Azure Active Directory Admin should be configured for Azure SQL

Description

By default, Azure Active Directory Authentication for SQL Database/Server is not enabled. However, utilizing Azure Active Directory (Azure AD) authentication allows for managing credentials in a centralized location. This authentication mechanism enables connecting to Microsoft Azure SQL Database and SQL Data Warehouse using Azure AD identities. By using Azure AD authentication, database users and other Microsoft services can be managed in a single central location, simplifying permission management and providing an alternative to SQL Server authentication. It also eliminates the need to store passwords by enabling integrated Windows authentication and supports various forms of authentication, including token-based authentication for applications and multi-factor authentication (MFA). To properly implement Azure AD for central authentication, it is important to configure the necessary groups and roles based on the organization’s requirements.

Remediation

From the console

  1. Go to SQL servers.
  2. For each SQL server, click Active Directory admin.
  3. Click Set admin.
  4. Select an admin and click Save.
  5. Select the Support only Azure Active Directory authentication for this server checkbox.
  6. The Enable Azure AD authentication only popup appears. Click Yes to enable the feature and Save the setting.