Move recommendation to include file.

Add deprecation in PHP back in

Author: David-Engel

docs/connect/ado-net/sql/azure-active-directory-authentication.md

@@ -51,14 +51,13 @@ When the application is connecting to Azure SQL data sources by using Microsoft
 | Active Directory Managed Identity, <br>Active Directory MSI | Authenticate using a Microsoft Entra system-assigned or user-assigned managed identity | 2.1.0+ |
 | Active Directory Default | Authenticate with a Microsoft Entra identity by using password-less and non-interactive mechanisms including managed identities, Visual Studio Code, Visual Studio, Azure CLI, etc. | 3.0.0+ |
 | Active Directory Workload Identity | Authenticate with a Microsoft Entra identity by using a federated User Assigned Managed Identity to connect to SQL Database from Azure client environments that are enabled for Workload Identity. | 5.2.0+ |
-| Active Directory Password [DEPRECATED] | Authenticate with a Microsoft Entra identity's username and password.<br/><br/>Active Directory Password is deprecated. Migrate to multifactor authentication (Active Directory Interactive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication). | 1.0+ |
+| Active Directory Password [DEPRECATED] | Authenticate with a Microsoft Entra identity's username and password.<br/><br/>Active Directory Password is deprecated. For more information, see [Using password authentication](#using-password-authentication). | 1.0+ |
 
 <sup>1</sup> Before **Microsoft.Data.SqlClient** 2.0.0, `Active Directory Integrated`, and `Active Directory Interactive` authentication modes are supported only on .NET Framework.
 
 ## Using password authentication
 
-> [!NOTE]
-> ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
+[!INCLUDE [entra-password-auth-deprecation](../../../includes/entra-password-auth-deprecation.md)]
 
 `Active Directory Password` authentication mode supports authentication to Azure data sources with Microsoft Entra ID for native or federated Microsoft Entra users. When you're using this mode, user credentials must be provided in the connection string. The following example shows how to use `Active Directory Password` authentication.
 

docs/connect/jdbc/connecting-using-azure-active-directory-authentication.md

@@ -38,7 +38,7 @@ Connection properties to support Microsoft Entra authentication in the Microsoft
   - **ActiveDirectoryServicePrincipalCertificate**
     - Since driver version 12.4, `authentication=ActiveDirectoryServicePrincipalCertificate` can be used to connect to an Azure SQL Database/Synapse Analytics by specifying the application/client ID in the userName property and the location of the Service Principal certificate in the `clientCertificate` property. For more information, see [Connect using ActiveDirectoryServicePrincipalCertificate authentication mode](#connect-using-activedirectoryserviceprincipalcertificate-authentication-mode).
   - **ActiveDirectoryPassword [DEPRECATED]**
-    - ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
+    - ActiveDirectoryPassword is deprecated. For more information, see [Connect using ActiveDirectoryPassword authentication mode](#connect-using-activedirectorypassword-authentication-mode).
     - Since driver version 6.0, `authentication=ActiveDirectoryPassword` can be used to connect to Azure SQL/Synapse Analytics with Microsoft Entra username and password. For more information, see [Connect using ActiveDirectoryPassword authentication mode](#connect-using-activedirectorypassword-authentication-mode).
 
   - **SqlPassword**
@@ -359,8 +359,7 @@ Access to a Windows domain-joined machine to query your Kerberos Domain Controll
 
 ## Connect using ActiveDirectoryPassword authentication mode
 
-> [!NOTE]  
-> ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
+[!INCLUDE [entra-password-auth-deprecation](../../includes/entra-password-auth-deprecation.md)]
 
 The following example shows how to use `authentication=ActiveDirectoryPassword` mode.
 

