   Yes       |    No      |
+|Azure HDInsight HDFS    |     Yes     |   No       |
+|Azure HDInsight Spark <sup>[2](#databricks)</sup>     |   Yes       |   No       |
 ||||
 
+<a name="gen2">1</a> - ADLS Gen2 is currently not supported.   
+<a name="databricks">2</a> - Azure Databricks using the Spark connector is currently not supported.   
+
+
+
 **Provider**   
 In-memory and DirectQuery models connecting to Azure data sources use .NET Framework Data Provider for SQL Server.
 
 
@@ -29,7 +29,10 @@ manager: craigg
 
  [Performing Asynchronous Operations](../../oledb/features/performing-asynchronous-operations.md)  
  Discusses how OLE DB Driver for SQL Server supports asynchronous operations, which is the ability to return immediately without blocking on the calling thread.  
-  
+
+[Using Azure Active Directory](using-azure-active-directory.md)  
+Discusses new authentication methods introduced in OLE DB driver 18.2.1 that have more secure default settings and allow connecting to an instance of Azure SQL Database using a federated identity.
+
  [Using Multiple Active Result Sets &#40;MARS&#41;](../../oledb/features/using-multiple-active-result-sets-mars.md)  
  Discusses how OLE DB Driver for SQL Server supports multiple active result sets (MARS). MARS enables you to execute and receive multiple result sets using a single database connection  
 
 
@@ -26,6 +26,8 @@
   href: oledb-driver-for-sql-server-support-for-localdb.md
 - name: Table-Valued Parameters (OLE DB Driver for SQL Server)
   href: table-valued-parameters-oledb-driver-for-sql-server.md
+- name: Using Azure Active Directory
+  href: using-azure-active-directory.md
 - name: Using Database Mirroring
   href: using-database-mirroring.md
 - name: Using Encryption Without Validation
 
