Azure SQL Managed Instance announces limited public preview for Windows Authentication protocol for Azure Active Directory users, and support for Managed Identity credential across Managed Instance surface area.
You can disable password-based access (SQL Authentication) to your Managed Instance even today by using the Azure AD-only authentication setting. But what if you have an app that doesn’t support Azure AD authentication, or what if you are still using Windows Authentication? For you, we bring Windows Authentication to Azure AD.
Windows Authentication protocol for Azure AD users
Windows Authentication is an additional Single-Sign-On authentication option for Azure AD users that supports Azure AD authentication with the Kerberos protocol. From a compatibility perspective it enables legacy apps or just apps that do not yet support Azure AD authentication to connect to Managed Instance. In that regard, your existing portfolio of applications, no matter how old, will no longer represent a barrier for identity management and security modernization in Azure.
Once you create a server or database level credential with Managed Identity, you will be able to use this credential to authenticate to an Azure Storage account while doing backup / restore, bulk loading of data, and creating a server audit.
CREATE CREDENTIAL [https://mitutorials.blob.core.windows.net/backups]
WITH IDENTITY = 'Managed Identity'
RESTORE FILELISTONLY FROM URL =
If the linked server is a Managed Instance in the same Server Trust Group, then you could configure this linked server in such a way that the authentication context flows from the primary instance to the linked instance.