Share via

Unable to disable Microsoft Entra-only authentication on SQL Managed Instance. Met with InvalidParameterValue error

Daniel Sanchez 20 Reputation points Microsoft Employee
2026-04-15T20:05:34.18+00:00

We are unable to disable Microsoft Entra-only authentication on a SQL Managed Instance.

Behavior: The API accepts the PUT request (HTTP 202 Accepted) but the async operation fails with: 

{"code":"InvalidParameterValue","message":"Invalid value given for parameter AzureADOnlyAuthentication. Specify a valid parameter value."}

 

Request payload:

{"properties":{"azureADOnlyAuthentication":false}}

 

Current state:

  • Entra-only authentication is currently true (confirmed via az sql mi ad-only-auth get)   
  • SQL administrator login exists (MI was originally created with SQL auth)    
  • Microsoft Entra admin is configured

 

Methods attempted (all produce the same or more generic error):

  1. Azure Portal:

 User's image

 

  1. az cli:
az sql mi ad-only-auth disable --resource-group "<rg>" --name "<sqlmi>"                               
(InvalidParameterValue) Invalid value given for parameter AzureADOnlyAuthentication. Specify a valid parameter value.
Code: InvalidParameterValue
Message: Invalid value given for parameter AzureADOnlyAuthentication. Specify a valid parameter value.

 

What we ruled out:

  • Azure Policy: No policy assignments targeting SQL resources at subscription or RG level. No deny actions logged in activity log.    
  • Resource locks: None on the MI    
  • Missing SQL admin: administratorLogin is set    
  • Missing Entra admin: Microsoft Entra admin is configured    

 

Additional context:

Activity log shows 15+ consistent failures over the past 24 hours, all with the same InvalidParameterValue error    

Correlation IDs are available upon request

 

Ask: Please investigate the failure. The server accepts the request but fails during processing with a generic error that provides no actionable detail. We need Entra-only authentication disabled to rollback our service deployment which initially enabled it.

Azure SQL Database

Answer accepted by question author

Manoj Kumar Boyini 16,640 Reputation points Microsoft External Staff Moderator
2026-04-22T22:12:44.3+00:00

Hi @Daniel Sanchez

Disabling Microsoft Entra‑only authentication on an existing Azure SQL Managed Instance is not supported for Internal Tenants.

The azureADOnlyAuthentication property is a one‑way configuration change and cannot be reverted on the same instance. As a result, the failures observed across all management methods (including the InvalidParameterValue error) are expected behavior.

If mixed authentication (SQL + Microsoft Entra) is required:

  • Deploy a new SQL Managed Instance with Entra‑only authentication disabled during creation.
  • Migrate databases from the original instance using:
  • Point‑in‑time restore, or BACPAC Export/Import, Validate both SQL and Entra authentication on the new instance.

Please let us know if you have any questions and concerns.

Was this answer helpful?

0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.