docs/connect/jdbc/setting-the-connection-properties.md

@@ -46,7 +46,7 @@ The following table lists all the currently available connection string properti
 | accessTokenCallbackClass<br/><br/>String<br/><br/>null | (Version 12.4+) The name of the callback-implementing class to be used with access token callback. |
 | applicationIntent<br/><br/>String<br/><br/>ReadWrite | (Version 6.0+) Declares the application workload type to connect to a server. <br/><br/>Possible values are **ReadOnly** and **ReadWrite**. <br/><br/>For more information about disaster recovery, see [JDBC driver support for High Availability, disaster recovery](jdbc-driver-support-for-high-availability-disaster-recovery.md). |
 | applicationName<br/><br/>String<br/>[&lt;=128 char]<br/><br/>null | The application name, or "Microsoft JDBC Driver for SQL Server" if no name is provided.<br/><br/>Used to identify the specific application in various [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] profiling and logging tools. |
-| authentication<br/><br/>String<br/><br/>NotSpecified | (Version 6.0+) This optional property indicates which authentication method to use for connection. Possible values are **ActiveDirectoryIntegrated**, **ActiveDirectoryManagedIdentity** (version 12.2+), **ActiveDirectoryMSI** (version 7.2+), **ActiveDirectoryInteractive** (version 9.2+), **ActiveDirectoryServicePrincipal** (version 9.2+), **ActiveDirectoryPassword [DEPRECATED]**, **SqlPassword**, and the default **NotSpecified**.<br/><br/> Use **ActiveDirectoryIntegrated** (version 6.0+) to connect to SQL using integrated Windows authentication.<br/><br/> Use **ActiveDirectoryManagedIdentity** (version 12.2+) or **ActiveDirectoryMSI** (version 7.2+) to connect to SQL from inside an Azure Resource. For example, an Azure Virtual Machine, App Service or Function App using managed identity authentication. <br><br>The two types of managed identities supported by the driver when using **ActiveDirectoryManagedIdentity** or **ActiveDirectoryMSI** authentication mode are: <br> 1. *System-Assigned Managed Identity*: Used to acquire **accessToken** by default. <br> 2. *User-Assigned Managed Identity*: Used to acquire **accessToken** if the Client ID of a managed identity is specified with the **msiClientId** connection property.<br/><br/>Use **ActiveDirectoryInteractive** to connect to a database using an interactive authentication flow. <br/><br/>Use **ActiveDirectoryServicePrincipal** (version 9.2+) to connect to a database using the client ID and secret of a service principal identity. Specify client ID in the **userName** property and secret in the **password** property (10.2+). <br/><br/>Use **ActiveDirectoryServicePrincipalCertificate** (version 12.4+) to connect to a database using the client ID and certificate of a service principal identity. Specify client ID in the **userName** property and path to the certificate in the **clientCertificate** property. For more options, see [Connect using ActiveDirectoryServicePrincipalCertificate authentication mode](connecting-using-azure-active-directory-authentication.md#connect-using-activedirectoryserviceprincipalcertificate-authentication-mode).<br/><br/> Use **ActiveDirectoryPassword [DEPRECATED]** to connect to SQL using a Microsoft Entra principal name and password.<br/><br/>ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).<br/><br/> Use **SqlPassword** to connect to SQL using **userName**/**user** and **password** properties.<br/><br/> Use **NotSpecified** if none of these authentication methods are needed.<br/><br/> **Important:**  If authentication is set to ActiveDirectoryIntegrated, the following two libraries must be installed: **mssql-jdbc_auth-\<version>-\<arch>.dll** (available in the JDBC driver package) and Microsoft Authentication Library for SQL Server (**ADAL.DLL**). Microsoft Authentication Library can be installed from [Microsoft ODBC Driver for SQL Server](../odbc/download-odbc-driver-for-sql-server.md) or [Microsoft OLE DB Driver for SQL Server](../oledb/download-oledb-driver-for-sql-server.md). The JDBC driver only supports version **1.0.2028.318 and higher** for ADAL.DLL.<br/><br/> **Note:**  When the authentication property is set to any value other than **NotSpecified**, the driver by default uses Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), encryption.<br/><br/> For information on how to configure Microsoft Entra authentication, see [Use Microsoft Entra authentication](/azure/azure-sql/database/authentication-aad-overview). |
+| authentication<br/><br/>String<br/><br/>NotSpecified | (Version 6.0+) This optional property indicates which authentication method to use for connection. Possible values are **ActiveDirectoryIntegrated**, **ActiveDirectoryManagedIdentity** (version 12.2+), **ActiveDirectoryMSI** (version 7.2+), **ActiveDirectoryInteractive** (version 9.2+), **ActiveDirectoryServicePrincipal** (version 9.2+), **ActiveDirectoryPassword [DEPRECATED]**, **SqlPassword**, and the default **NotSpecified**.<br/><br/> Use **ActiveDirectoryIntegrated** (version 6.0+) to connect to SQL using integrated Windows authentication.<br/><br/> Use **ActiveDirectoryManagedIdentity** (version 12.2+) or **ActiveDirectoryMSI** (version 7.2+) to connect to SQL from inside an Azure Resource. For example, an Azure Virtual Machine, App Service or Function App using managed identity authentication. <br><br>The two types of managed identities supported by the driver when using **ActiveDirectoryManagedIdentity** or **ActiveDirectoryMSI** authentication mode are: <br> 1. *System-Assigned Managed Identity*: Used to acquire **accessToken** by default. <br> 2. *User-Assigned Managed Identity*: Used to acquire **accessToken** if the Client ID of a managed identity is specified with the **msiClientId** connection property.