Hi everyone, I'm a Cloud Solution Architect at Microsoft in the Data and AI domain. I've been in this role for a little over six years now. My typical toolset for working with databases has been SQL Server Management Studio. More recently I've been doing my work from Azure Virtual Desktop that only has Azure Data Studio installed. I quickly encountered a problem connecting to Azure SQL resources in the US Government clouds. Some of these details can be inferred from a similar article about connecting VS Code to Azure SQL Resources in US Government clouds. So, I figured it best to make an article specifically for Azure Data Studio and hopefully take the guesswork out of the procedure for someone else.
Begin by connecting to your subscription in the Azure Government Portal. Then, navigate to Azure Active Directory > Groups
Identify or create a group that will contain the users you wish to provision access for. In this article, we'll use “MI_Admins”.
In Azure Portal, navigate to the Azure SQL Managed Instance or the server for the Azure SQL DB you wish to grant access to. On the networking page for the SQL Server, add appropriate firewall rules to allow your connection to the database:
Using SQL Server Management Studio or Query Editor from the portal, connect to the database you want to access from Azure Data Studio. Then, create a contained user and add it to an appropriate database role. For example:
Expand the Azure connections blade and click the ‘+' sign to add your Azure Government Account.
Under Azure (US GOVERNMENT), select the ‘+' sign, and then select the Azure (US GOVERNMENT) option.
Enter your Azure government subscription address and authenticate to Azure.
Click the close button and navigate back to the Connections > Azure blade in Azure Data Studio.
Expand the appropriate subscription and find the SQL MI or DB you're wanting to connect to.
Click the connect icon:
Verify your connection information and then click connect:
You should now also be able to persist the server connection on the Connections > Server Blade:
Under some circumstances, like when working within a secure enclave, it may be necessary to enable the ADAL authentication library and/or Device Code Method authentication. ADAL is a predecessor to MSAL. Device Code Method, provides an alternative token-based authentication where other types of interactive authentication are not possible.
This authentication method will result in the process of navigating to a Microsoft website and providing a user code when creating your connection:
Thanks for reading!