Facing an issue with enabling managed identity between a virtual machine (VM) and a Platform as a Service (PAAS) SQL server

Question

I am facing an issue with enabling managed identity between a virtual machine (VM) and a Platform as a Service (PAAS) SQL server to authenticate to a SQL database without using a username and password. The troubleshooting steps taken so far include checking if the VM has system assigned identity enabled and if the identity was added to the Azure SQL database as an external provider with db_owner privileges. The customer also tried to login using Entra MFA authentication, but it was not working. The support team suggested checking if the application supports managed identity authentication and if the VM can access Entra.

PS - Based on common issues that we have seen from customers and other sources, we are posting these questions to help the Azure community.

Answer 1

Greetings!

The solution involves ensuring that the VM is AAD joined. This can be either directly AAD joined or Hybrid AAD joined, depending on your organization's infrastructure. Once the VM is AAD joined, it should be able to use Managed Identity for authentication with Azure SQL Database. Additionally, verify that the application supports Managed Identity authentication and that the VM has access to necessary URLs for Entra MFA authentication

 

Reference Links What is a Microsoft Entra hybrid joined device? - Microsoft Entra ID | Microsoft Learn

https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal

 https://techcommunity.microsoft.com/t5/azure-database-support-blog/using-managed-service-identity-msi-to-authenticate-on-azure-sql/ba-p/1288248

Regards

Geetha