Share via

Configure service account in Azure SQL Server

Cristopher Aguilera 91 Reputation points
2024-08-16T13:43:28.21+00:00

Good morning,

I have an SQL Server running on an Azure Virtual Machine, and I've been tasked with creating a 'Service Account' and configuring the SQL Server services (SQL Server and SQL Server Agent) to use this new account. Currently, my SQL Server is configured as follows:

User's image

As you can see, the 'Log On As' is set to use the default accounts. My goal is to replace these with custom service accounts.

I have a few questions:

1.- Are 'Service Accounts' a concept in Azure? In our on-premises environment, our SQL Server uses service accounts created by our domain administrators. I'm wondering if it's possible to create similar service accounts within the Azure tenant where the VMs are hosted.

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-ver16 I have read that in Azure offers the following options:

  • Managed Service Accounts
  • Group-managed service accounts
  • Virtual accounts

However, I'm unsure which option is best suited for my needs and how to get started.

2.- How do I create a Service Account that can be used in the Virtual Machine to configure SQL Server via SQL Server Configuration Manager?

Thanks in advance,

Cristopher Aguilera

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,770 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. S R 0 Reputation points
    2024-08-20T03:10:48.57+00:00

    Hi, @Cristopher Aguilera To set up a service account for your SQL Server on an Azure VM, you can use Managed Identities. First, enable a Managed Identity for your VM . Then, assign the necessary permissions to this identity. Next, open SQL Server Configuration Manager on your VM, go to the properties of SQL Server and SQL Server Agent, and change the ‘Log On’ account to the Managed Identity. Finally, restart the services to apply the changes. This will help secure and manage your SQL Server services effectively.

  2. Mahesh Kurva 240 Reputation points Microsoft Vendor
    2024-08-28T16:26:11.5+00:00

    Hi Cristopher Aguilera,

    Thanks for the question and using MS Q&A platform.

    In addition to @ S R,

    Please follow the below steps to enable managed identities on VMs.

    • Log in to the Azure portal with an account linked to the Azure subscription where you intend to create the VM.
    • Go to Virtual Machines, select your VM, then click on Identity under Settings, and switch System assigned to On. Make sure to save your changes.
    • On the VM, launch SQL Server Configuration Manager, and update the Log On account for both SQL Server and SQL Server Agent to use the Managed Identity.
    • Finally, restart the SQL Server and SQL Server Agent services to ensure the changes take effect.

    For more information you can refer this documentation: Configure managed identities on Azure virtual machines (VMs).

    Hope this helps. Do let us know if you have any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.