Use of Azure AD credential SQL VM - sql-server

I have SQL Server 2019 running on an Azure VM (Windows Server 2019). The client wants to use Azure AD groups and users to provide access to the database, but does not have AD DS installed on a VM.
Is it possible to run the
CREATE USER [MySqlUser] FROM EXTERNAL PROVIDER
on a SQL Server running on an Azure VM to add users from the AD tenant?
Can it be joined to an Azure AD without running AD DS so I can run the command above?

I found a the answer of Microsoft MSFT that may be helpful for you:
Please find the explanation of different scenarios as following.
You can connect your on-premise environment using site-to-site VPN to
Azure VNET which the SQL azure VM is part of .
Alternatively you do not have an on-premise environment at all and
are a cloud only company who have created a standalone SQL server on
Azure VM , then you cannot directly join the machine to Azure AD
instance and hence you can not have Azure AD users logging in to the
SQL VM using their Userprinciplename (the logon id for a azure ad
user.) . However if you enable Azure AD domain services for your
azure AD tenant, you can then connect the Azure VM to the same subnet
as Azure AD domain services and then join it to the Azure AD domain
services instance. Your users in azure AD will be synced to your
azure AD domain services instance and the same user account can be
used to logon to the Azure VM.
For more details, please ref: https://social.msdn.microsoft.com/Forums/en-US/cee70d52-bd57-472d-b97e-6fd71f76dfbb/how-to-join-azure-vm-to-azure-ad

Related

Ad connect - what data from Teams will be missing

My organisation use Active Directory on-premise (windows server 2012). We also use Office 365 E1.
Logins are different. We add accounts independly.
Now we are however are thinking about using Ad Connect, but we have some concerns.
Will we lose any data on Teams after integration?
Will our users be able to access data previously attached to theirs Azure Active Directory account?
How can we match AAD users with on-premise AD. It uses aliases?
Following MS documents should give a head start for your requirement.
How objects and credentials are synchronized in an Azure Active Directory Domain Services managed domain
Integrate on-premises AD with Azure
Integrate on-premises AD domains with Azure AD
Azure AD Connect: When you have an existing tenant
Microsoft 365 integration with on-premises environments

Azure app service Web API connect to a SQL Server database, with Azure AD account/windows authentication

Currently I have everything on premise - .NET Core 3.0 API and SQL Server database.
Azure AD/Service account are configured in IIS and database has given access to the service account.
All requests use that Azure AD service account.
Now we are planning for an Azure migration. API is published in App Services.
Now I want to use the same Azure AD account to connect to an Azure SQL Server database.
How should I do that?
Don't send me Microsoft links, those are having toooo much info.
Tell what and how to do configuration in Azure SQL and App Services.
Any help is appreciated.
Now I want to use the same AD account to connect to an Azure SQL Server database.
AD accounts can't connect to Azure SQL Database. Only SQL and Azure Active Directory (AAD) Logins/Users.
There are some options, but there's a clear best-practice: Provision a Managed Service Identity (MSI) for your Azure App Service Application and use that to connect to SQL Server.
Here is a simple tutorial for how you should integrate App Service and Azure SQL Database:
Tutorial: Secure Azure SQL Database connection from App Service using a managed identity

Is it possible to authenticate for access to SSAS (on-premise) using Azure Active Directory credentials

I have an on-premises 2019 (15) instance of SSAS in tabular mode. I also have an Azure Active Directory with multiple users.
When connecting to the SSAS instance through SSMS there are 3 available authentication methods:
Windows.
Active Directory - with password
Active Directory - universal with MFA
I am returned the following message when trying to authenticate with 2 or 3:
Cannot connect to xxxxx\xxxxxx. The integrated security 'ClaimsToken'
is not supported for native connections.
(Microsoft.AnalysisServices.AdomdClient)
How do I make it possible for AAD users to authenticate for access to on-prem use of SSAS?
The modes you are looking at are available for Azure Sql Databases that have been protected with an Azure AD tenant.
On-prem SQL Server and its add-ons do not support authenticating with Azure AD.

SQL Server on Azure VM: How can my application connect?

I have an application written in VB, which used to connect with a Microsoft SQL Server, which is placed on a VM in the domain, using Windows Authentication(Local Domain).
But, I have moved my DB to a SQL Server which is placed on an Azure VM.
My problem is that i don't know how i can use Windows Authentication(or somehow to "ask" the Active Directory about the user who tries to connect).
I have seen the modes of SQL Server:
Active Directory - Password
Active Directory - Integrated
but i can't understand how i can use them. Should i have to do trust relation between 2 domain(Local, Azure)?
Can someone help?
I have moved my DB to a SQL Server which is placed on an Azure VM.
SQL on an Azure VM is the same product you might run on-premises, and supports SQL Auth and Windows Integrated Auth. The Azure Active Directory authentication methods supported by Azure SQL Database and Azure SQL Data Warehouse are not applicable to SQL Server running in an Azure VM. See:
Azure Active Directory authentication is a mechanism of connecting to
Azure SQL Database and SQL Data Warehouse by using identities in Azure
Active Directory (Azure AD).
See Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse
For SQL Server running in an Azure VM you use either SQL Authentication or Windows Authenticationl, as outlined here Authentication in SQL Server
You can use Windows Auth in your VM with either local accounts (created on the VM), or you can deploy a Domain Controller on a separate VM into your VMs VNET and use identities from the Domain. The Domain Controller you deploy into your Azure VNET can be an isolated Domain, or it can be a replica for your on-premises domain. If you want to deploy a replica of your on-premises domain into an Azure VNET you also will need to use a site-to-site VPN or ExpressRoute, as explained here Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines

Is it possible to integrate B2C AD with Azure SQL server

Is it possible to integrate Azure B2C with Azure SQL server for Authentication and Authorizations? Does Azure SQL server also supports B2C or the AD support is for ON-PREMISE supported AD only?
Absolutely, you can use Azure Active Directory Authentication for authentication with your Azure SQL Database , Not Azure AD B2C.
Azure AD B2C is a cloud identity management solution for your web and mobile applications. So, it doesn't support Azure SQL database.
Additional,If you want to use Azure AD or authentication with your Azure SQL Database, you can refer to this document.

Resources