From 722e14b73e3970c7b4331f37dc4b21590b72ae41 Mon Sep 17 00:00:00 2001
From: Jeff Pigott <86477713+wjpigott@users.noreply.github.com>
Date: Tue, 1 Apr 2025 16:33:27 -0500
Subject: [PATCH 1/2] Update entra-id-tutorial.md

Added options for using proxy server with Entra ID as it was found that the Arc Agent proxy does not use this for Entra ID authentication, and the machine wide proxy needs to be used.
---
 docs/includes/entra-id-tutorial.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/includes/entra-id-tutorial.md b/docs/includes/entra-id-tutorial.md
index bcb8ad66c30..69036368730 100644
--- a/docs/includes/entra-id-tutorial.md
+++ b/docs/includes/entra-id-tutorial.md
@@ -45,7 +45,18 @@ In this tutorial, you learn how to:
 
 > [!WARNING]  
 > Connections authenticated by Microsoft Entra ID are always encrypted. If SQL Server is using a self-signed certificate, you must add `trust server cert = true` in the connection string. SQL Server and Windows authenticated connections don't require encryption, but it is strongly recommended.
-
+>
+> If the machine requires using a proxy server, Entra ID requires that the machine-level WinHTTP proxy be set using the commands:
+> ```cmd
+> netsh winhttp set proxy proxy-server="http://proxyserver:port"
+> ```
+> Entra ID authentication does not utililze the Arc agent proxy setting.
+> The Arc Agent proxy may be set using the commands:
+> 
+> ```cmd
+> azcmagent config set proxy.url "http://proxyserver:port"
+> ```
+> 
 <a name='create-and-register-an-azure-ad-application'></a>
 
 ## Create and register a Microsoft Entra application

From add73d036bf9e267bf2905a726a7c5e7aba7f149 Mon Sep 17 00:00:00 2001
From: Jeff Pigott <86477713+wjpigott@users.noreply.github.com>
Date: Wed, 2 Apr 2025 08:28:35 -0500
Subject: [PATCH 2/2] Update Entra ID authentication proxy instructions

Made some changes including the explicit access if the proxy is not used.
---
 docs/includes/entra-id-tutorial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/includes/entra-id-tutorial.md b/docs/includes/entra-id-tutorial.md
index 69036368730..16b7ce63015 100644
--- a/docs/includes/entra-id-tutorial.md
+++ b/docs/includes/entra-id-tutorial.md
@@ -46,7 +46,7 @@ In this tutorial, you learn how to:
 > [!WARNING]  
 > Connections authenticated by Microsoft Entra ID are always encrypted. If SQL Server is using a self-signed certificate, you must add `trust server cert = true` in the connection string. SQL Server and Windows authenticated connections don't require encryption, but it is strongly recommended.
 >
-> If the machine requires using a proxy server, Entra ID requires that the machine-level WinHTTP proxy be set using the commands:
+> SQL Server will connect directly to Entra ID for authentication. Either [explicit firewall urls](https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/prerequisites?view=sql-server-ver16&tabs=azure#network-requirements-for-enabling-entra-id-authentication) need to be opened for direct access, or utilize a proxy server. Entra ID does not use the Arc Connected Machine Agent proxy for authentication. If the machine requires using a proxy server, Entra ID requires that the machine-level WinHTTP proxy be set using the commands:
 > ```cmd
 > netsh winhttp set proxy proxy-server="http://proxyserver:port"
 > ```