Azure Active Directory Authentication for SQL Database V12

Play Azure Active Directory Authentication for SQL Database V12

Description

In this episode of Data Exposed I sit down with Mirek Sztajno, a Senior Program Manager on the SQL Security team to discuss identify authentication around the exciting news of Azure Active Directory support for  Azure SQL Database V12. Currently in public preview, this exciting new functionality allows you to connect to Azure SQL Database by using Azure Active Directory authentication, enabling SQL authentication to user and group identities managed by Azure Active Directory. Mirek explains that this feature currently supports the following authentication methods:  user/password, integrated Windows authentication and coming soon token based  authentication.
 
Mirek wraps up this fantastic episode by giving a great demo of this feature, showing us how to enable and use AAD authentication for Azure SQL DB.
 
For more information  see  Azure AD authentication and SQL Security team blog

Embed

Download

Download this episode

The Discussion

  • User profile image
    lsjames

    This is a great feature!  However, it misses a class of scenarios that prevent my organization from using it.

     

    We are a relatively new company, so our identity exists only in AAD -- we don't even have an on-prem AD.  Since Windows 10 came out, everyone's PCs are joined to AAD, and everyone authenticates to their computers using their OrgIds within AAD.  Unfortunately the new AAD integrated security doesn't include this.

     

    On the password side, all developers/QA/support who have access to any Azure resources have mandatory 2-factor authentication.  The nature of SSMS doesn't really support this either.  I suppose people could generate app passwords, but they're pretty cumbersome to use; while they do offer central account administration, they are no better than SQL logins from a usability perspective.

     

    I would love to see support added for one or both of the above; either would enable a lot of additional use cases!  Regardless, I love the direction this is moving.  Good stuff.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.