* Deprecate ActiveDirectoryPassword in PHP

Updated the documentation to reflect the deprecation of ActiveDirectoryPassword authentication and recommended migration to ActiveDirectoryInteractive.

Author: David-Engel

docs/connect/php/azure-active-directory.md

@@ -26,7 +26,7 @@ To use Microsoft Entra ID, use the **Authentication** or **AccessToken** keyword
 ||A byte string|The Microsoft Entra access token extracted from an OAuth JSON response. The connection string must not contain user ID, password, or the `Authentication` keyword (requires ODBC Driver version 17 or above in Linux or macOS). |
 |**Authentication**|Not set (default)|Authentication mode determined by other keywords. For more information, see [Connection Options](connection-options.md). |
 ||`SqlPassword`|Directly authenticate to a SQL Server instance (which may be an Azure instance) using a username and password. The username and password must be passed into the connection string using the **UID** and **PWD** keywords. |
-||`ActiveDirectoryPassword`|Authenticate with a Microsoft Entra identity using a username and password. The username and password must be passed into the connection string using the **UID** and **PWD** keywords. |
+||`ActiveDirectoryPassword` **DEPRECATED**| _**ActiveDirectoryPassword is deprecated**_. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).<br/>Authenticate with a Microsoft Entra identity using a username and password. The username and password must be passed into the connection string using the **UID** and **PWD** keywords. |
 ||`ActiveDirectoryMsi`|Authenticate using either a Microsoft Entra system-assigned user-assigned managed identity (requires ODBC Driver version 17.3.1.1 or above). For an overview and tutorials, refer to [What are managed identities for Azure resources?](/azure/active-directory/managed-identities-azure-resources/overview).|
 ||`ActiveDirectoryServicePrincipal`|Authenticate using service principal objects (requires ODBC Driver version 17.7 or above). For more details and examples, refer to [Application and service principal objects in Microsoft Entra ID](/azure/active-directory/develop/app-objects-and-service-principals).|
 
@@ -38,6 +38,8 @@ On Windows, the underlying ODBC driver supports one more value for the **Authent
 
 ## Example - connect using SqlPassword and ActiveDirectoryPassword
 
+**ActiveDirectoryPassword is deprecated.** Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
+
 ```php
 <?php
 // First connect to a local SQL Server instance by setting Authentication to SqlPassword

docs/connect/php/connection-options.md

@@ -22,7 +22,7 @@ This topic lists the options that are permitted in the associative array (when u
 |APP|String|Specifies the application name used in tracing.|Not set.|  
 |ApplicationIntent|String|Declares the application workload type when connecting to a server. Possible values are **ReadOnly** and **ReadWrite**.<br /><br />For more information about [!INCLUDE[ssDriverPHP](../../includes/ssdriverphp_md.md)] support for [!INCLUDE[ssHADR](../../includes/sshadr-md.md)], see [Support for High Availability, Disaster Recovery](php-driver-for-sql-server-support-for-high-availability-disaster-recovery.md).|ReadWrite|
 |AttachDBFileName|String|Specifies which database file the server should attach.|Not set.|
-|Authentication|One of the following strings:<br /><br />**SqlPassword**<br /><br />**ActiveDirectoryPassword**<br /><br />**ActiveDirectoryMsi**<br /><br />**ActiveDirectoryServicePrincipal**|Specifies the authentication mode.<br /><br />For more information, see [Connect Using Microsoft Entra authentication](azure-active-directory.md)|Not set.|
+|Authentication|One of the following strings:<br /><br />**SqlPassword**<br /><br />**ActiveDirectoryPassword [DEPRECATED]**<br /><br />**ActiveDirectoryMsi**<br /><br />**ActiveDirectoryServicePrincipal**|Specifies the authentication mode.<br /><br />For more information, see [Connect Using Microsoft Entra authentication](azure-active-directory.md)|Not set.|
 |CharacterSet<br /><br />(not supported in the PDO_SQLSRV driver)|String|Specifies the character set used to send data to the server.<br /><br />Possible values are SQLSRV_ENC_CHAR and UTF-8. For more information, see [How to: Send and Retrieve UTF-8 Data Using Built-In UTF-8 Support](how-to-send-and-retrieve-utf-8-data-using-built-in-utf-8-support.md).|SQLSRV_ENC_CHAR|  
 |ColumnEncryption|One of the following strings:<br /><br />**Enabled**<br /><br />**Disabled**<br /><br />A string identifying the attestation protocol and URL for attesting the enclave|Specifies whether the Always Encrypted feature is enabled or not. If an attestation protocol and URL are specified, Always Encrypted with secure enclaves is enabled, provided the other requirements are met as described in [Using Always Encrypted with secure enclaves with the PHP Drivers for SQL Server](always-encrypted-secure-enclaves.md).|Disabled|  
 |ConnectionPooling|1 or **true** for connection pooling on.<br /><br />0 or **false** for connection pooling off.|Specifies whether the connection is assigned from a connection pool (1 or **true**) or not (0 or **false**).<sup>1</sup>|**true** (1)|