Azure SQL Database
An Azure relational database service.
5,740 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Based on this old thread :
First you need to Configure the Azure VPN Client - Azure AD authentication - Windows
Then :
- Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.
- Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You will use this private IP to connect to SQL server.
- On your local machine, make sure you're connected to VPN and open SQL Server Management Studio:
- Under "Server name" enter private IP address of Azure private endpoint created in step 2.
- Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. admin@my-sql-server.database.windows.net). For password, just enter your password.
- Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.
- Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.
- Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You will use this private IP to connect to SQL server.
- On your local machine, make sure you're connected to VPN and open SQL Server Management Studio:
Under "Server name" enter private IP address of Azure private endpoint created in step 2.
Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. admin@my-sql-server.database.windows.net). For password, just enter your password.
Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 20%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)