@@ -0,0 +1,240 @@
+---
+title: "Using Azure Active Directory| Microsoft Docs for SQL Server"
+ms.custom: ""
+ms.date: "01/28/2019"
+ms.prod: sql
+ms.prod_service: connectivity
+ms.reviewer: ""
+ms.technology: connectivity
+ms.topic: reference
+author: bazizi
+ms.author: v-beaziz
+---
+# Using Azure Active Directory
+[!INCLUDE[appliesto-ss-asdb-asdw-pdw-md](../../../includes/appliesto-ss-asdb-asdw-pdw-md.md)]
+
+[!INCLUDE[Driver_OLEDB_Download](../../../includes/driver_oledb_download.md)]
+
+## Purpose
+
+Starting with version 18.2.1, Microsoft OLE DB Driver for SQL Server allows OLE DB applications to connect to an instance of Azure SQL Database using a federated identity. The new authentication methods include:
+- Azure Active Directory login ID and password
+- Azure Active Directory access token
+- Azure Active Directory integrated authentication
+- SQL login ID and password
+
+> [!NOTE]  
+> When using the following Azure Active Directory options with the OLE DB driver, ensure that the [Active Directory Authentication Library for SQL Server](https://go.microsoft.com/fwlink/?LinkID=513072) has been installed:
+> - Azure Active Directory login ID and password
+> - Azure Active Directory integrated authentication
+>
+> ADAL isn't  required for the other authentication methods or OLE DB operations.
+
+> [!NOTE]
+> Using the following authentication modes with `DataTypeCompatibility` (or its corresponding property) set to `80` is **not** supported:
+> - Azure Active Directory authentication using login ID and password
+> - Azure Active Directory authentication using access token
+> - Azure Active Directory integrated authentication
+
+## New connection string keywords and properties
+The following connection string keywords have been introduced to support Azure Active Directory authentication:
+
+|Connection keyword|Connection property|Description|
+|---               |---                |---        |
+|Access Token|SSPROP_AUTH_ACCESS_TOKEN|Specifies an access token to authenticate to Azure Active Directory. |
+|Authentication|SSPROP_AUTH_MODE|Specifies authentication method to use.|
+
+For more information about the new keywords/properties, see the following pages:
+- [Using Connection String Keywords with OLE DB Driver for SQL Server](../applications/using-connection-string-keywords-with-oledb-driver-for-sql-server.md)
+- [Initialization and Authorization Properties](../ole-db-data-source-objects/initialization-and-authorization-properties.md)
+
+## New encryption and certificate validation behavior
+This section discusses the changes in encryption and certificate validation behavior. These changes are **only** effective when using the new Authentication or Access Token connection string keywords (or their corresponding properties).
+
+### Encryption
+To improve security, when the new connection properties/keywords are used, the driver overrides the default encryption value by setting it to `yes`. Overriding happens at data source object initialization time. If encryption is set before initialization by any means, the value is respected and not overridden.
+
+> [!NOTE]   
+> In ADO applications and in applications that obtain the `IDBInitialize` interface through `IDataInitialize::GetDataSource`, the Core Component implementing the interface explicitly sets encryption to its default value of `no`. As a result, the new authentication properties/keywords respect this setting and the encryption value **isn't** overridden. Therefore, it is **recommended** that these applications explicitly set `Use Encryption for Data=true` to override the default value.
+
+### Certificate validation
+To improve security, the new connection properties/keywords respect the `TrustServerCertificate` setting (and its corresponding connection string keywords/properties) **independently of the client encryption setting**. As a result, server certificate is validated by default.
+
+> [!NOTE]   
+> Certificate validation can also be controlled through the `Value` field of the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SNI18.0\GeneralFlags\Flag2` registry entry. Valid values are `0` or `1`. The OLE DB driver chooses the most secure option between the registry and the connection property/keyword settings. That is, the driver will validate the server certificate as long as at least one of the registry/connection settings enables server certificate validation.
+
+## GUI additions for Azure Active Directory
+The driver graphical user interface has been enhanced to allow Azure Active Directory authentication. For more information, see:
+- [SQL Server Login Dialog](../help-topics/sql-server-login-dialog.md)
+- [Universal Data Link (UDL) Configuration](../help-topics/data-link-pages.md)
+
+## Example connection strings
+This section shows examples of new and existing connection string keywords to be used with `IDataInitialize::GetDataSource` and `DBPROP_INIT_PROVIDERSTRING` property.
+
+### SQL authentication
+- Using `IDataInitialize::GetDataSource`:
+    - New:
+        > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Authentication=SqlPassword**;User ID=[username];Password=[password];Use Encryption for Data=true
+    - Deprecated:
+        > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];User ID=[username];Password=[password];Use Encryption for Data=true
+- Using `DBPROP_INIT_PROVIDERSTRING`:
+    - New:
+        > Server=[server];Database=[database];**Authentication=SqlPassword**;UID=[username];PWD=[password];Encrypt=yes
+    - Deprecated:
+        > Server=[server];Database=[database];UID=[username];PWD=[password];Encrypt=yes
+
+### Integrated Windows authentication using Security Support Provider Interface  (SSPI)
+
+- Using `IDataInitialize::GetDataSource`:
+    - New:
+        > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Authentication=ActiveDirectoryIntegrated**;Use Encryption for Data=true
+    - Deprecated:
+        > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Integrated Security=SSPI**;Use Encryption for Data=true
+- Using `DBPROP_INIT_PROVIDERSTRING`:
+    - New:
+        > Server=[server];Database=[database];**Authentication=ActiveDirectoryIntegrated**;Encrypt=yes
+    - Deprecated:
+        > Server=[server];Database=[database];**Trusted_Connection=yes**;Encrypt=yes
+
+### AAD username and password authentication using ADAL
+
+- Using `IDataInitialize::GetDataSource`:
+    > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Authentication=ActiveDirectoryPassword**;User ID=[username];Password=[password];Use Encryption for Data=true
+- Using `DBPROP_INIT_PROVIDERSTRING`:
+    > Server=[server];Database=[database];**Authentication=ActiveDirectoryPassword**;UID=[username];PWD=[password];Encrypt=yes
