Activity overview
Latest activity by hcuk94
hi @Alex B Thanks for your help earlier in the year. We've updated to the versions which now include AAD Password and Integrated authentication methods, but this still doesn't allow for Service Principal auth to be used. In the ODBC driver this is achieved using the Authentication=ActiveDirectoryServicePrincipal type as referenced here: https://learn.microsoft.com/en-us/sql/connect/odbc/using-azure-active-directory?view=sql-server-ver16 I also note that RedGate has implemented Service Principal auth in Flyway through the JDBC driver (https://documentation.red-gate.com/fd/sql-server-184127608.html) - it would be great if the same could be done for SQL Monitor. To expand on the Service Principal authentication, this is Microsoft's advised way to create a service account for situations such as this. Their docs explain more here: https://learn.microsoft.com/en-us/azure/active-directory/architecture/govern-service-accounts The key paragraph: "We do not recommend user accounts as service accounts because they are less secure. This includes on-premises service accounts synced to Microsoft Entra ID, because they aren't converted to service principals. Instead, we recommend managed identities, or service principals, and the use of Conditional Access." If Redgate could consider SP auth as a future enhancement that would be great. If the Microsoft drivers are used then it should be an easy implementation. Thanks! Henry / comments
hi @Alex B Thanks for your help earlier in the year. We've updated to the versions which now include AAD Password and Integrated authentication methods, but this still doesn't allow for Service Pri...
Thanks @Alex B - frustrating as this goes against Microsoft's security best practices and will require us to weaken our Azure SQL security posture in order to monitor the server. We don't currently have a server admin account since the server is AAD auth only. I will need to reconfigure it and create an admin account. In the meantime I will upvote the uservoice suggestion - thanks! / comments
Thanks @Alex B - frustrating as this goes against Microsoft's security best practices and will require us to weaken our Azure SQL security posture in order to monitor the server.We don't currently ...
Monitor Azure SQL Database using Service Principal
Looking to monitor a PaaS SQL Azure Server/Database, but the only option for authenticating looks to be SQL Authentication, is that right.We have this off currently in line with MS Recommendations,...