How Windows Authentication for Azure SQL Managed Instance is implemented with Microsoft Entra ID and Kerberos
Windows Authentication for Azure SQL Managed Instance principals in Microsoft Entra ID (formerly Azure Active Directory) enables customers to move existing services to the cloud while maintaining a seamless user experience and provides the basis for security infrastructure modernization. To enable Windows Authentication for Microsoft Entra principals, you will turn your Microsoft Entra tenant into an independent Kerberos realm and create an incoming trust in the customer domain.
This configuration allows users in the customer domain to access resources in your Microsoft Entra tenant. It will not allow users in the Microsoft Entra tenant to access resources in the customer domain.
The following diagram gives an overview of how Windows Authentication is implemented for a managed instance using Microsoft Entra ID and Kerberos:
- [Troubleshoot Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance](winauth-azuread-troubleshoot.md)
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for