Skip to content

Limit SQL database network access to trusted IP addresses#

Security · SQL Database · Azure.SQL.AllowAzureAccess

Determine if access from Azure services is required.

Description#

Allow access to Azure services, permits any Azure service network based access to databases. Network based access it not limited to a single customer, all Azure IP addresses are permitted. Network access can also be allowed/ blocked on individual databases, which takes precedence over server firewall rules.

If network based access is permitted, authentication is still required.

Enabling access from Azure Services is useful in certain cases for on demand PaaS workloads where configuring a stable IP address is not possible. For example Azure Functions, Container Instances and Logic Apps.

Recommendation#

Consider using a stable IP address or configure virtual network based firewall rules. Determine if access from Azure services is required for the services connecting to the hosted databases.


Last update: 2021-12-04