SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 24%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Thanks for sharing the details, this is a good setup, and you’re quite close. The issue you’re running into is actually a common one in cross-tenant scenarios.
Even though Cross-Tenant Access and B2B collaboration are configured correctly, SQL Server access depends on how authentication is handled at the database level. The handshake error you’re seeing is usually related to authentication not being fully aligned rather than the tenant trust itself.
In this case, please make sure that the external user from tenant A is not just invited into tenant B, but also created inside the SQL database. Azure SQL doesn’t automatically grant access to B2B users, so you’ll need to create a contained database user mapped to that external identity. For example, you can connect as an admin in tenant B and run:
CREATE USER [******@tenantA.com] FROM EXTERNAL PROVIDER;
Another important point is the authentication method. Cross-tenant access will not work with SQL authentication, so the connection must use Azure AD authentication such as Active Directory Interactive or Password. It’s also worth checking that the client or tool you’re using is authenticating against the correct tenant (tenant B), as sometimes the login flow still points to the home tenant and results in a handshake failure.
Additionally, please confirm that an Azure AD admin is configured on the SQL Server in tenant B. Without this, Azure AD-based logins (including external users) won’t be authorized correctly.
If everything above looks good, I would also suggest reviewing Conditional Access policies to ensure that external users are not being blocked, and verifying that firewall or networking settings are not restricting access.
Overall, Cross-Tenant Access enables identity trust, but SQL still requires explicit user creation and proper Azure AD authentication configuration. The handshake error is typically a sign that one of these pieces is missing or mismatched.
If you’re able to share the exact error message, I’d be happy to help you narrow it down further.
Hope this helps!