Page History
...
| Info |
|---|
Components of Azure Profile are responsible for building a valid connection. |
What are the service account requirements?
First of all, review the following information regarding your account requirements and ensure you meet them.
Account Permissions
The minimum permission required for Azure SQL Database is Server admin configured in Entra ID so that full access is available for monitoring.
However, you must grant the Azure SQL Database permissions to read Microsoft Entra ID. For more information regarding this matter, please refer to the Azure portal section of the Authorize server and database access using logins and user accounts article.
Multi-Factor Authentication
Connecting SQL Diagnostic Manager to your environment does not support service accounts requiring Multi-Factor Authentication (MFA) as continuous connection is required for service collection accounts.
It is recommended to use generalized service accounts for configuring connection credentials rather than accounts directly linked to users.
| Info |
|---|
For environments that require MFA for Entra ID users, a service account can be excluded from the MFA requirement by using an exclusion for conditional access. For guidance on how to set up exclusions for MFA review the Use access reviews to manage users excluded from Conditional Access Policies article on Microsoft Docs. |
Firewall
Keep in mind that the Microsoft Azure SQL Database is protected by a firewall, safeguarding access to your data when you create a new Azure Database. For more information on Azure SQL Firewall and how to configure it, please refer to this Microsoft documentation.
That is why it is important to allowlist the IP address of the server hosting the SQL Diagnostic Manager monitoring service via the Azure Portal.
How to select an Azure Profile?
...
- Click the New button from the Application Profiles section.
- Choose a Profile Name and Description for your Azure profile, from the Azure Application Profile wizard.
- Select an Azure Subscription from the subscription dropdown, otherwise, click New and complete the following fields with the application information:
- Subscription ID*
- Description
Info (*) This information is mandatory, to get it from your application follow the steps outlined in theHow to get Azure Profile components? section.
- Click OK to save your Subscription information.
- Select an Azure Application from the application dropdown, otherwise, click New and complete the following fields with the application information:
- Application name
- Tenant ID*
- Client ID*
- Secret value*
- Description of the Azure application
Info (*) This information is mandatory, to get it from your application follow the steps outlined in the How to get Azure Profile components? section.
- Click OK to save your Subscription information. Review all your information. When you finish, the wizard should look like this image.
- Click OK to save your Azure Application Profile.
- Click Close to close the Azure Profiles Configuration wizard.
- In the Azure Application configuration, select the Azure Profile you just created from the Select Azure Profile dropdown.
- Select the instances to monitor.
...
- Navigate through the Manage node to the Certificates & secrets option from the Overview tab of your Owned App.
- Click the New client secret option.
- Choose a description, select an expiration time from the dropdown menu, and click Add.
- Copy and save the Secret ID.
| Warning |
|---|
You must save the Secret value once you create the Client Secret, otherwise, the next time you log in to the Azure Portal to check this value, it will be masked. If you lost or did not save the Secret value and you need it, create a new Client Secret and use the new Secret value instead. |