![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
6,326 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi
Raunak Sharma,
Welcome to Microsoft Q&A forum and thanks for using Azure Services.
As I understand, you want to connect to Azure SQL Database through SSL validation/ AD authentication.
Please check the Authentication method selected for the Azure SQL Server:
If Azure AD needs to be configured, please follow the steps below:
Azure Active Directory authentication requires that database users are created as contained. A contained database user maps to an identity in the Azure AD directory associated with the database and has no login in the master database. The Azure AD identity can either be for an individual user or a group. For more information, see Contained database users, make your database portable and review the Azure AD tutorial on how to authenticate using Azure AD.
Note:
Database users (excluding administrators) cannot be created using the Azure portal. Azure roles do not propagate to SQL servers, databases, or data warehouses. They are only used to manage Azure resources and do not apply to database permissions.
For example, the SQL Server Contributor role does not grant access to connect to a database or data warehouse. This permission must be granted within the database using T-SQL statements.
To add a user with Azure AD authentication:
Connect to your server in Azure using an Azure AD account with at least the ALTER ANY USER permission.
In Object Explorer, right-click the database and select New Query.
- In the query window, enter the following command and modify
<Azure_AD_principal_name>to the principal name of the Azure AD user or the display name of the Azure AD group:
CREATE USER [<Azure_AD_principal_name>] FROM EXTERNAL PROVIDER;
Using Secure connection strings:
To ensure a secure, encrypted connection between the client application and SQL Database, a connection string must be configured to:
- Request an encrypted connection
- Not trust the server certificate
The connection is established using Transport Layer Security (TLS) and reduces the risk of a man-in-the-middle attack. Connection strings are available per database and are pre-configured to support client drivers such as ADO.NET, JDBC, ODBC, and PHP. For information about TLS and connectivity, see TLS considerations.
To copy a secure connection string:
In the Azure portal, select SQL databases from the left-hand menu, and select your database on the SQL databases page.
On the Overview page, select Show database connection strings.
- Select a driver tab and copy the complete connection string.
Each server in Azure (which hosts SQL Database or Azure Synapse) starts with a single server administrator account that is the administrator of the entire server. Create a second administrator account as an Azure AD account. This principal is created as a contained database user in the master database of the server. Administrator accounts are members of the db_owner role in every user database, and enter each user database as the dbo user. For more information about administrator accounts, see Managing Databases and Logins.
When using Azure Active Directory with geo-replication, the Azure Active Directory administrator must be configured for both the primary and the secondary servers. If a server does not have an Azure Active Directory administrator, then Azure Active Directory logins and users receive a Cannot connect to server error.
Note
Users that are not based on an Azure AD account (including the server administrator account) cannot create Azure AD-based users, because they do not have permission to validate proposed database users with the Azure AD.
Reference Link: Manage Database Access
Use Azure Active Directory authentication
Azure AD admin with a server in SQL Database
Hope this helps. Let us know if you have further questions. Thank you.