How Windows Authentication for Azure SQL Managed Instance is implemented with Microsoft Entra ID and Kerberos
Windows Authentication for Azure SQL Managed Instance principals in Microsoft Entra ID (formerly Azure Active Directory) enables customers to move existing services to the cloud while maintaining a seamless user experience and provides the basis for security infrastructure modernization. To enable Windows Authentication for Microsoft Entra principals, you will turn your Microsoft Entra tenant into an independent Kerberos realm and create an incoming trust in the customer domain.
This configuration allows users in the customer domain to access resources in your Microsoft Entra tenant. It will not allow users in the Microsoft Entra tenant to access resources in the customer domain.
The following diagram gives an overview of how Windows Authentication is implemented for a managed instance using Microsoft Entra ID and Kerberos:
- [Troubleshoot Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance](winauth-azuread-troubleshoot.md)