updated data action -4

abhims14 · rwestMSFT · commit f0aa60e85d98 · 2025-10-09T13:16:18.000-06:00
Updated the note regarding Storage Blob Data Reader access for migration to clarify that it applies to both Azure SQL Managed Instance and Azure SQL Virtual Machine.

Update permission for SQL MI and SQL VM
diff --git a/data-migration/sql-server/managed-instance/custom-roles.md b/data-migration/sql-server/managed-instance/custom-roles.md
@@ -62,7 +62,9 @@ Use the `AssignableScopes` section of the role definition JSON string to control
                     "Microsoft.DataMigration/SqlMigrationServices/tasks/delete"
                 ],
                 "notActions": [],
-                "dataActions": [],
+                "dataActions": [
+                  "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+                ],
                 "notDataActions": []
             }
         ]
@@ -75,7 +77,7 @@ You can use either the Azure portal, Azure PowerShell, Azure CLI, or Azure REST
 For more information, see [Create or update Azure custom roles using the Azure portal](/azure/role-based-access-control/custom-roles-portal) and [Azure custom roles](/azure/role-based-access-control/custom-roles).
 
 > [!NOTE]  
-> When migrating to SQL Managed Instance via **Azure portal** using **Managed Identity**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal. For more information, see [DMS - Support for Managed Identity for Azure SQL Managed Instance migration](https://techcommunity.microsoft.com/blog/microsoftdatamigration/dms---support-for-managed-identity-for-azure-sql-managed-instance-migration/4411274).
+> When migrating to Azure SQL Managed Instance or Azure SQL Virtual Machine via **Azure portal**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal only.
 
 ## Description of permissions needed to migrate to Azure SQL Managed Instance
 
diff --git a/data-migration/sql-server/managed-instance/database-migration-service.md b/data-migration/sql-server/managed-instance/database-migration-service.md
@@ -5,7 +5,7 @@ description: Learn how to migrate on-premises SQL Server to Azure SQL Managed In
 author: abhims14
 ms.author: abhishekum
 ms.reviewer: randolphwest
-ms.date: 10/08/2025
+ms.date: 10/09/2025
 ms.service: azure-database-migration-service
 ms.topic: tutorial
 ms.collection:
@@ -71,6 +71,9 @@ To complete this tutorial, you need to:
 
 - Have an Azure account that's assigned to one of the following built-in roles:
 
+  > [!IMPORTANT]  
+  > An Azure account is required only when you configure the migration steps. An Azure account isn't required for the assessment or to view Azure recommendations in the migration wizard in Azure Data Studio.
+
   - *Contributor* for the target instance of Azure SQL Managed Instance and for the storage account where you upload your database backup files from a Server Message Block (SMB) network share, and *Reader* role for the Azure resource groups that contain the target instance of Azure SQL Managed Instance or your Azure storage account.
 
   - *Owner* or *Contributor* role for the Azure subscription (required if you create a new Database Migration Service instance).
@@ -87,13 +90,12 @@ To complete this tutorial, you need to:
 
     1. In the Azure portal, go to **Storage account** (used for the migration for keeping backup files), and navigate to **IAM roles** > **Assign role**, and assign Storage Blob Data Reader to the associated managed identity.
 
-       > [!NOTE]  
-       > When migrating to SQL Managed Instance via **Azure portal** using **Managed Identity**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal. For more information, see [DMS - Support for Managed Identity for Azure SQL Managed Instance migration](https://techcommunity.microsoft.com/blog/microsoftdatamigration/dms---support-for-managed-identity-for-azure-sql-managed-instance-migration/4411274).
+    For more information, see [DMS - Support for Managed Identity for Azure SQL Managed Instance migration](https://techcommunity.microsoft.com/blog/microsoftdatamigration/dms---support-for-managed-identity-for-azure-sql-managed-instance-migration/4411274).
 
-  As an alternative to using one of these built-in roles, you can [assign custom roles](custom-roles.md).
+- As an alternative to using one of these built-in roles, you can [assign custom roles](custom-roles.md).
 
