The monitoring service requires the server admin account for Azure SQL Database and Data Warehouse targets.
The credentials provided for an Azure SQL Database target must be the server account configured in the Azure Portal for the Azure SQL Server so that full access is available for monitoring.
The following authentication methods are supported when adding Azure SQL Database target types:
- SQL Server
- Azure Active Directory - Password
- Azure Active Directory - Integrated
The Microsoft Azure SQL Database and Data Warehouse services are protected by a firewall because both services are exposed on the internet. The Azure SQL Firewall is in place to help protect access to your data. When creating a new Azure SQL Database or Data Warehouse target, the connectivity verification ensures that an Azure SQL Firewall rule is correctly configured and indicates a warning if it's not.
Azure SQL Database and Data Warehouse Firewall Configuration
It is important to allowlist the IP address of the server hosting the SentryOne monitoring service via the Azure Portal.
The Azure SQL Firewall settings are configured using the Azure Portal, through the command line utilities on PowerShell, or through the Cross Platform CLI tool. For more information about the Azure SQL Firewall and configuring it, see the How to configure an Azure SQL database firewall documentation from Microsoft.
Important: Because the Azure SQL Firewall rules can change, the monitoring service can lose access. If this occurs, notifications appear in the System Status and on the Dashboard as a warning.
While the firewall is blocking the monitoring service, no data is retrieved from the target.