Azure SQL Database and Data Warehouse Security

The Microsoft Azure SQL Database and Data Warehouse services are protected by a firewall because both services are exposed on the internet. The Azure SQL Firewall is in place to help protect access to your data. When creating a new Azure SQL Database or Data Warehouse target, the connectivity verification ensures that an Azure SQL Firewall rule is correctly configured and indicates a warning if it's not.

Note:  The credentials provided for an Azure SQL Database target must be the server account configured in the Azure Portal for the Azure SQL Server so that full access is available for monitoring.

Supported Authentication Methods

The following authentication methods are supported when adding Azure SQL Database target types:

  • SQL Server
  • Azure Active Directory - Password
  • Azure Active Directory - Integrated

Azure SQL Database and Data Warehouse Firewall Configuration

It is important to allowlist the IP address of the server hosting the SentryOne monitoring service via the Azure Portal.

The Azure SQL Firewall settings are configured using the Azure Portal, through the command line utilities on PowerShell, or through the Cross Platform CLI tool. For more information about the Azure SQL Firewall and configuring it, see the How to configure an Azure SQL database firewall documentation from Microsoft.

Important:  Because the Azure SQL Firewall rules can change, the monitoring service can lose access. If this occurs, notifications appear in the System Status and on the Dashboard as a warning.

While the firewall is blocking the monitoring service, no data is retrieved from the target.