Using Point to Site VPN connection to connect to Azure SQL Managed Instance from my laptop using Azure Active Directory Authetnication

Question

Using Point to Site VPN connection to connect to Azure SQL Managed Instance from my laptop using Azure Active Directory Authetnication

Jignesh Vyas 45

Hi,

I have vnet and vnet gateway for that vnet.

I have Azure sql managed instance linked to the same vnet.

Can I use azure active directoty authentication using azure vpn client to connect to sql mi.
I am successfully able to connect to gateway using point to site azure active direcotry authentcation.

Thanks

Accepted answer

2 additional answers

Your answer

Answer 1

ShaktiSingh-MSFT 16,256

Hi @Jignesh Vyas ,

As I understand from the question, this is another question similar to your previous question How to connect to Azure SQL Server using Azure P2S VPN client (Azure AD Authentication) where you now need information on Azure SQL Managed Instance access on Azure VM through private endpoint.

Kindly add in any information which we might have missed in understanding.

We have Configuring Private Endpoint Connections in Azure SQL Managed Instance which states how you may perform so.

Please check and follow and let us know if you are able to make it work.

If not, please share at which step you face issue. Thanks

Jignesh Vyas 45 Reputation points

2023-02-20T04:26:14.0466667+00:00

Thank you very much. This is what was missing,
ShaktiSingh-MSFT 16,256 Reputation points

2023-02-20T04:46:12.3433333+00:00

Hi @Jignesh Vyas ,

Glad to know that the below response was helpful. Thank you for marking this answer as accepted. This will help others find useful answers faster.

Please feel free to take a survey on the relevant answer. You can help us improve by leaving feedback verbatim.

Have a good day!

Shakti

Answer 2

Bas Pruijn 956

Yes you can.

In order to make this work via P2S you need a couple of steps:

your SQL server needs a private endpoint
your private endpoint needs to be registered in a private DNS zone
This private DNS zone needs to be linked to the network of your gateway
you need a DNS forwarder active in the network of your gateway (or a firewall acting as such)
your P2S vpn needs to use the DNS forwarder for DNS requests.

If you have set up all these steps, you can log into your SQL Database via P2S, independent on the authentication method.

Jignesh Vyas 45 Reputation points

2023-02-17T01:36:56.51+00:00

Thank you for your response.

The above steps worked for AzureSQLDB but did not work for SQL managed instance which is a different resource type in Azure.

Just so you know, the difference I noticed Azure SQL managed instance has private endpoint in still preview mode and doesnt create dns zone along with it. If this would be causing the problem
Jignesh Vyas 45 Reputation points

2023-02-17T01:41:45.1366667+00:00

Thank you for your work.

Above steps did work for AzureSQLDB but did not work SQL managed instance, which is a different PAAS resource in Azure.

On thing I noticed is that managed instance has privateendpoint in still preview mode and doesnt create dns zone along with it. If this is causing the problem. Should I make any changes in nsg?

Thanks in advance

Answer 3

Hi Jignesh Vyas Thank you for reaching out.

My understanding is that you are trying to use point to site VP to connect to an Aure SQL MI from your laptop using AAD.

In addition to the above answer, you have to setup a point to site connection to a managed instance. Then create a linked server on the managed instance which connects to your local machine (VPN client).

This QuickStart demonstrates how to connect to Azure SQL Managed Instance using SQL Server Management Studio (SSMS) from an on-premises client computer over a point-to-site connection.

Quickstart: Configure a point-to-site connection to Azure SQL Managed Instance from on-premises

Regards,

Oury

Share via

Using Point to Site VPN connection to connect to Azure SQL Managed Instance from my laptop using Azure Active Directory Authetnication

2 additional answers

Your answer