Azure SQL Database firewall server rule exception

Adam Kolařík 20 Reputation points
2025-02-24T15:34:57.29+00:00

Dears,

I was trying to use Azure SQL Server IP Firewall rule to "Allow Azure Services and resources to access this server" as per documentation located here:

https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure

I was intended to use such firewall rule to be able to access database/server from other Microsoft SaaS services like XLS file accessing database and is located in OneDrive or Sharepoint.

If I used such firewall rule (with starting IP "0.0.0.0" and ending IP "0.0.0.0") I am still not able to connect to SQL database using XLS located in sharepoint or onedrive. (if I open XLS on my local, where my public IP is whitelisted directly, then everything else works).

I am curious about meaning of "Azure services" in that Microsoft's statement ... should that contain also IP addresses of Microsoft's SaaS services (like Microsoft 365 apps) or "only" whatever is inside Azure subscriptions?

I also wanted to mention, that similar Firewall rule for Azure SQL Managed Instance PaaS works as expected (that firewall exception works also for access from SaaS services like OneDrive/Sharepoint) ... but I cannot make it work for Azure SQL Database PaaS.

Any ideas or official Microsoft's documentation extention that it just will not work "by design"?

Azure SQL Database
{count} votes

Accepted answer
  1. Gowtham CP 6,030 Reputation points Volunteer Moderator
    2025-02-24T16:32:11.1+00:00

    Hello Adam Kolařík ,

    Thank you for your question.

    The “Allow Azure Services and resources to access this server” rule in Azure SQL Database is designed to let connections from within Azure—such as VMs and App Services—access your server. It does not include external Microsoft SaaS services like OneDrive, SharePoint, or Microsoft 365 apps. This is why your Excel file hosted on SharePoint or OneDrive isn’t able to connect, even when the rule is enabled.

    For connections from these external services, you will need to set up specific firewall rules for their IP ranges (which may change over time). Note that Azure SQL Managed Instance behaves differently due to its virtual network integration, which is why the same setting might work there.

    For more details, please see the official documentation: Azure SQL Database firewall rules

    I hope this helps! If you have any further questions, feel free to ask.

    If the information is useful, please accept the answer and upvote it to assist other community members.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.