![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 47%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
6,326 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 60%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Hi Jeevitha Vasu,
Thanks for reaching out to Microsoft Q&A.
Azure SQL Managed Instance is configured by default to require SSL encryption for all incoming connections. This means that the instance enforces SSL/TLS encryption, and all clients connecting to it are expected to use encrypted connections, unless explicitly set otherwise.
- Check the Encryption Status:
Azure SQL Managed Instance enforces encrypted connections by default, but you can verify the encryption settings in the SQL instance:
- You can query the
sys.dm_exec_connectionsview to check whether encryption is being used for current connections:SELECT session_id, encrypt_option FROM sys.dm_exec_connections WHERE session_id = @@SPID;
- If the
encrypt_optionreturnsTRUE, it means the connection is encrypted.
- If the
- Force Encryption at the SQL Server Level:
Currently, Azure SQL Managed Instance does not allow direct configuration to disable encryption enforcement. Encryption is enabled by default and cannot be disabled, but if you want to restrict non-encrypted connections (which means not allowing clients to bypass encryption), follow these steps:
Ensure Clients Use Encryption in JDBC:
You should configure your Java JDBC connection strings to always use encryption. Here are the options you mentioned:
- Non-encrypted connection (should be restricted):
- jdbc:sqlserver://<end-point>:<port-no>;user={your_username_here};password={your_password_here};encrypt=false;loginTimeout=30;Authentication=ActiveDirectoryPassword;
- Avoid using this string (
encrypt=false) since this allows a non-encrypted connection, which is not recommended.
- Avoid using this string (
- Encrypted connection without trusting server certificate (recommended):
jdbc:sqlserver://<end-point>:<port-no>;user={your_username_here};password={your_password_here};encrypt=true;trustServerCertificate=false;loginTimeout=30;Authentication=ActiveDirectoryPassword;
- This forces encryption and requires the server’s certificate to be validated, ensuring a secure connection.
- Encrypted connection with trusting server certificate:
jdbc:sqlserver://<end-point>:<port-no>;user={your_username_here};password={your_password_here};encrypt=true;trustServerCertificate=true;loginTimeout=30;Authentication=ActiveDirectoryPassword;
- This forces encryption but allows trusting the server’s certificate without validation. This should only be used in trusted environments.
- Force Encryption on Client Side (App Level):
You need to ensure that all clients connecting to the SQL Managed Instance use encrypted connections. If the JDBC connection string allows for encrypt=false, it will still work if the server does not reject non-encrypted connections. To enforce encrypted connections from the client side, you should always use encrypt=true in your connection strings and avoid using trustServerCertificate=true unless necessary. This forces SSL/TLS encryption for all client connections.
Note:
- azure SQL Managed Instance is SSL-enabled by default.
- You cannot directly configure Azure SQL Managed Instance to disable SSL encryption, as it enforces encryption for all incoming connections.
- Ensure your clients are configured to use encryption (
encrypt=true) in the JDBC connection string. - Check the encryption status using
sys.dm_exec_connectionsto verify that encryption is applied.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.