+
+### Integrated Azure Active Directory authentication using ADAL
+
+- Using `IDataInitialize::GetDataSource`:
+    > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Authentication=ActiveDirectoryIntegrated**;Use Encryption for Data=true
+- Using `DBPROP_INIT_PROVIDERSTRING`:
+    > Server=[server];Database=[database];**Authentication=ActiveDirectoryIntegrated**;Encrypt=yes
+
+### Azure Active Directory authentication using an access token
+
+- Using `IDataInitialize::GetDataSource`:
+    > Provider=MSOLEDBSQL;Data Source=[server];Initial Catalog=[database];**Access Token=[access token]**;Use Encryption for Data=true
+- Using `DBPROP_INIT_PROVIDERSTRING`:
+    > Providing access token through `DBPROP_INIT_PROVIDERSTRING` isn't supported
+
+## Azure Active Directory authentication code samples
+
+The following samples show the code required to connect to Azure Active Directory with connection keywords. 
+
+### Access Token
+```cpp
+#include <string>
+#include <iostream>
+#include <msdasc.h>
+
+int main()
+{
+    wchar_t azureServer[] = L"server";
+    wchar_t azureDatabase[] = L"mydatabase";
+    wchar_t accessToken[] = L"eyJ0eXAiOi...";
+    IDBInitialize *pIDBInitialize = nullptr;
+    IDataInitialize* pIDataInitialize = nullptr;
+    HRESULT hr = S_OK;
+
+    CoInitialize(nullptr);
+
+    // Construct the connection string.
+    std::wstring connString = L"Provider=MSOLEDBSQL;Data Source=" + std::wstring(azureServer) + L";Initial Catalog=" + 
+                              std::wstring(azureDatabase) + L";Access Token=" + accessToken + L";Use Encryption for Data=true;";
+    hr = CoCreateInstance(CLSID_MSDAINITIALIZE, nullptr, CLSCTX_INPROC_SERVER, 
+                          IID_IDataInitialize, reinterpret_cast<LPVOID*>(&pIDataInitialize));
+    if (FAILED(hr))
+    {
+        std::cout << "Failed to create an IDataInitialize instance." << std::endl;
+        goto Cleanup;
+    }
+    hr = pIDataInitialize->GetDataSource(nullptr, CLSCTX_INPROC_SERVER, connString.c_str(), 
+                                         IID_IDBInitialize, reinterpret_cast<IUnknown**>(&pIDBInitialize));
+    if (FAILED(hr))
+    {
+        std::cout << "Failed to get data source object." << std::endl;
+        goto Cleanup;
+    }
+    hr = pIDBInitialize->Initialize();
+    if (FAILED(hr))
+    {
+        std::cout << "Failed to establish connection." << std::endl;
+        goto Cleanup;
+    }
+
+Cleanup:
+    if (pIDBInitialize)
+    {
+        pIDBInitialize->Uninitialize();
+        pIDBInitialize->Release();
+    }
+    if (pIDataInitialize)
+    {
+        pIDataInitialize->Release();
+    }
+
+    CoUninitialize();
+}
+```
+### Active Directory Integrated
+```cpp
+#include <string>
+#include <iostream>
+#include <msdasc.h>
+
+int main()
+{
+    wchar_t azureServer[] = L"server";
+    wchar_t azureDatabase[] = L"mydatabase";
+    IDBInitialize *pIDBInitialize = nullptr;
+    IDataInitialize* pIDataInitialize = nullptr;
+    HRESULT hr = S_OK;
+
+    CoInitialize(nullptr);
+
+    // Construct the connection string.
+    std::wstring connString = L"Provider=MSOLEDBSQL;Data Source=" + std::wstring(azureServer) + L";Initial Catalog=" + 
+                              std::wstring(azureDatabase) + L";Authentication=ActiveDirectoryIntegrated;Use Encryption for Data=true;";
+
+    hr = CoCreateInstance(CLSID_MSDAINITIALIZE, nullptr, CLSCTX_INPROC_SERVER, 
+                          IID_IDataInitialize, reinterpret_cast<LPVOID*>(&pIDataInitialize));
+    if (FAILED(hr)) 
+    {
+        std::cout << "Failed to create an IDataInitialize instance." << std::endl;
+        goto Cleanup;
+    }
+    hr = pIDataInitialize->GetDataSource(nullptr, CLSCTX_INPROC_SERVER, connString.c_str(), 
+                                         IID_IDBInitialize, reinterpret_cast<IUnknown**>(&pIDBInitialize));
+    if (FAILED(hr))
+    {
+        std::cout << "Failed to get data source object." << std::endl;
+        goto Cleanup;
+    }
+    hr = pIDBInitialize->Initialize();
+    if (FAILED(hr))
+    {
+        std::cout << "Failed to establish connection." << std::endl;
+        goto Cleanup;
+    }
+
+Cleanup:
+    if (pIDBInitialize)
+    {
+        pIDBInitialize->Uninitialize();
+        pIDBInitialize->Release();
+    }
+    if (pIDataInitialize)
+    {
+        pIDataInitialize->Release();
+    }
+
+    CoUninitialize();
+}
+```
+
+## See Also
+[Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow](https://go.microsoft.com/fwlink/?linkid=2072672)
+
+[Token-based authentication support for Azure SQL DB using Azure AD auth](https://go.microsoft.com/fwlink/?linkid=2068937)
+
+[Using Connection String Keywords with OLE DB Driver for SQL Server](../applications/using-connection-string-keywords-with-oledb-driver-for-sql-server.md)
@@ -26,7 +26,7 @@ The Connection tab is provider-specific and displays only the connection propert
 |Option|Description|
 |---   |---        |
 |Select or enter a server name|Select a server name from the drop-down list, or type the location of the server where the database you want to access is located. Selecting the database on the server is a separate action. Update the list by clicking "Refresh".
-|Enter information to sign in to the server|You can select the following authentication options from this drop-down list: <ul><li>`Windows Authentication:` Authentication to SQL Server using the currently logged-in user's account</li><li>`SQL Server Authentication:` Authentication to SQL Server using login ID and password</li><li>`Active Directory - Integrated:` Integrated authentication using the currently logged-in user's account</li><li>`Active Directory - Password:` Active Directory authentication using login ID and password</li></ul>|
+|Enter information to sign in to the server|You can select the following authentication options from this drop-down list: <ul><li>`Windows Authentication:` Authentication to SQL Server using the currently logged-in user's Windows account credentials.</li><li>`SQL Server Authentication:` Authentication to SQL Server using login ID and password.</li><li>`Active Directory - Integrated:` Integrated authentication using the currently logged-in user's Windows account credentials.</li><li>`Active Directory - Password:` Active Directory authentication using login ID and password.</li></ul>|
 |Server SPN|If you use a trusted connection, you can specify a service principal name (SPN) for the server.|
 |User name|Type the User ID to use for authentication when you sign in to the data source.|
 |Password|Type the password to use for authentication when you sign in to the data source.|
 
