Azure SQL Database Connectivity and Network Security improvements

This post has been republished via RSS; it originally appeared at: Azure SQL Database articles.

Azure SQL Database Connectivity and Network Security improvements

Reviewers:- Andreas Wolter, Rajesh Setlem

We are proud to announce several improvements to Azure SQL Database in the areas of Connectivity and Network Security.

Customers can now choose to connect to SQL Database via the private endpoint and deny all public access via the firewall rules. 

GA of Private Link for Azure SQL Database

Now in general availability, Private Link enables users to have private connectivity from a Microsoft Azure Virtual Network to Azure SQL Database.

This feature creates a private endpoint which maps a private IP Address from the Virtual Network to your Azure SQL Database.

From security perspective, Private Link provides you with data exfiltration protection on the login path to SQL Database. Additionally, it does not require adding of any IP addresses to the firewall on Azure SQL Database or changing the connection string of your application.

Private Link is built on best of class Software Defined Networking (SDN) functionality from the Azure Networking team. Clients can connect to the Private endpoint from within the same Virtual Network, peered Virtual Networking the same region, or via VNet-to-VNet connection across regions. Additionally, clients can connect from on-premises using ExpressRoute, private peering, or VPN tunneling. More information can be found here

SQL Database Query Editor supports Private Link

Previously, for using Query Editor ( in Azure Portal) customers would add their Client Ip address in the Azure SQL Database firewall. With this new functionality, customers can run Query Editor and connect via private endpoints without having any dependency on IP based firewall. More information can be found here

Server level Connectivity Settings

We have made multiple improvements that allow you to control connectivity settings for Azure SQL Database . These setting are at the logical server level i.e. they apply to all SQL Databases and Data Warehouses created on a server. Note that once these settings are applied they take effect immediately and may result in connection loss for your clients if they do not meet the requirements for each setting.  At present these settings are only available in US West 2, US East, US South Central with other regions soon to follow. More information can be found here





Ability to set Connection Policy

Connection policy determines the requirements for clients to establish connections to Azure SQL Server.

Deny Public network access

While Private Link allows access via private endpoint only, we recognize that there are cases where  customers may need a mix of private and public connectivity To support these scenarios, we have provided the ability to  deny Public Network access to SQL Database.


When this setting is set to Yes only connections via private endpoints are allowed. When this setting is set to No clients can connect using private or public endpoint.


In summary, we hope these improvements shall  provide customers with more options to secure connections made to SQL Database and Data Warehouse and to meet the compliance requirements within their organizations where they need to connect to Azure SQL DB over private endpoint. We look forward to your feedback on these features.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.