Merge pull request #306649 from MicrosoftDocs/main

Auto Publish – main to live - 2025-10-08 11:00 UTC

Author: learn-build-service-prod[bot]

articles/backup/scripts/backup-powershell-script-find-recovery-services-vault.md

@@ -2,7 +2,7 @@
 title: PowerShell Script - find Vault for Storage Account
 description: Learn how to use an Azure PowerShell script to find the Recovery Services vault where your storage account is registered.
 ms.topic: sample
-ms.date: 10/20/2024
+ms.date: 10/08/2025
 ms.service: azure-backup
 ms.custom: devx-track-azurepowershell
 author: AbhishekMallick-MS
@@ -14,7 +14,7 @@ ms.author: v-mallicka
 
 This script helps you to find the Recovery Services vault where your storage account is registered.
 
-## Sample script
+ ## Sample script to find the Recovery Services vault
 
 ```powershell
 Param(
@@ -47,9 +47,11 @@ if(!$found)
 }
 ```
 
-## How to execute the script
+## Execute the script to find the Recovery Services vault
 
-1. Save the script above on your machine with a name of your choice. In this example, we saved it as *FindRegisteredStorageAccount.ps1*.
+To execute the script for finding the Recovery Services vault where your storage account is registered, follow these steps:
+
+1. Save the preceding script on your machine with a name of your choice. In this example, we saved it as *FindRegisteredStorageAccount.ps1*.
 2. Execute the script by providing the following parameters:
 
     * **-ResourceGroupName** - Resource Group of the storage account
@@ -62,9 +64,9 @@ The following example tries to find the Recovery Services vault where the *afsac
 .\FindRegisteredStorageAccount.ps1 -ResourceGroupName AzureFiles -StorageAccountName afsaccount -SubscriptionId aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
 ```
 
-## Output
+## Output of the script
 
-The output will display the complete path of the Recovery Services vault where the storage account is registered. Here is a sample output:
+The output shows the complete path of the Recovery Services vault where the storage account is registered. Here's a sample output:
 
 ```output
 Found Storage account afsaccount registered in vault: /subscriptions/ aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/azurefiles/providers/Microsoft.RecoveryServices/vaults/azurefilesvault123

articles/migrate/tutorial-discover-mysql-database-instances.md

@@ -11,7 +11,7 @@ monikerRange:
 # Customer intent: As a database administrator, I want to discover MySQL database instances in my datacenter using an agentless solution, so that I can assess and manage my databases efficiently before migrating to the cloud.
 ---
 
-# Tutorial: Discover MySQL database instances running in your datacenter (preview)
+# Discover MySQL database instances running in your datacenter (preview)
 
 
 This article describes how to discover MySQL database instances running on servers in your datacenter, using **Azure Migrate appliance**. The discovery process is agentless; no agents are installed on the target servers. 
@@ -53,7 +53,7 @@ The following table lists the regions that support MySQL Discovery and Assessmen
 
 1. Open the appliance configuration manager, complete the prerequisite checks and registration of the appliance.
 2. Navigate to the Manage credentials and discovery sources panel.
-1. In Step 3: Select **MySQL authentication** credential type, provide a friendly name, input the MySQL username, and password and select **Save**.
+3. In Step 3: Select **MySQL authentication** credential type, provide a friendly name, input the MySQL username, and password and select **Save**.
 
    > [!NOTE]
    > - Ensure that the user corresponding to the added MySQL credentials have the following privileges: 
@@ -69,6 +69,55 @@ The following table lists the regions that support MySQL Discovery and Assessmen
    >  GRANT SELECT ON information_schema.* TO 'username'@'ip';
    >  GRANT SELECT ON performance_schema.* TO 'username'@'ip';  
 
