4.3.1. Microsoft Entra Database Authentication

💡 First Principle: Microsoft Entra authentication provides centralized identity management for databases. It eliminates the need for database-specific credentials and enables features like MFA and Conditional Access.

Scenario: Your organization requires all database access to use corporate credentials with MFA enforcement.

Enabling Entra Authentication for Azure SQL

1. Set Microsoft Entra admin for the SQL server
2. Create contained database users mapped to Entra identities
3. Applications connect using Entra tokens instead of SQL credentials

-- Create contained user from Entra ID
CREATE USER [user@contoso.com] FROM EXTERNAL PROVIDER;
-- Grant permissions
ALTER ROLE db_datareader ADD MEMBER [user@contoso.com];