Authenticating Microsoft Entra ID using windows principal metadata - Public Preview
Published Jul 03 2024 10:39 AM 2,116 Views

Today we’re announcing the public preview for Native Windows Principals for SQL Managed Instance. This capability simplifies the migration to SQL Managed Instance and unblock the migration of legacy applications that are tied to windows logins.


This feature plays a vital role for SQL Managed Instance link. Managed Instance link enables near real-time data replication between SQL Server and SQL Managed Instance, the read-only replica in the cloud prevents creation of Microsoft Entra principals. The Windows authentication metadata mode allows customers to use an existing Windows login to authenticate to the replica if a failover happens.


with this feature, the following Authentication metadata modes are available for SQL Managed Instance, and the different modes determine which authentication metadata is used for authentication, along with how the login is created:

  • Microsoft Entra (Default): This mode allows authenticating Microsoft Entra users using Microsoft Entra user metadata. In order to use Windows authentication in this mode, see Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance.
  • Paired (SQL Server default): The default mode for SQL Server authentication.
  • Windows (New Mode:( This mode allows authenticating Microsoft Entra users using the Windows user metadata within SQL Managed Instance.

The Windows authentication metadata mode is a new mode that allows users to use Windows authentication or Microsoft Entra authentication (using a Windows principal metadata) with Azure SQL Managed Instance. This mode is available for SQL Managed Instance only. The Windows authentication metadata mode isn't available for Azure SQL Database


To learn more, please refer to the documentation 


1 Comment
Version history
Last update:
‎Jul 03 2024 10:39 AM
Updated by: