Tools for Azure SQL DB and SQL DW that extend Azure AD authentication

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.

With the most recent release of the SQL server tools, we added support for token-based authentication (Universal authentication) with MFA for SQL DB and DW tools.

The subsequent SQL Server tools have been improved by introducing new features:

In SSMS 17.2, the following features are supported:

  • Multiple-user Azure AD authentication for support of multiple authentication factors (authentication option: Active Directory – Universal with MFA). For the Universal authentication with the MFA approach, a new user credential input field was introduced to facilitate multi-user authentication. My Account @ Gmail is the user name, as shown below

  • SQL DB and DW support Azure AD MFA Conditional Access (CA).
  • Using MFA and universal authentication, the DacFx wizard exports and imports databases.
  • The version of the ADAL-managed library used by Universal authentication with MFA has been updated to 3.13.9.
  • Support for MFA and Universal Authentication in Object Explorer.
  • For Azure AD guest users, which include Microsoft accounts like hotmail.com, outlook.com, and live.com as well as non-Microsoft accounts like gmail.com, SSMS 17.0 release supports “Azure domain name or tenancy ID” in Connection Properties. AAD domain name is listed below as aadtest.onmicrosoft.com.
  • Updated SQLPackage.exe supports MFA and universal authentication.
  • Universal authentication with MFA is supported by the DacFx API.

Additionally, a new CLI interface for SQL DB/DW that was released separately now allows setup procedures for Azure AD SQL administrators.