<br/><br/>Use **ActiveDirectoryInteractive** to connect to a database using an interactive authentication flow. <br/><br/>Use **ActiveDirectoryServicePrincipal** (version 9.2+) to connect to a database using the client ID and secret of a service principal identity. Specify client ID in the **userName** property and secret in the **password** property (10.2+). <br/><br/>Use **ActiveDirectoryServicePrincipalCertificate** (version 12.4+) to connect to a database using the client ID and certificate of a service principal identity. Specify client ID in the **userName** property and path to the certificate in the **clientCertificate** property. For more options, see [Connect using ActiveDirectoryServicePrincipalCertificate authentication mode](connecting-using-azure-active-directory-authentication.md#connect-using-activedirectoryserviceprincipalcertificate-authentication-mode).<br/><br/> Use **ActiveDirectoryPassword [DEPRECATED]** to connect to SQL using a Microsoft Entra principal name and password.<br/><br/>ActiveDirectoryPassword is deprecated. For more information, see [Connect using ActiveDirectoryPassword authentication mode](connecting-using-azure-active-directory-authentication.md#connect-using-activedirectorypassword-authentication-mode).<br/><br/> Use **SqlPassword** to connect to SQL using **userName**/**user** and **password** properties.<br/><br/> Use **NotSpecified** if none of these authentication methods are needed.<br/><br/> **Important:**  If authentication is set to ActiveDirectoryIntegrated, the following two libraries must be installed: **mssql-jdbc_auth-\<version>-\<arch>.dll** (available in the JDBC driver package) and Microsoft Authentication Library for SQL Server (**ADAL.DLL**). Microsoft Authentication Library can be installed from [Microsoft ODBC Driver for SQL Server](../odbc/download-odbc-driver-for-sql-server.md) or [Microsoft OLE DB Driver for SQL Server](../oledb/download-oledb-driver-for-sql-server.md). The JDBC driver only supports version **1.0.2028.318 and higher** for ADAL.DLL.<br/><br/> **Note:**  When the authentication property is set to any value other than **NotSpecified**, the driver by default uses Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), encryption.<br/><br/> For information on how to configure Microsoft Entra authentication, see [Use Microsoft Entra authentication](/azure/azure-sql/database/authentication-aad-overview). |
 | authenticationScheme<br/><br/>String<br/><br/>NativeAuthentication | Indicates which kind of integrated security you want your application to use. Possible values are **JavaKerberos**, **NTLM** (version 7.4+), and the default **NativeAuthentication**.<br/><br/> **NativeAuthentication** causes the driver to load `mssql-jdbc_auth-<version>-<arch>.dll` (for example, `mssql-jdbc_auth-8.2.2.x64.dll`) on Windows, which is used to obtain integrated authentication information. <br/><br/>  (The native authentication library loaded is named `sqljdbc_auth.dll` when using driver versions 6.0 through 7.4.) <br/><br/> When using **authenticationScheme=JavaKerberos**, you must specify the fully qualified domain name (FQDN) in the **serverName** or **serverSpn** property. Otherwise, an error occurs (Server not found in Kerberos database).<br/><br/> For more information about using **authenticationScheme=JavaKerberos**, see [Using Kerberos integrated authentication to connect to SQL Server](using-kerberos-integrated-authentication-to-connect-to-sql-server.md). <br/><br/> When using **authenticationScheme=NTLM**, you must specify the Windows domain by using the **domain** or **domainName** property, the Windows credentials in the **user** or **userName** property, and the **password** property. Otherwise, an error occurs (connection properties must be specified). |
 | cacheBulkCopyMetadata<br/><br/>boolean<br/>["true" &#124; "false"]<br/><br/>false | (Version 12.8+) When using **useBulkCopyForBatchInsert=true**, this property is used to tell the driver whether it should cache destination column metadata at the connection level. If set to `true`, make sure the destination doesn't change between bulk inserts, as the driver doesn't have a way of handling this change. |
 | calcBigDecimalPrecision<br/><br/>boolean<br/>["true" &#124; "false"]<br/><br/>false | (Version 12.6+) Flag to indicate whether the driver should calculate precision for BigDecimal inputs, as opposed to using the maximum allowed valued for precision (38). |

docs/connect/odbc/dsn-connection-string-attribute.md

@@ -170,7 +170,7 @@ Sets the authentication mode to use when connecting to SQL Server. For more info
 |ActiveDirectoryInteractive|SQL_AU_AD_INTERACTIVE|Microsoft Entra Interactive authentication.|
 |ActiveDirectoryMsi|SQL_AU_AD_MSI|Microsoft Entra managed identity authentication. For user-assigned identity, UID is set to the object ID of the user identity. |
 |ActiveDirectoryServicePrincipal|SQL_AU_AD_SPA|Microsoft Entra service principal authentication. UID is set to the client ID of the service principal. PWD is set to the client secret. |
-|ActiveDirectoryPassword|SQL_AU_AD_PASSWORD|[DEPRECATED] Microsoft Entra password authentication.<br/><br/>ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).|
+|ActiveDirectoryPassword|SQL_AU_AD_PASSWORD|[DEPRECATED] Microsoft Entra password authentication.<br/><br/>ActiveDirectoryPassword is deprecated. For more information, see [ActiveDirectoryPassword is deprecated](using-azure-active-directory.md#activedirectorypassword-is-deprecated).|
 | |SQL_AU_RESET|Unset. Overrides any DSN or connection string setting.|
 
 > [!NOTE]