Policy: Azure > CIS v3.0 > 05 - Database Services > 05.01 - Azure SQL Database > 05.01.04 - Ensure that Microsoft Entra authentication is Configured for SQL Servers

Configures auditing against a CIS Benchmark item.

Level: 1

Use Microsoft Entra authentication for authentication with SQL Database to manage credentials in a single place.

Microsoft Entra authentication is a mechanism to connect to Microsoft Azure SQL Database and SQL Data Warehouse by using identities in the Microsoft Entra ID directory. With Entra ID authentication, identities of database users and other Microsoft services can be managed in one central location. Central ID management provides a single place to manage database users and simplifies permission management.

- It provides an alternative to SQL Server authentication. - Helps stop the proliferation of user identities across database servers. - Allows password rotation in a single place. - Customers can manage database permissions using external (Entra ID) groups. - It can eliminate storing passwords by enabling integrated Windows authentication and other forms of authentication supported by Microsoft Entra. - Entra ID authentication uses contained database users to authenticate identities at the database level. - Entra ID supports token-based authentication for applications connecting to SQL Database. - Entra ID authentication supports ADFS (domain federation) or native user/password authentication for a local Active Directory without domain synchronization. - Entra ID supports connections from SQL Server Management Studio that use Active Directory Universal Authentication, which includes Multi-Factor Authentication (MFA). MFA includes strong authentication with a range of easy verification options — phone call, text message, smart cards with pin, or mobile app notification.