What are the real risks of letting all Azure Services connect to a SQL Database?

Lucas Nebot 41 Reputation points
2020-12-09T10:58:48.013+00:00

Hello everybody,

I have a general question regarding the network security of a SQL database:

The documentation states that allowing all Azure Services connect to the database is bad practice and poses a security risk.

Why is that? In my understanding everybody could try to connect to the DB but only I have the credentials and therefore access. So where is the problem?
What is the worst thing that could happen?

Thank you.

Best regards
Lucas

Azure SQL Database
0 comments No comments
{count} votes

Accepted answer
  1. Anurag Sharma 17,531 Reputation points
    2020-12-10T04:15:25.437+00:00

    Hi @Lucas Nebot , welcome to Microsoft Q&A forum.

    Enabling the Allow Azure Services will enable any Azure Service to connect to Azure SQL Server resource. Now you are right in mentioning that we still use the user credentials to connect to the database and providing incorrect credentials will have access denied to the database. However, if by any way any wrong party gets the credentials through unlawful methods, there is no way to stop them to access the Azure SQL Database. Even the resource is not blocked by any firewall rules, so its kind of security risk. Hence, it is advised to enable extra layer of security to make our resources more secure and data intact. As an example, even MFA offers multiple factors to gain access to resource. Or the applications that send the OTP on the mobile phones on top of login credentials.

    0 comments No comments

0 additional answers

Sort by: Most helpful