This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Can anyone here please clarify if the firewall rule 0.0.0.0 AllowAllWindowsAzureIps scope is for all objects within our Azure Tenant or the whole IP ranges owned by Microsoft ?
Thank you.
Hi,@EnterpriseArchitect Welcome to Microsoft Q&A thanks for posting your question.
The firewall rule 0.0.0.0 AllowAllWindowsAzureIps allows connections from all IP addresses that are owned by Microsoft Azure. This includes IP addresses that are used by all Azure services, not just Azure SQL Database.
Regards
Geetha
@GeethaThatipatri-MSFT ,
OK is that limited to just the Azure services and objects my tenant has or all Microsoft Customers globally in Azure?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 92%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
As stated in our documentation, https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure:
This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. If you select this option, make sure that your login and user permissions limit access to authorized users only.
One way to ensure access is limited only to authorized users is to utilize exclusive authentication with Microsoft Entra ID (formerly Azure Active Directory) for your Azure SQL instances. Microsoft Entra authentication inherently reduces the scope of allowable connections to only those within your tenant.
It also provides secure user authentication with multifactor auth and single sign-on, and secure, secret-less programmatic authentication with managed identities. Leaked credentials account for the large majority of major data breaches in today's world. With Microsoft Entra-only authentication, developer-managed credentials can be fully eliminated, immediately strengthening any organization's security posture.