+To enable Discovery and Assessment in Azure Migrate, you can create a custom MySQL user account with the minimum required permissions. Use the following script to create the account and grant access from the appliance machine. 
+- CREATE USER privilege → to create the new user.
+- GRANT OPTION privilege → to grant privileges to the new user.
+- SELECT on mysql.user → required for the existence check.
+- PROCESS privilege → if you want to verify process-related grants after creation.
+
+```
+
+-- MySQL Script to Create a Least-Privilege User for Azure Migrate
+-- Replace @username, @password, and @ip with actual values before execution.
+
+SET @username = 'your_username';
+SET @password = 'your_password';
+SET @ip = 'your_appliance_ip';
+
+-- Check if the user already exists
+SELECT CASE
+    WHEN EXISTS (SELECT 1 FROM mysql.user WHERE user = @username AND host = @ip)
+        THEN CONCAT('User ', @username, '@', @ip, ' already exists, skipping creation')
+    ELSE
+        CONCAT('User ', @username, '@', @ip, ' does not exist, proceeding with creation')
+END AS user_check;
+
+-- Create the user if not exists
+CREATE USER IF NOT EXISTS @username@'@ip' IDENTIFIED BY @password;
+
+-- Grant minimal required privileges
+GRANT USAGE ON *.* TO @username@'@ip';
+GRANT PROCESS ON *.* TO @username@'@ip';
+
+-- Grant SELECT on specific columns in mysql.user
+GRANT SELECT (User, Host, Super_priv, File_priv, Create_tablespace_priv, Shutdown_priv)
+ON mysql.user TO @username@'@ip';
+
+-- Grant SELECT on information_schema and performance_schema
+GRANT SELECT ON information_schema.* TO @username@'@ip';
+GRANT SELECT ON performance_schema.* TO @username@'@ip';
+
+-- Apply changes
+FLUSH PRIVILEGES;
+
+-- Log success
+SELECT CONCAT('Azure Migrate user ', @username, '@', @ip, ' created successfully with least privileges.') AS result;
+```
+Execute the script using the following command through your MySQL client.
+```
+mysql -u root -p -e "SET @username='myuser'; SET @password='mypassword'; SET @ip='appliance_ip'; SOURCE CreateUser.sql;"
+```
+
 You can review the discovered MySQL databases after around 24 hours of discovery initiation, through the **Discovered servers** view. To expedite the discovery of your MySQL instances follow the steps:
 
 - After adding the MySQL credentials on the appliance configuration manager restart the discovery services on appliance.

articles/migrate/vm-assessment-properties.md

@@ -20,8 +20,8 @@ This section describes the components that are part of an assessment.
 
 | **Setting Category**  | **Setting** | **Details** |                
 |-------------------|---------|--------  |                                                     
-| **Target settings**   | **Target VM series**         | The Azure VM series that you want to consider for rightsizing. For example, if you don't have a production environment that needs A-series VMs in Azure, you can exclude A-series from the list of series. The availability of VM series depends on the target location selected. [Learn more](/azure/virtual-machines/sizes/overview?branch=main&branchFallbackFrom=release-migrate-new-structure&tabs=breakdownseries,generalsizelist,computesizelist,memorysizelist,storagesizelist,gpusizelist,fpgasizelist,hpcsizelist). |
-| **Target settings**   | **Target storage disk**      | Specifies the type of target storage disk as Premium-managed, Standard HDD-managed, Standard SSD-managed, or Ultra disk. <br> **Premium or Standard or Ultra disk**: The assessment recommends a disk SKU within the storage type selected. <br>If you want a single-instance VM service level agreement (SLA) of 99.9%, consider using Premium-managed disks. This ensures that all disks are recommended as Premium-managed disks. <br> If you're looking to run data-intensive workloads that need high throughput, high IOPS, and consistent low latency disk storage, consider using Ultra disks. <br> Azure Migrate supports only Managed disks for migration assessment.  |
+| **Target settings**   | **Target VM series**         | The Azure VM series that you want to consider for rightsizing. B-Series VM families are not selected by default in case the _Production_ environment type is selected in general settings. In case you want to assess the VMs in the assessment scope for burstable VM targets add them explicitly [Learn more](https://learn.microsoft.com/azure/virtual-machines/sizes/general-purpose/b-family). Cobalt 100 VMs will only be recommended in case the on-premises VMs are on ARM64 CPU architecture [Learn more](https://learn.microsoft.com/azure/virtual-machines/sizes/cobalt-overview). For example, if you don't have a production environment that needs A-series VMs in Azure, you can exclude A-series from the list of series. The availability of VM series depends on the target location selected. [Learn more](/azure/virtual-machines/sizes/overview?branch=main&branchFallbackFrom=release-migrate-new-structure&tabs=breakdownseries,generalsizelist,computesizelist,memorysizelist,storagesizelist,gpusizelist,fpgasizelist,hpcsizelist). |
+| **Target settings**   | **Target storage disk**      | Specifies the type of target storage disk as Premium-managed, Standard HDD-managed, Standard SSD-managed, or Ultra disk. If you want a single-instance VM service level agreement (SLA) of 99.9%, consider using Premium-managed disks. This ensures that all disks are recommended as Premium-managed disks. <br> If you're looking to run data-intensive workloads that need high throughput, high IOPS, and consistent low latency disk storage, consider using Ultra disks. <br> Azure Migrate supports only Managed disks for migration assessment.  |
 | **Right-Sizing**      | **Sizing criteria**          | This attribute is used for right-sizing the target recommendations. <br> Use **as-is on-premises** sizing if you don't want to right size the targets and identify the targets according to your configuration for on-premises workloads. Use **performance-based** sizing to calculate compute recommendation based on CPU and memory utilization data and storage recommendation based on the input/output operations per second (IOPS) and throughput of the on-premises disks.  |
 | | **VM uptime** | The duration in days per month and hours per day for Azure VMs that won't run continuously. Cost estimates are based on that duration. The default values are 31 days per month and 24 hours per day. | 
 | | **Azure Hybrid Benefit**| Specifies whether you have software assurance and are eligible for [Azure Hybrid Benefit](https://azure.microsoft.com/pricing/hybrid-benefit/) to use your existing OS licenses. For Azure VM assessments, you can bring in both Windows and Linux licenses. If the setting is enabled, Azure prices for selected operating systems aren't considered for VM costing.  |
@@ -31,4 +31,4 @@ This section describes the components that are part of an assessment.
 > * In Azure Government, it is recommended to review the [[supported target](supported-geographies.md)] assessment locations. VM size recommendations in assessments will use the VM series specifically designed for Government Cloud regions.  [Learn more](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?regions=usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-iowa,usgov-texas,usgov-virginia&products=virtual-machines).
 