@@ -28,7 +28,7 @@ When you attempt to connect without specifying enough information, the OLE DB dr
 |Option|Description|
 |---   |---        |
 |Server|The name of an instance of SQL Server on your network. Select a server\instance name from the list, or type the server\instance name in the **Server** box. Optionally, you can create a server alias on the client computer using **SQL Server Configuration Manager**, and type that name in the **Server** box. <br/><br/>You can enter "(local)" when you are using the same computer as SQL Server. You can then connect to a local instance of SQL Server, even when running a non-networked version of SQL Server.<br/><br/>For more information about server names for different types of networks, see [SQL Server Installation](https://go.microsoft.com/fwlink/?linkid=2067541).|
-|Authentication Mode|You can select the following authentication options from the drop-down list:<br/><ul><li>`Windows Authentication:` Authentication to SQL Server using the currently logged-in user's Windows account credentials</li><li>`SQL Server Authentication:` Authentication to SQL Server using login ID and password</li><li>`Active Directory - Integrated:` Integrated authentication using the currently logged-in user's Windows account credentials</li><li>`Active Directory - Password:` Active Directory authentication using login ID and password</li></ul>|
+|Authentication Mode|You can select the following authentication options from the drop-down list:<br/><ul><li>`Windows Authentication:` Authentication to SQL Server using the currently logged-in user's Windows account credentials.</li><li>`SQL Server Authentication:` Authentication to SQL Server using login ID and password.</li><li>`Active Directory - Integrated:` Integrated authentication using the currently logged-in user's Windows account credentials.</li><li>`Active Directory - Password:` Active Directory authentication using login ID and password.</li></ul>|
 |Server SPN|If you use a trusted connection, you can specify a service principal name (SPN) for the server.|
 |Login ID|Specifies the login ID to use for the connection. The Login ID text box is only enabled if `Authentication Mode` is set to `SQL Server Authentication` or `Active Directory - Password`.|
 |Password|Specifies the password used for the connection. The password text box is only enabled if `Authentication Mode` is set to `SQL Server Authentication` or `Active Directory - Password`.|
@@ -47,3 +47,6 @@ When you attempt to connect without specifying enough information, the OLE DB dr
 
 > [!NOTE]  
 > When using `Windows Authentication` or `SQL Server Authentication` modes, **Trust server certificate** is considered only when the **Use strong encryption for data** option is enabled.
+
+## See Also
+[Using Azure Active Directory](../features/using-azure-active-directory.md)