How to connect with Microsoft Entra ID authentication
Last modified: March 28, 2025
Microsoft Entra ID is a Microsoft solution with a single or multi-factor authentication that ensures more secure access to the database.
After Microsoft Entra authentication is set up for your Azure SQL instance, you can connect to the Azure database using SQL Server Management Studio (SSMS). From there, you can perform SQL operations using dbForge SQL Complete, an ultimate SSMS add-in.
Connect with Microsoft Entra ID authentication
To connect with Microsoft Entra ID authentication, you have the following authentication options available:
Connect to Azure SQL with Microsoft Entra Password
This method lets you authenticate using your Microsoft Entra (Azure AD) username and password.
1. Open SSMS.
2. On the toolbar of Object Explorer, select Connect > Database Engine.
3. On the Login tab of the Connect to Server dialog, specify the connection details:
- Server name: Specify a URL of the Azure SQL Server instance in the following format:
<server-name>.database.windows.net. - Authentication: Select Microsoft Entra Password.
- User name: Specify a Microsoft Entra ID username with Azure SQL database permissions in the following format:
username@domain.com. - Password: Specify the password associated with the specified Microsoft Entra ID username.
- Encryption: Select the encryption level for the connection. The default value is Mandatory.
- Trust server certificate: Select this option to skip the server certificate validation. By default, the option is deactivated (set to False), which ensures better security by using enforced trusted certificates.
- Host name in the certificate: Leave it blank to ensure the certificate matches the server name. Fill this field only when the server name differs from the Common Name or Subject Alternate Name, such as when using DNS aliases.
Note
You must specify a username from a Microsoft Entra ID account or a managed or federated domain linked to Microsoft Entra ID.
4. Select Connect to establish the connection.
When the connection is successful, the Connect to Server dialog is closed. The connection with databases appears in Object Explorer.
Connect to Azure SQL with Microsoft Entra Integrated
This method is used when your on-premises Windows domain is federated with Microsoft Entra ID, and you’re logged in to your machine with those credentials.
Note
The Microsoft Entra Integrated authentication works only if your local machine is connected to a domain federated with Microsoft Entra ID.
1. Open SSMS.
2. On the toolbar of Object Explorer, select Connect > Database Engine.
3. On the Login tab of the Connect to Server dialog, specify the connection details:
- Server name: Specify a URL of the Azure SQL Server instance in the following format:
<server-name>.database.windows.net. - Authentication: Select Microsoft Entra Integrated.
- User name: It is automatically pre-filled with your Windows credentials.
- Encryption: Select the encryption level for the connection. The default value is Mandatory.
- Trust server certificate: Select this option to skip the server certificate validation. By default, the option is deactivated (set to False), which ensures better security by using enforced trusted certificates.
- Host name in the certificate: Leave it blank to ensure the certificate matches the server name. Fill this field only when the server name differs from the Common Name or Subject Alternate Name, such as when using DNS aliases.
4. Select Connect to establish the connection.
When the connection is successful, the Connect to Server dialog is closed. The connection with databases appears in Object Explorer.
Connect to Azure SQL with Microsoft Entra MFA
This method allows you to use MFA for secure authentication.
1. Open SSMS.
2. On the toolbar of Object Explorer, select Connect > Database Engine.
3. On the Login tab of the Connect to Server dialog, specify the connection details:
- Server name: Specify a URL of the Azure SQL Server instance in the following format:
<server-name>.database.windows.net. - Authentication: Select Microsoft Entra MFA.
- User name: Specify a Microsoft Entra username with Azure SQL database permissions in the following format:
username@domain.com. -
Encryption: Select the encryption level for the connection. The default value is Mandatory.
Note
Users who connect to Azure SQL Database and Azure SQL Managed Instance must update existing connections in the most recently used list to use the Strict (SQL Server 2022 and Azure SQL) encryption level.
- Trust server certificate: Select this option to skip the server certificate validation. By default, the option is deactivated (set to False), which ensures better security by using enforced trusted certificates.
- Host name in the certificate: Leave it blank to ensure the certificate matches the server name. Fill this field only when the server name differs from the Common Name or Subject Alternate Name, such as when using DNS aliases.
4. Select Connect to establish the connection.
5. The Sign in to your account dialog opens, where you need to enter the username from the Microsoft account you provided in Step 2.
Note
No password is required if a user belongs to the domain connected to Microsoft Entra ID.