 ## Next Steps
-[Review](best-practices-assessment.md) the best practices for creating an assessment with Azure Migrate. 
+[Review](best-practices-assessment.md) the best practices for creating an assessment with Azure Migrate. 

articles/sentinel/billing.md

@@ -67,25 +67,22 @@ There are two ways to pay for the analytics tier: **Pay-As-You-Go** and **Commit
 
 #### Data lake tier
 
-Microsoft Sentinel data lake tier is a cost-effective option for ingesting high volume, low fidelity data. They're charged at a flat, low rate per gigabyte (GB). The data lake tier provides querying and jobs scheduling capabilities and, once enabled, mirrors all eligible data available in the analytics tier.
-
-For more information, see [Microsoft Sentinel data lake](datalake/sentinel-lake-overview.md)  
+To learn more about the Microsoft Sentinel data lake, see [Microsoft Sentinel data lake](datalake/sentinel-lake-overview.md).
 
 The data lake tier incurs charges based on usage of various data lake capabilities. 
 - **Data lake ingestion** is charged per GB for all data ingested into tables with retention set to data lake tier only. Data lake ingestion charges don't apply when data is ingested into tables with retention set to include both analytic and data lake tiers.
 - **Data processing** is charged per GB for data ingested into tables with retention set to data lake tier only. It supports transformations like redaction, splitting, filtering, and normalization. Data processing charges don't apply when data is ingested into tables with retention set to include both analytic and data lake tiers.
-- **Data lake storage** charges are applied per GB per month for any data that remains in the data lake tier after the analytic tier retention period ends. Charges are based on data compressed at a 6X rate. For example, if you retain 600 GB of raw data, it's billed as 100 GB of compressed data.
+- **Data lake storage** charges are applied per GB per month for any data that remains in the data lake tier after the analytic tier retention period ends. Charges are based on a simple and uniform data compression rate of 6:1. For example, if you retain 600 GB of raw data, it's billed as 100 GB of compressed data.
 - **Data lake query** charges apply per GB of uncompressed data analyzed using Kusto Query Language (KQL) queries or KQL jobs.
 - **Advanced data insights** charges apply per compute hour used when using data lake exploration notebook sessions or running data lake exploration notebook jobs. Compute hours are calculated by multiplying the number of cores in the pool selected for the notebook with the amount of time a session was active or a job was running. Data lake notebook sessions and jobs are available in pools of four, eight, and 16 cores.
 
 Once onboarded, usage from Microsoft Sentinel workspaces begins to be billed through the previously described meters rather than existing long-term retention (formerly known as Archive), search, or auxiliary logs ingestion meters.
 
 > [!IMPORTANT]
-> Existing Microsoft Sentinel customers currently using and billed for auxiliary logs ingestion, long-term retention, and search will see charges transition to the new data lake ingestion, data lake storage, and data lake query meters, respectively once they onboard to Microsoft Sentinel data lake. Pricing from previous meters doesn't carry over. For more information on pricing, see [Microsoft Sentinel pricing](https://azure.microsoft.com/pricing/details/microsoft-sentinel/).
+> Existing Microsoft Sentinel customers currently using and billed for auxiliary logs ingestion, long-term retention, and search will see charges transition to the new data lake ingestion, data lake storage, and data lake query meters respectively, once they onboard to Microsoft Sentinel data lake. Pricing from previous meters doesn't carry over. For more information on pricing, see [Microsoft Sentinel pricing](https://azure.microsoft.com/pricing/details/microsoft-sentinel/).
 
 For customers that haven't onboarded to Microsoft Sentinel data lake and are currently using auxiliary or basic logs, see [Manage data retention in a Log Analytics workspace](/azure/azure-monitor/logs/data-retention-archive) and [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/) for relevant information.
 
-  
 ### Simplified pricing tiers
 
 Simplified pricing tiers combine the data analysis costs for Microsoft Sentinel and ingestion storage costs of Log Analytics into a single pricing tier. The following screenshot shows the simplified pricing tier that all new workspaces use.

articles/sentinel/includes/sap-agentless-prerequisites.md

@@ -9,8 +9,9 @@ ms.topic: include
 **To run the tool**:
 
 1. Open the integration package, navigate to the artifacts tab, and select the **Prerequisite checker** iflow > **Configure**.
-1. Set the target RFC destination to the SAP system you want to check.
-1. Deploy the iflow as you would otherwise for your SAP systems. For example, use the following sample PowerShell script, modifying the sample placeholder values for your environment:
+1. Set the target destination name for the remote function call (RFC) to the SAP system you want to check. For example, `A4H-100-Sentinel-RFC`.
+1. Deploy the iflow as you would otherwise for your SAP systems.
+1. Trigger the iflow from any REST client. For example, use the following sample PowerShell script, modifying the sample placeholder values for your environment:
 
     ```powershell
     $cpiEndpoint = "https://my-cpi-uri.it-cpi012-rt.cfapps.eu01-010.hana.ondemand.com" # CPI endpoint URL
@@ -37,4 +38,6 @@ ms.topic: include
     Write-Host $response.RawContent
     ```
 
-Make sure that the prerequisites checker runs successfully before connecting to Microsoft Sentinel.
+Make sure that the prerequisites checker runs successfully (status code 200) with no warnings on the response output before connecting to Microsoft Sentinel.
+
+If any findings, consult the response details for guidance on remediation steps. Legacy SAP systems often require extra SAP notes. Furthermore, see the [troubleshooting section](../sap/sap-deploy-troubleshoot.md) for common issues and resolutions.

articles/sentinel/sap/preparing-sap.md

@@ -203,11 +203,11 @@ This procedure has steps both in Microsoft Sentinel and your SAP system, and req
         1. Download the [integration package](https://aka.ms/SAPAgentlessPackage) and upload it to your SAP Integration Suite. For more information, see the [SAP documentation](https://help.sap.com/docs/integration-suite/sap-integration-suite/importing-integration-packages).
         1. Open the package and go to the **Artifacts** tab. Then select the **Data Collector** configuration. For more information, see the [SAP documentation](https://help.sap.com/docs/integration-suite/sap-integration-suite/importing-integration-packages).
         1. Configure the integration flow with the **LogIngestionURL** and the **DCRImmutableID**.
-        1. Deploy the i-flow using SAP Cloud Integration as the runtime service.
+        1. Deploy the iflow using SAP Cloud Integration as the runtime service.
 
 
 ## Run the prerequisite checker
-1. The **Prerequisite checker** iflow is included in the package. We recommend running this iflow before continuing to the next step to ensure that your SAP system meets the system prerequisites.
+1. The **Prerequisite checker** iflow is included in the package. We recommend running this iflow **manually** before continuing to the next step to ensure that your SAP system meets the system prerequisites before attempting integration from Microsoft Sentinel.
 
     [!INCLUDE [sap-agentless-prerequisites](../includes/sap-agentless-prerequisites.md)]
 

articles/storage/blobs/TOC.yml

@@ -529,10 +529,13 @@ items:
         href: ../common/storage-failover-customer-managed-unplanned.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
       - name: Initiate account failover
         href: ../common/storage-initiate-account-failover.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
+      - name: Failover FAQs
+        href: ../common/storage-failover-faq.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
       - name: Check the Last Sync Time property
         href: ../common/last-sync-time-get.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
       - name: Failover considerations for storage accounts with private endpoints
         href: ../common/storage-failover-private-endpoints.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
+
   - name: Performance and scale
     items:
     - name: Performance and scalability checklist