AvePoint Learn
Request article
Contact support
Request article
Contact support
English

    Home > Get Started > Enable Backup for SQL Server > Enable Microsoft Entra ID Authentication

    Export to PDF

    Enable Microsoft Entra ID Authentication

    To use the backup and restore services for Microsoft SQL Server in Azure VM, enable Microsoft Entra ID for your SQL Server in Azure VM.

    To enable authentication with Microsoft Entra ID for your SQL Server in an Azure VM, follow the steps below. For additional guidance, you may also refer to the official Microsoft article on enabling Microsoft Entra ID authentication.

    1. Sign in to the Azure portal and go to Azure SQL > SQL Server on Azure VMs. You can check your SQL Servers on the SQL Server on Azure VMs page.

      The SQL Server on Azure VMs page.

    2. Navigate to the desired VM in the Security section and select Identity to make sure that there is an enabled system-assigned or use-assigned managed identity in the same Microsoft Entra tenant as your SQL Server VM. For details, refer to Configure managed identities using the Azure portal.

      The Identity page.

    3. Open Microsoft Entra ID Roles and administrators in the Azure portal and navigate to the Directory Readers > Assignments page.

    4. On the Directory Readers > Assignments page, click Add assignments to add the managed identity you want to use with your SQL Server VM to the Directory Readers role. For details on how to add your managed identity to the Directory Readers role, refer to Add managed identity to the role.

      Add your managed identity to the Directory Readers role.

    5. Enable Microsoft Entra authentication for the registered instance. For detailed steps, refer to Enable Microsoft Entra authentication for the registered instance.

    6. Create logins and users, then grant sysadmin permissions to the specific service principal or SQL admin group. Below are example scripts for how to create logins and grant permissions. Replace ‘SQLAdminSecurityGroupName’ in the command with the actual name of your SQL admin security group.

      CREATE LOGIN [SQLAdminSecurityGroupName] FROM EXTERNAL PROVIDER;

GO

ALTER SERVER ROLE sysadmin ADD MEMBER [SQLAdminSecurityGroupName];

GO

      You can also refer to Microsoft Entra tutorial to create logins and users for the managed identity.

    7. Navigate to Cloud Backup for IaaS + PaaS, then go to Settings > GAP Gateways page to verify that the configured CAP Gateway server can successfully connect to your registered SQL Server instance. Once the connection is confirmed, the backup service is enabled.