Entra Authentication in Arc enabled SQL Server 2025 - Windows
This blog will discuss the newly added, “Primary managed identity” in Arc enabled SQL Server 2025 by Microsoft Entra, which enables credential free authentication for both inbound & outbound communications. The Primary Managed Identity pertains to the identity of the Arc machine, which is registered by the Arc machine agent with Microsoft Entra. SQL Server can utilize this identity to authenticate with other Azure services. Associate a “Primary managed identity” to the SQL Server: Arc enabled windows machine, have a managed identity created for them. SQL Server 2025 can now use that identity to establish a trust relationship with Microsoft Entra. You can attach this identity to SQL Server by opting for it from the Azure portal. To activate the primary managed identity from Azure, as a pre-requisite, you need the latest Azure extension for SQL Server release. Note: We keep improving the Azure portal user experience and you might see slight differences depending on when you are reading this blog post. A primary managed identity is necessary for both outbound and inbound communication. Alternatively, you can just Arc enable the host machine and use the manual set up for the managed identity feature. This eliminates the need for the Azure extension for SQL Server, which you must uninstall. With this approach you will not be able to use the Azure portal for Microsoft Entra features. Outbound Communication: You can now use this Primary managed identity to connect the SQL Server 2025 to Azure resources like Azure Storage and Azure Key vault. Follow this to set up the backup to an Azure storage URL, and EKM with Azure key vault. Inbound Communication: You can also use the primary managed identity to create Entra based users and logins to connect to SQL Server 2025. For this you will need to grant these graph API permissions. User.Read.All, GroupMember.Read.All, and Application.Read.All Read more here for the details and limitations on this managed identity setup. For Arc-enabled SQL Server 2025, we recommend using managed identity as it is more secure than the credential-based setup from SQL Server 2022. Although you can still register your SQL Server 2025 with Microsoft Entra for inbound communication only, the Azure portal for SQL 2025 will no longer support the App-registration method. Next steps: To proceed, please obtain your SQL Server 2025 from here to explore all the SQL Server 2025 features available in the public preview version. If you are using an antivirus software, please refer to these instructions.SQL Server enabled by Azure Arc, now assists in selecting the best Azure SQL target
To make the SQL Server migration journey more efficient, the SQL Server enabled by Azure Arc can now help our customers assess the readiness of their SQL Server workloads for Azure SQL migration and assist them in choosing the most suitable Azure SQL configuration.
Arc enabled Azure migration & modernization journey
This blog explains how SQL Servers connected to Azure Arc can make the migration and modernization process to Azure SQL easier and faster. SQL Server enabled by Azure Arc allows SQL Server instances hosted outside of Azure to access Azure services. This results in operational efficiencies and cost reductions. Moreover, it also offers a simple migration path to Azure with minimal or no downtime.
The Bridge - How Azure Arc brings cloud innovation to SQL Server anywhere
The ability to effectively manage data is more critical than ever and increasingly complex — with organizations hosting data on-premises, at the edge, and across multiple clouds. With the increasing need for businesses to maximize existing resources, one thing is clear: Today’s organizations need a bridge to bring cloud innovation to data estate across all environments – a consistent and efficient experience for managing, governing and security data. That bridge is Microsoft’s Azure Arc.
