Azure Data Studio – Connections to Azure Government

Hi everyone, I'm a Cloud Solution Architect at Microsoft in the Data and AI domain. I've been in this role for a little over six years now. My typical toolset for working with databases has been SQL Server Management Studio. More recently I've been doing my work from Azure Virtual Desktop that only has Azure Data Studio installed. I quickly encountered a problem connecting to Azure SQL resources in the US Government clouds. Some of these details can be inferred from a similar article about connecting VS Code to Azure SQL Resources in US Government clouds. So, I figured it best to make an article specifically for Azure Data Studio and hopefully take the guesswork out of the procedure for someone else.

Begin by connecting to your subscription in the Azure Government Portal. Then, navigate to Azure > Groups

Identify or create a group that will contain the users you wish to provision access for. In this article, we'll use “MI_Admins”.

01.jpg

In Azure Portal, navigate to the Azure SQL Managed Instance or the server for the Azure SQL DB you wish to grant access to. On the networking page for the SQL Server, add appropriate rules to allow your connection to the database:

02.jpg

Using SQL Server Management Studio or Query Editor from the portal, connect to the database you want to access from Azure . Then, create a contained user and add it to an appropriate database role. For example:

03.jpg

In Azure navigate to File > Preferences > Settings. Then, navigate to Extensions > Azure (core). Then, check the box for enabling Us Gov Cloud.

04.jpg

Expand the Azure connections blade and click the ‘+' sign to add your Azure Government Account.

05.jpg

Under Azure (US GOVERNMENT), select the ‘+' sign, and then select the Azure (US GOVERNMENT) option.

06.jpg

Enter your Azure government subscription address and to Azure.

Click the close button and navigate back to the Connections > Azure blade in Azure .

Expand the appropriate subscription and find the SQL MI or DB you're wanting to connect to.

07.jpg

Click the connect icon:

08.jpg

Verify your connection information and then click connect:

09.jpg

You should now also be able to persist the server connection on the Connections > Server Blade:

10.jpg

Under some circumstances, like when working within a secure enclave, it may be necessary to enable the ADAL library and/or Device Code Method . ADAL is a predecessor to MSAL. Device Code Method, provides an alternative token-based authentication where other types of interactive authentication are not possible.

11.jpg

This authentication method will result in the process of navigating to a Microsoft website and providing a user code when creating your connection:

12.jpg

Thanks for reading!

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.