My Point of View – Source, Ingest, Prepare, Analyze and Consume

Enable Microsoft Entra-only authentication with Azure SQL

In our example, we’ll assign the SQL Security Manager role to the user UserSqlSecurityManager@contoso.onmicrosoft.com. Using privileged user that can assign Microsoft Entra roles, sign into the Azure portal.
Go to your SQL server resource, and select Access control (IAM) in the menu. Select the Add button and then Add role assignment in the drop-down menu.
In the Add role assignment pane, select the Role SQL Security Manager, and select the user that you want to have the ability to enable or disable Microsoft Entra-only authentication.
Click Save

Enable Microsoft Entra-only authentication;

Enable in SQL Database using Azure portal

To enable Microsoft Entra-only authentication in the Azure portal, follow these steps:

Using the user with the SQL Security Manager role, go to the Azure portal.
Go to your SQL server resource, and select Microsoft Entra ID under the Settings menu.
If you haven’t added an Microsoft Entra admin, you’ll need to set this before you can enable Microsoft Entra-only authentication.
Check the box for Support only Microsoft Entra authentication for this server.
The Enable Microsoft Entra-only authentication popup will show. Select Yes to enable the feature and Save the setting.

Enable in SQL Managed Instance using Azure portal

To enable Microsoft Entra-only authentication in the Azure portal, see the steps below.

Using the user with the SQL Security Manager role, go to the Azure portal.
Go to your SQL managed instance resource, and select Microsoft Entra admin under the Settings menu.
If you haven’t added an Microsoft Entra admin, you’ll need to set this before you can enable Microsoft Entra-only authentication.
Select the Support only Microsoft Entra authentication for this managed instance checkbox.
The Enable Microsoft Entra-only authentication popup will show. Select Yes to enable the feature and Save the setting.

Reference

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication-tutorial?view=azuresql&tabs=azure-portal

Changing user password for PaaS SQL Server instance

Permissions

Requires ALTER ANY LOGIN permission.

If the login that is being changed is a member of the sysadmin fixed server role or a grantee of CONTROL SERVER permission, also requires CONTROL SERVER permission when making the following changes:

Resetting the password without supplying the old password.
Changing the login name.
Enabling or disabling the login.
Mapping the login to a different credential.

A principal can change the password for its own login.

Reference

https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-login-transact-sql?view=azuresqldb-current&preserve-view=true#b-changing-the-password-of-a-login-1

Azure Data Factory

Consolidate all your data with Azure Data Factory, a fully managed, serverless data integration service. Visually integrate data sources with more than 90 built-in, maintenance-free connectors at no added cost. Easily construct extract, transform, and load (ETL) and extract, load, and transform (ELT) processes code-free in an intuitive environment or write your own code. Then deliver integrated data to Azure Synapse Analytics to unlock business insights.

What is Microsoft Fabric?

Microsoft Fabric is an end-to-end analytics and data platform designed for enterprises that require a unified solution. It encompasses data movement, processing, ingestion, transformation, real-time event routing, and report building. It offers a comprehensive suite of services including Data Engineering, Data Factory, Data Science, Real-Time Analytics, Data Warehouse, and Databases.

With Fabric, you don’t need to assemble different services from multiple vendors. Instead, it offers a seamlessly integrated, user-friendly platform that simplifies your analytics requirements. Operating on a Software as a Service (SaaS) model, Fabric brings simplicity and integration to your solutions.

Microsoft Fabric integrates separate components into a cohesive stack. Instead of relying on different databases or data warehouses, you can centralize data storage with OneLake. AI capabilities are seamlessly embedded within Fabric, eliminating the need for manual integration. With Fabric, you can easily transition your raw data into actionable insights for business users.

idTokenClaims vs accessTokenClaims

n the context of authentication, an “idtokenclaims” refers to the specific user identity information contained within an ID token, used primarily for verifying a user’s identity, while an “access token” grants authorization to access specific resources on a server, essentially acting as a key to access protected data based on the user’s permissions; meaning, an ID token tells you who the user is, while an access token tells you what the user is allowed to do.

Key differences:

Purpose: An ID token is used for user authentication, displaying user information on the front-end like name and email, while an access token is used to authorize access to specific resources on a server.
Claims: ID token claims usually include basic user information like name, email, and user ID, while access token claims specify the allowed scopes or permissions for a particular resource.
Usage: A front-end application typically directly reads and displays information from an ID token, while an access token is sent with API requests to the server to verify authorization.

Example:

ID token claim example: When you log in to a website, the ID token might contain your username and email address, which the website can display on your profile page.
Access token claim example: If you want to access your private documents on a cloud storage service, the access token would specify your permission level (read only, read/write) to access those documents.