Azure AD authentication extensions for Azure SQL DB and SQL DW tools

Posted on August 8, 2017

Senior Program Manager, SQL Server Security

With the latest SQL server tools release we extended the Azure AD authentication support for SQL DB and DW tools for token-based authentication (Universal authentication) with MFA support.

The following SQL Server tools have been extended adding new functionality:

  • SSMS 17.2 supports the following functionalities:
    • Multiple-user Azure AD authentication for Universal authentication with multi-factor support (authentication option: Active Directory - Universal with MFA). A new user credential input field was added for the Universal authentication with MFA method to support multi-user authentication. See below myaccount@gmail.com as user name.          

ScreenShot1

    • Azure AD MFA Conditional Access (CA) is available for SQL DB and DW.
    • Database export/import for DacFx wizard using Universal authentication with MFA.
    • ADAL managed library used by Universal authentication with MFA was upgraded to 3.13.9 version.
    • Object Explorer support for Universal authentication with MFA.

 

  • SSMS 17.0 release supports “Azure AD domain name or tenant ID” in Connection Properties, an entry required for Azure AD guest users including Microsoft accounts such as hotmail.com, outlook.com, and live.com, as well as non-Microsoft accounts such as gmail.com. See below aadtest.onmicrosoft.com as AD domain name.

ScreenShot2

  • The latest SQLPackage.exe supports Universal authentication with MFA.
  • API for DacFx supports Universal authentication with MFA.

In addition, a separate release of a new CLI interface for SQL DB/DW supports setup operations for Azure AD SQL administrator.

For more information about Azure AD authentication extensions please review the following documents:

For further communication on this topic please contact the SQLAADAuth@microsoft.com alias.