![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 97%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHV%3C/text%3E%3C/svg%3E)
Azure | Azure Training
Training: Instruction to develop new skills.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
the question asks only for the actions required to allow Microsoft Entra-authenticated principals to access an existing Azure SQL database, not to enforce Entra-only authentication on the server.
Because the goal is simply to enable access for Entra principals, the required steps stop at preparing the environment—not enforcing exclusive authentication. Adding a Microsoft Entra administrator establishes an initial entry point for Entra-based access, and assigning the SQL Security Manager role gives you the permissions needed to configure Entra authentication at the server level. Connecting through the Azure portal represents one way to complete the configuration using those permissions.
Selecting Support only Microsoft Entra authentication for this server is not required for merely allowing Entra-authenticated access. That setting is used only when you want to disable SQL authentication entirely and enforce Entra-only authentication. The question does not specify disabling SQL authentication or enforcing exclusivity.
The answer choice about connecting to database is misleading - I can only assume that this was meant to represent the task of connecting to the logical server (e.g. via Azure portal)
Details at https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-portal and https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication?view=azuresql&tabs=azure-cli
- In the Azure portal Directories + subscriptions pane, choose the directory that contains your Azure SQL resource as the Current directory.
- Search for SQL servers and then select the logical server for your database resource to open the SQL server pane.
- On the SQL server pane for your logical server, select Microsoft Entra ID under Settings to open the Microsoft Entra ID pane.
- On the Microsoft Entra ID pane, select Set admin to open the Microsoft Entra ID pane.
- The Microsoft Entra ID pane shows all users, groups, and applications in your current directory and allows you to search by name, alias, or ID. Find your desired identity for your Microsoft Entra admin and select it, then select Select to close the pane.
- At the top of the Microsoft Entra ID page for your logical server, select Save.
The Object ID is displayed next to the admin name for Microsoft Entra users and groups. For applications (service principals), the Application ID is displayed.
Microsoft Entra-only authentication is a feature within Azure SQL that allows the service to only support Microsoft Entra authenticatio
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin