Merge pull request #36006 from MicrosoftDocs/main

Auto Publish – main to live - 2025-12-04 23:30 UTC

Author: learn-build-service-prod[bot]

azure-sql/includes/virtual-machines-best-practices-security.md

@@ -31,4 +31,4 @@ SQL Server features and capabilities provide methods of securing data at the dat
 - Use [Azure Policy](/azure/governance/policy/overview) to create business rules that can be applied to your environment. Azure Policies evaluate Azure resources by comparing the properties of those resources against rules defined in JSON format.
 - Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints are [different than Azure Policies](/azure/governance/blueprints/overview#how-its-different-from-azure-policy).
 - Use Windows Server 2019 or Windows Server 2022 to be [FIPS](../virtual-machines/windows/security-considerations-best-practices.md#fips-compliance) compliant with SQL Server on Azure VMs. 
-
+- Treat restoring backups as a high-risk operation and [never restore a backup from an untrusted source](../virtual-machines/windows/security-considerations-best-practices.md#security-risk-of-restoring-backups-from-untrusted-sources). 

azure-sql/managed-instance/recovery-using-backups.md

@@ -5,7 +5,7 @@ description: Learn about point-in-time restore, which enables you to roll back a
 author: dinethi
 ms.author: dinethi
 ms.reviewer: wiassaf, mathoma, strrodic, mlandzic
-ms.date: 07/10/2025
+ms.date: 12/05/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: backup-restore
 ms.topic: how-to
@@ -211,6 +211,10 @@ It's essential to acknowledge that geo-restore serves as an appropriate disaster
 
 For more information about business continuity choices, see [Overview of business continuity](../database/business-continuity-high-availability-disaster-recover-hadr-overview.md).
 
+## Security risk of restoring backups from untrusted sources
+
+[!INCLUDE [backup-restore-security-risk](../../docs/includes/backup-restore-security-risk.md)]
+
 ## Limitations
 
 Consider the following limitations when working with backups and Azure SQL Managed Instance: 

azure-sql/virtual-machines/windows/backup-restore.md

@@ -4,10 +4,10 @@ description: Describes backup and restore considerations for SQL Server database
 author: AbdullahMSFT
 ms.author: amamun
 ms.reviewer: mathoma, randolphwest
-ms.date: 09/17/2025
+ms.date: 12/05/2025
 ms.service: azure-vm-sql-server
 ms.subservice: backup
-ms.topic: conceptual
+ms.topic: article
 tags: azure-resource-management
 ---
 # Backup and restore for SQL Server on Azure VMs
@@ -137,6 +137,10 @@ The following table summarizes the capabilities of each backup and restore optio
 | Monitor backup jobs with SSMS or Transact-SQL scripts | Yes | Yes | Yes |
 | Restore databases with SSMS or Transact-SQL scripts | Yes | No | Yes |
 
+## Security risk of restoring backups from untrusted sources
+
+[!INCLUDE [backup-restore-security-risk](../../../docs/includes/backup-restore-security-risk.md)]
+
 ## Related content
 
 If you're planning your deployment of SQL Server on Azure VM, you can find provisioning guidance in the following guide: [How to provision a Windows SQL Server virtual machine in the Azure portal](create-sql-vm-portal.md).

azure-sql/virtual-machines/windows/security-considerations-best-practices.md

@@ -4,7 +4,7 @@ description: This article provides general guidance for securing SQL Server runn
 author: dplessMSFT
 ms.author: dpless
 ms.reviewer: mathoma, randolphwest
-ms.date: 09/16/2025
+ms.date: 12/05/2025
 ms.service: azure-vm-sql-server
 ms.subservice: security
 ms.topic: best-practice
@@ -205,6 +205,10 @@ To be FIPS compliant with SQL Server on Azure VMs, you should be on Windows Serv
 
 SQL Server isn't currently FIPS compliant on Linux Azure VMs.
 
+## Security risk of restoring backups from untrusted sources
+
+[!INCLUDE [backup-restore-security-risk](../../../docs/includes/backup-restore-security-risk.md)]
+
 ## Related content
 
 Review the security best practices for [SQL Server](/sql/relational-databases/security/) and [Azure VMs](/azure/virtual-machines/security-recommendations), and then review this article for the best practices that apply to SQL Server on Azure VMs specifically.

docs/includes/backup-restore-security-risk.md

@@ -0,0 +1,28 @@
+---
+author: MashaMSFT
+ms.author: mathoma
+ms.date: 12/05/2025
+ms.service: sql
+ms.topic: include
+---
+This section outlines the security risk associated with restoring backups from untrusted sources to any SQL Server environment, including on-premises, Azure SQL Managed Instance, SQL Server on Azure Virtual Machines (VMs) and any other environment.
+
+### Why this matters 
+
+Restoring SQL backup files (`.bak`) introduces a potential risk if the backup originates from an untrusted source. The security risk is exacerbated further when a SQL Server environment has multiple instances, as it amplifies the area of threat. While backups that remain within a trusted boundary pose no security issue, restoring a malicious backup can compromise the security of the entire environment.
+
+A malicious `.bak` file can: 
+- Take over the entire SQL Server instance.
+- Escalate privileges and gain unauthorized access to the underlying host or virtual machine.
+
+This attack occurs before any validating scripts or security checks can execute, which makes it extremely dangerous. Restoring an untrusted backup is equivalent to running untrusted applications on a critical server or virtual machine, and introducing arbitrary code execution into your environment. 
+
+### Best practices
+
+Follow these backup security best practices to reduce the threat to your SQL Server environments: 
+- Treat restoring backups as a high-risk operation.
+- Reduce the threat service area by using isolated instances.
+- Only allow trusted backups: never restore backups from unknown or external sources.
+- Only allow backups that have remained within a trusted boundary: ensure backups originate from within the trusted boundary.
+- Do not bypass security controls for convenience.
+- Enable [server-level auditing](/sql/t-sql/statements/create-server-audit-specification-transact-sql) to capture backup and restore events and mitigate audit evasion.

docs/linux/includes/editions-sql-server-2025-later-versions.md

@@ -11,9 +11,9 @@ ms.custom:
 | --- | --- |
 | `Evaluation` | SQL Server Evaluation edition |
 | `Express` | SQL Server Express edition |
-| `StandardDeveloper` | SQL Server Developer edition |
+| `StandardDeveloper`<br /><br />(For containers, use `DeveloperStandard`) | SQL Server Standard Developer edition |
 | `Standard` | SQL Server Standard edition |
-| `EnterpriseDeveloper` | SQL Server Developer edition |
+| `EnterpriseDeveloper`<br /><br />(For containers, use `Developer`) | SQL Server Enterprise Developer edition |
 | `Enterprise` | This legacy option represents Enterprise edition Server + Client Access License (CAL) based licensing, and is limited to a maximum of 20 cores per SQL Server instance. `Enterprise` isn't available for new agreements. You should choose `EnterpriseCore` when you wish to deploy Enterprise edition. |
 | `EnterpriseCore` | SQL Server Enterprise Core edition. `EnterpriseCore` represents the core-based server licensing model with no core limits. For more information, see [Compute capacity limits by edition of SQL Server](../../sql-server/compute-capacity-limits-by-edition-of-sql-server.md). |
 | `A product key` | If you specify a product key, it must be in the form of `#####-#####-#####-#####-#####`, where `#` is a number or a letter. |

docs/relational-databases/backup-restore/back-up-and-restore-of-sql-server-databases.md

@@ -3,10 +3,10 @@ title: "Back up and Restore of SQL Server Databases"
 description: This article describes the benefits of backing up SQL Server databases and introduces backup and restore strategies and security considerations.
 author: MashaMSFT
 ms.author: mathoma
-ms.date: 08/25/2025
+ms.date: 12/05/2025
 ms.service: sql
 ms.subservice: backup-restore
-ms.topic: conceptual
+ms.topic: article
 ms.update-cycle: 1825-days
 helpviewer_keywords:
   - "disaster recovery [SQL Server], see restoring [SQL Server]"
@@ -173,6 +173,10 @@ Use advanced features like `BACKUP CHECKSUM` to detect problems with the backup
 We recommend that you document your backup and restore procedures and keep a copy of the documentation in your run book.
 We also recommend that you maintain an operations manual for each database. This operations manual should document the location of the backups, backup device names (if any), and the amount of time that is required to restore the test backups.
 
+## Security risk of restoring backups from untrusted sources
+
+[!INCLUDE [backup-restore-security-risk](../../includes/backup-restore-security-risk.md)]
+
 ## Monitor progress with XEvent
 
 Backup and restore operations can take a considerable amount of time due to the size of a database and the complexity of the operations involved. When issues arise with either operation, you can use the `backup_restore_progress_trace` extended event to monitor progress live. For more information about extended events, see [Extended Events overview](../extended-events/extended-events.md).

docs/t-sql/statements/alter-database-transact-sql-set-options.md

@@ -624,6 +624,9 @@ Controls the date_correlation_optimization option.
 
   [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] maintains correlation statistics where a FOREIGN KEY constraint links any two tables in the database and the tables have **datetime** columns.
 
+  Enabling `DATE_CORRELATION_OPTIMIZATION` increases the attack surface area when restoring [untrusted backup](../../relational-databases/backup-restore/back-up-and-restore-of-sql-server-databases.md#security-risk-of-restoring-backups-from-untrusted-sources) as the optimizer executes those objects with elevated privileges.
+
+
 - OFF
 
   Correlation statistics aren't maintained.