Azure database access denied when using virtual networks

Doug Haining 0 Reputation points
2023-09-07T19:44:14.25+00:00

I have created Azure AD users and roles and set up a SQL Server in Azure with a database. When I set up firewall rules in the Azure database under the Networking blade, users can access the database fine. However, if I try to set up a virtual network instead, user authentication works, but database access is denied without specific IP ranges added to a firewall rule.

Is it possible to make it so a user can access the database from any location without necessarily knowing their specific IP address? If so, what are the steps to make it happen?

Authentication needs to be AD Interactive so that we can use MS Authenticator on user's phones to get authenticated to Azure. (AD Integrated does not work).

Thanks.

Azure SQL Database
{count} votes

1 answer

Sort by: Most helpful
  1. Oury Ba-MSFT 19,726 Reputation points Microsoft Employee
    2024-01-08T21:00:20.9566667+00:00

    Doug Haining

    Sorry for the delay in response to the above questions.

    Great to hear that adding a firewall rule with appropriate ranges fixed the issue.

    I want to figure out how to make it work with a virtual network or a private endpoint.

    Connecting via a VNET rule or a private endpoint both require connecting into an Azure VNET. For this you would most likely want to set up a P2S or S2S VPN that your remote users can also use so that their traffic is propagated through an approved virtual network.

    Configure a point-to-site VPN connection to a VNet using multiple authentication types: Azure portal

    https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

    https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

    Regards,

    Oury

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.