How to allow remote connections to SQL server on an Azure VM through an Azure VPN

Question

How to allow remote connections to SQL server on an Azure VM through an Azure VPN

Kyle Sicard 20

I have a Virtual machine on my azure network that is accessed by an Azure VPN via a virtual network gateway. I need to allow a user to connect to SQL server on that VM. I dont want to open 1433 and 1434 to the whole internet and the user does not have a static public IP address.

how can I allow only Azure VPN users to remotely connect to the SQL server?

Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T05:20:45.0666667+00:00

Hello Kyle Sicard

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Kyle Sicard 20 Reputation points

2025-07-24T16:07:23.2266667+00:00

The above worked nicely. However, I am unable to use my windows authentication to establish a connection remotely. SQL server auth works without issue. Any tips on getting windows auth to work for this remote sql connection?
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T16:50:13.0766667+00:00

Hello Kyle Sicard

Please be informed that Azure SQL server doesn't support Windows authentication. It will work for SQL managed instance.
Kyle Sicard 20 Reputation points

2025-07-24T18:47:47.4433333+00:00

Does the Microsoft Entra ID options work via remote connections?
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T19:05:30.6466667+00:00
Hello Kyle Sicard

Yes, Microsoft Entra ID supports azure sql server to connect.

But it depends on how you configured the server. If you have selected both SQL and Microsoft Entra authentication, then it will work as shown below,

If you select only sql authentication, then you can to set your current Azure AD user as the Azure SQL Admin for your database. Follow the steps below:

Navigate to Your Azure SQL Server:

Log in to the Azure Portal.

Search for and select your Azure SQL Server.

Set Azure AD Admin:

In the left-hand menu, under Settings, click on Microsoft Entra ID.

Select Support Only Microsoft Entra authentication for this server to ensures no one can access the database server using SQL login credentials.

Click on Set admin.
- In the Add admin pane, search for your user account. - Select your account and click **Select**. - This will set your user as a database admin and allow it to login using Microsoft Entra authentication. - Click on **Save**.

Note: Make sure you uncheck that box, as this will disable the SQL authentication.

Reference document: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql

https://techcommunity.microsoft.com/blog/fasttrackforazureblog/connecting-to-azure-sql-database-using-sqlalchemy-and-microsoft-entra-authentica/4259772
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-25T04:47:33.7+00:00

Hello Kyle Sicard

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 answer

Your answer

Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T05:20:45.0666667+00:00

Hello Kyle Sicard

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Kyle Sicard 20 Reputation points

2025-07-24T16:07:23.2266667+00:00

The above worked nicely. However, I am unable to use my windows authentication to establish a connection remotely. SQL server auth works without issue. Any tips on getting windows auth to work for this remote sql connection?
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T16:50:13.0766667+00:00

Hello Kyle Sicard

Please be informed that Azure SQL server doesn't support Windows authentication. It will work for SQL managed instance.
Kyle Sicard 20 Reputation points

2025-07-24T18:47:47.4433333+00:00

Does the Microsoft Entra ID options work via remote connections?
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-24T19:05:30.6466667+00:00

Hello Kyle Sicard

Yes, Microsoft Entra ID supports azure sql server to connect.

But it depends on how you configured the server. If you have selected both SQL and Microsoft Entra authentication, then it will work as shown below,

If you select only sql authentication, then you can to set your current Azure AD user as the Azure SQL Admin for your database. Follow the steps below:

Navigate to Your Azure SQL Server:

Log in to the Azure Portal.

Search for and select your Azure SQL Server.

Set Azure AD Admin:

In the left-hand menu, under Settings, click on Microsoft Entra ID.

Select Support Only Microsoft Entra authentication for this server to ensures no one can access the database server using SQL login credentials.

Click on Set admin.
- In the Add admin pane, search for your user account. - Select your account and click **Select**. - This will set your user as a database admin and allow it to login using Microsoft Entra authentication. - Click on **Save**.

Note: Make sure you uncheck that box, as this will disable the SQL authentication.

Reference document: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql

https://techcommunity.microsoft.com/blog/fasttrackforazureblog/connecting-to-azure-sql-database-using-sqlalchemy-and-microsoft-entra-authentica/4259772
Saraswathi Devadula 11,325 Reputation points Microsoft External Staff Moderator

2025-07-25T04:47:33.7+00:00

Hello Kyle Sicard

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Hello Kyle Sicard
By configuring the NSG to allow traffic on port 1433 only from the Azure VPN subnet, you can securely allow users to connect to the SQL Server without exposing it to the public internet. This setup ensures that only authenticated VPN users can access the SQL Server, maintaining security while providing necessary access.
Reference document: https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal

When users connect to the Azure VPN via the Point-to-Site (P2S) configuration, they are assigned IPs from a VPN address pool (usually something like 172.16.0.0/24).

You can find or configure this in:

Azure Portal → Virtual Network Gateway → Point-to-site configuration → Address pool

Reference document: https://techcommunity.microsoft.com/blog/itopstalkblog/step-by-step-creating-an-azure-point-to-site-vpn/326264

**Authentications:

**Please be informed that Azure SQL server doesn't support Windows authentication. It will work for SQL managed instance.

Microsoft Entra ID supports azure sql server to connect.

But it depends on how you configured the server. If you have selected both SQL and Microsoft Entra authentication, then it will work as shown below, User's image

If you select only sql authentication, then you can to set your current Azure AD user as the Azure SQL Admin for your database. Follow the steps below:

Navigate to Your Azure SQL Server:

Log in to the Azure Portal.

Search for and select your Azure SQL Server.

Set Azure AD Admin:
- In the left-hand menu, under Settings, click on Microsoft Entra ID.
- Select Support Only Microsoft Entra authentication for this server to ensures no one can access the database server using SQL login credentials.
  - Click on Set admin.Copy
```
          - In the Add admin pane, search for your user account.
```
- Select your account and click Select.
```
- This will set your user as a database admin and allow it to login using Microsoft Entra authentication.

   - Click on **Save**.
```
```
          
```

User's image

Note: Make sure you uncheck that box, as this will disable the SQL authentication.

Reference document: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql

https://techcommunity.microsoft.com/blog/fasttrackforazureblog/connecting-to-azure-sql-database-using-sqlalchemy-and-microsoft-entra-authentica/4259772

Share via

How to allow remote connections to SQL server on an Azure VM through an Azure VPN

1 answer

Your answer