Forum Discussion

ganriver's avatar
ganriver
Copper Contributor
Mar 29, 2021

Active Directory admin

Hi Friends,   Risk assessment recommend to provision a 'Active Directory admin' for database, looked around, not exactly sure what is this for? and who should be better for this?   Can someone ex...
hspinto's avatar
hspinto
Icon for Microsoft rankMicrosoft
Mar 30, 2021

ganriver 

 

when using SQL Server-based users for managing your Azure SQL databases, you have additional identities/passwords to manage and you cannot leverage identity security features such as MFA. Your SQL Server-based database admin is, let's say, less secure.

 

If you enable Azure AD-based authentication in your SQL database and make one or (preferably) more Azure AD users (the ones that log in to the Azure Portal) as database admins, you will be able to enforce MFA on those users and leverage other identity security features provided by Azure AD. See more details here.

ganriver's avatar
ganriver
Copper Contributor
Mar 30, 2021

hspinto 

 

That make sense now, and who should be better fit for the role the admin? Owner of the Azure subscription? 

Resources