Security limitations for SQL Server on Linux

Applies to: SQL Server - Linux

SQL Server on Linux currently has the following limitations:

  • A standard password policy is provided. MUST_CHANGE is the only option you may configure. The CHECK_POLICY option isn't supported.
  • Extensible Key Management isn't supported.
  • SQL Server authentication mode can't be disabled.
  • Password expiration is hard-coded to 90 days if you use SQL Server authentication.
  • Using keys stored in the Azure Key Vault isn't supported.
  • SQL Server generates its own self-signed certificate for encrypting connections. SQL Server can be configured to use a user provided certificate for TLS.


If you don't plan to connect your SQL Server containers to Windows Active Directory, the password expiration is hard-coded to 90 days, if you use SQL Server authentication only. To work around this issue, consider changing the CHECK_EXPIRATION policy.

For more information about security features available in SQL Server, see the Security Center for SQL Server Database Engine and Azure SQL Database.