Azure PaaS SQL ACL Question

Question

Apologies for the basic question in advance as I'm not a SQL expert by any means.

We ran an output of our SQL instance on Azure and saw this:
id name start_ip_address end_ip_address create_date modify_date
230 AllowAllWindowsAzureIps 0.0.0.0 0.0.0.0 3/16/2020 3/16/2020

A few things about this:

• 0.0.0.0 typically denotes "everything" but the name is "allowallwindowsazureIPs". How does it differentiate between internal Azure IPs if the ACL is for 0.0.0.0?
• not to say that I would do this but how would someone open up the SQL server to the world? 0.0.0.0?
• if "allowallwindowsazureIPs" allows for all connections within Azure and even includes connections from the subscriptions of other customers (as stated here: https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql) then does that mean that Azure VMs can reach this SQL server w/o restriction?

Thank you!

Answer 1

You are correct. This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. If you enable "Allow Azure Services and resources to access this server", make sure that your login and user permissions limit access to authorized users only.

However, you can secure your Azure SQL Databases using private endpoints, and here you will find a tutorial. Once you have set up your private endpoint to access the Azure SQL Database, you can configure Azure services like Azure Data Factory to use that secure channel to communicate with your Azure SQL databases.