6. You’ll be prompted to authenticate using one of the methods configured based on the MFA administrator setting.
SSMS will connect to the Azure SQL database when verification is complete successfully. The Connect to Server dialog is closed, and the connection with databases appears in Object Explorer.
Encryption levels
The following table shows the encryption levels available for Microsoft Entra authentication.
| Encryption | Description | Default state |
|---|---|---|
| Optional | Encryption is used if the server supports it, but the connection can proceed even if encryption is not enforced. | No |
| Mandatory | Encryption is required, and the connection will fail if encryption is not supported or can’t be negotiated. | Yes |
| Strict (SQL Server 2022 and Azure SQL-specific) | Encryption is strictly enforced, and the client verifies the server’s TLS/SSL certificate. The connection will fail if the server certificate is invalid or cannot be verified by a trusted Certificate Authority (CA). Note that the Trust server certificate checkbox is unavailable. | No |
Worked example: Validate the connection to an Azure SQL database with Microsoft Entra MFA authentication
Let’s walk through how to connect to an Azure SQL database using Microsoft Entra MFA authentication and confirm the connection by executing a SELECT query with dbForge SQL Complete.
1. In the Connect to Server dialog, select the Microsoft Entra MFA authentication and specify all the connection details, including the Strict (SQL Server 2022 and Azure SQL-specific) encryption.
2. Select Connect to create the connection.
3. Next, sign in to the specified Microsoft account and confirm the verification.
In the case of successful verification, the new connection appears in Object Explorer.
4. On the toolbar, select New Query and start typing the SELECT query. As you can see, SQL Complete prompts a list of available JOIN statements while typing.
5. Insert the required statement and execute the query.
The result would be as follows:
'%3e%3cpath%20id='thumb_up_2'%20d='M15%2017H5.5V7L11.5%201L12.1667%201.45833C12.4028%201.625%2012.5833%201.83681%2012.7083%202.09375C12.8333%202.35069%2012.8681%202.61806%2012.8125%202.89583L12.7917%203L12%207H17.5C17.9167%207%2018.2708%207.14583%2018.5625%207.4375C18.8542%207.72917%2019%208.08333%2019%208.5V9.6875C19%209.79861%2018.9896%209.89931%2018.9688%209.98958C18.9479%2010.0799%2018.9167%2010.1736%2018.875%2010.2708L16.3944%2016.0875C16.2703%2016.3625%2016.0833%2016.5833%2015.8333%2016.75C15.5833%2016.9167%2015.3056%2017%2015%2017ZM7%2015.5H15L17.5%209.6875V8.5H10.1667L11.1875%203.4375L7%207.625V15.5ZM5.5%207V8.5H2.5V15.5H5.5V17H1V7H5.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Yes'%3e%3cpath%20id='thumb_down_2'%20d='M5%203H14.5V13L8.5%2019L7.83333%2018.5417C7.59722%2018.375%207.41667%2018.1632%207.29167%2017.9062C7.16667%2017.6493%207.13194%2017.3819%207.1875%2017.1042L7.20833%2017L8%2013H2.5C2.08333%2013%201.72917%2012.8542%201.4375%2012.5625C1.14583%2012.2708%201%2011.9167%201%2011.5V10.3125C1%2010.2014%201.01042%2010.1007%201.03125%2010.0104C1.05208%209.92014%201.08333%209.82639%201.125%209.72917L3.60417%203.91667C3.71528%203.63889%203.89931%203.41667%204.15625%203.25C4.41319%203.08333%204.69444%203%205%203ZM13%204.5H5L2.5%2010.3125V11.5H9.83333L8.8125%2016.5625L13%2012.375V4.5ZM14.5%2013V11.5H17.5V4.5H14.5V3H19V13H14.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
NoWant to find out more?
'%3e%3cpath%20id='Vector'%20d='M4%204V24H24V4H4ZM22%2022H6V9H22V22ZM19%2019H9V18H19V19ZM19%2016H9V15H19V16ZM19%2013H9V12H19V13ZM21%202H2V21H0V0H21V2Z'%20fill='%230071CE'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_676_40052'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- How to connect with Microsoft Entra ID authentication
- Connect with Microsoft Entra ID authentication
- Connect to Azure SQL with Microsoft Entra Password
- Connect to Azure SQL with Microsoft Entra Integrated
- Connect to Azure SQL with Microsoft Entra MFA
- Worked example: Validate the connection to an Azure SQL database with Microsoft Entra MFA authentication
