I have created Azure AD users and roles and set up a SQL Server in Azure with a database. When I set up firewall rules in the Azure database under the Networking blade, users can access the database fine. However, if I try to set up a virtual network instead, user authentication works, but database access is denied without specific IP ranges added to a firewall rule.
Is it possible to make it so a user can access the database from any location without necessarily knowing their specific IP address? If so, what are the steps to make it happen?
Authentication needs to be AD Interactive so that we can use MS Authenticator on user's phones to get authenticated to Azure. (AD Integrated does not work).