-  > [!IMPORTANT]  
-  > An Azure account is required only when you configure the migration steps. An Azure account isn't required for the assessment or to view Azure recommendations in the migration wizard in Azure Data Studio.
+> [!NOTE]  
+> When migrating to Azure SQL Managed Instance or Azure SQL Virtual Machine via **Azure portal**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal only.
 
 - Create a target instance of [Azure SQL Managed Instance](/azure/azure-sql/managed-instance/instance-create-quickstart).
 
diff --git a/data-migration/sql-server/virtual-machines/custom-roles.md b/data-migration/sql-server/virtual-machines/custom-roles.md
@@ -1,10 +1,10 @@
 ---
-title: "Custom roles: Online SQL Server to Azure Virtual Machines migrations with ADS"
+title: "Custom Roles: Online SQL Server to Azure Virtual Machines Migrations with ADS"
 titleSuffix: Azure Database Migration Service
 description: Learn to use the custom roles for SQL Server to Azure VM's migrations.
 author: rwestMSFT
 ms.author: randolphwest
-ms.date: 06/11/2025
+ms.date: 10/09/2025
 ms.service: azure-database-migration-service
 ms.topic: conceptual
 ms.collection:
@@ -59,7 +59,9 @@ Use the `AssignableScopes` section of the role definition JSON string to control
                     "Microsoft.DataMigration/SqlMigrationServices/tasks/delete"
                 ],
                 "notActions": [],
-                "dataActions": [],
+                "dataActions": [
+                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+                ],
                 "notDataActions": []
             }
         ]
@@ -71,6 +73,9 @@ You can use either the Azure portal, Azure PowerShell, Azure CLI, or Azure REST
 
 For more information, see [Create or update Azure custom roles using the Azure portal](/azure/role-based-access-control/custom-roles-portal) and [Azure custom roles](/azure/role-based-access-control/custom-roles).
 
+> [!NOTE]  
+> When migrating to Azure SQL Managed Instance or Azure SQL Virtual Machine via **Azure portal**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal only.
+
 ## Description of permissions needed to migrate to a virtual machine
 
 | Permission Action | Description |
diff --git a/data-migration/sql-server/virtual-machines/database-migration-service.md b/data-migration/sql-server/virtual-machines/database-migration-service.md
@@ -5,7 +5,7 @@ description: Learn how to migrate on-premises SQL Server to SQL Server on Azure
 author: abhims14
 ms.author: abhishekum
 ms.reviewer: cawrites, randolphwest
-ms.date: 10/06/2025
+ms.date: 10/09/2025
 ms.service: azure-database-migration-service
 ms.topic: tutorial
 ms.collection:
@@ -43,16 +43,19 @@ Before you begin the tutorial:
 - [Install the Azure SQL migration extension](/azure-data-studio/extensions/azure-sql-migration-extension) from Azure Data Studio Marketplace.
 - Have an Azure account that's assigned to one of the following built-in roles:
 
+  > [!IMPORTANT]  
+  > An Azure account is required only when you configure the migration steps. An Azure account isn't required for the assessment or to view Azure recommendations in the migration wizard in Azure Data Studio.
+
   - Contributor for the target instance of SQL Server on Azure Virtual Machines, and for the storage account where you upload your database backup files from a Server Message Block (SMB) network share
 
   - Reader role for the Azure resource group that contains the target instance of SQL Server on Azure Virtual Machines or for your Azure Storage account
 
   - Owner or Contributor role for the Azure subscription
 
-  As an alternative to using one of these built-in roles, you can [assign custom roles](custom-roles.md).
+  - As an alternative to using one of these built-in roles, you can [assign custom roles](custom-roles.md).
 
-  > [!IMPORTANT]  
-  > An Azure account is required only when you configure the migration steps. An Azure account isn't required for the assessment or to view Azure recommendations in the migration wizard in Azure Data Studio.
+  > [!NOTE]  
+  > When migrating to Azure SQL Managed Instance or Azure SQL Virtual Machine via **Azure portal**, make sure the signed in user has **Storage Blob Data Reader** access on the storage account. This permission is needed to list folders and files in the blob container during migration setup via Azure portal only.
 
 - Create a target instance of [SQL Server on Azure Virtual Machines](/azure/azure-sql/virtual-machines/windows/create-sql-vm-portal).
 
