You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Azure SQL Managed Instance](sql-managed-instance-paas-overview.md) is the intelligent, scalable cloud database service that combines the broadest SQL Server database engine compatibility with the benefits of a fully managed and evergreen platform as a service. Kerberos authentication for Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)) enables Windows Authentication access to Azure SQL Managed Instance. Windows Authentication for managed instances empowers customers to move existing services to the cloud while maintaining a seamless user experience and provides the basis for infrastructure modernization.
18
19
@@ -24,7 +25,7 @@ As customers modernize their infrastructure, application, and data tiers, they a
However, some legacy apps can't change their authentication to Microsoft Entra ID: legacy application code may longer be available, there may be a dependency on legacy drivers, clients may not be able to be changed, and so on. Windows Authentication for Microsoft Entra principals removes this migration blocker and provides support for a broader range of customer applications.
28
+
However, some legacy apps can't change their authentication to Microsoft Entra ID: legacy application code might no longer be available, there could be a dependency on legacy drivers, clients might not be able to be changed, and so on. Windows Authentication for Microsoft Entra principals removes this migration blocker and provides support for a broader range of customer applications.
28
29
29
30
Windows Authentication for Microsoft Entra principals on managed instances is available for devices or virtual machines (VMs) joined to Active Directory, Microsoft Entra ID, or hybrid Microsoft Entra ID - a hybrid Microsoft Entra user identity exists both in Microsoft Entra ID and Active Directory and can access a managed instance in Azure using Microsoft Entra Kerberos.
30
31
@@ -38,7 +39,6 @@ By enabling Windows Authentication for Microsoft Entra principals, customers can
38
39
39
40
Windows Authentication for Microsoft Entra principals also enables the following patterns on managed instances. These patterns are frequently used in traditional on-premises SQL Servers:
40
41
41
-
42
42
-**"Double hop" authentication**: Web applications use IIS identity impersonation to run queries against an instance in the security context of the end user.
43
43
-**Traces using extended events and SQL Server Profiler** can be launched using Windows authentication, providing ease of use for database administrators and developers accustomed to this workflow. Learn how to [run a trace against Azure SQL Managed Instance using Windows Authentication for Microsoft Entra principals](winauth-azuread-run-trace-managed-instance.md).
44
44
@@ -48,9 +48,7 @@ Enabling Windows Authentication for Microsoft Entra principals on Azure SQL Mana
48
48
49
49
For example, a customer can enable a mobile analyst, using proven tools that rely on Windows Authentication, to authenticate to a managed instance using biometric credentials. This can be accomplished even if the mobile analyst works from a laptop that is joined to Microsoft Entra ID.
50
50
51
-
## Next steps
52
-
53
-
Learn more about implementing Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance:
51
+
## Related content
54
52
55
53
-[How Windows Authentication for Azure SQL Managed Instance is implemented with Microsoft Entra ID and Kerberos](winauth-implementation-aad-kerberos.md)
56
54
-[How to set up Windows Authentication for Azure SQL Managed Instance using Microsoft Entra ID and Kerberos](winauth-azuread-setup.md)
0 commit comments