This looks like a great option! Question: i only see my VM name for my sql server in the managed identity select list. Would that work or does it have to be listed as sql managed instance?
Hi @CindyofTheShire per Bradley, "Hi Cindy! If I was in the Azure Portal, the way I would find this is to go to my SQL MI Instance, under Security I would then go to Identity, and the Object ID should be there for the Entra ID. As long as that is there you've got a System Managed Identity. If the System Managed Identity is not turned on you can turn it on. The user name for the managed Identity should be the name of the service; for example in the video my Azure SQL Managed instance was named sqlmiinsiders. I hope this helps, please let me know if you have more questions."
Thank you for your video. By any chance do you know how to do it with a SQL Server instance created inside a VM. I tried to create a Managed Identity attached to the VM using the Storage Blob Data Contributor role for the Azure Blob Container but this didn't worked. Thanks.
Nice video, but I think it is not possible to proceed if the TDE is active for the following message: The backup operation for a database with service-managed transparent data encryption is not supported on SQL Database Managed Instance. TDE should be disabled
Hi @andreablenxcacopardo5359 per Bradley, "Do you have customer managed keys set up? By default all databases in a Azure SQL MI Instance use a Microsoft Managed Key for TDE encryption. Copy only backups cannot be taken using a Microsoft Managed Key. So you must do one of two things: 1. Create an Azure Key Vault, Create a Key, and then associate that Key with the Managed Instance. or 2. (WARNING NOT THE BEST PRACTICE!!!!) Unencrypt the database and drop the TDE Key. If you have done those things and you are still getting an error review the following documentation to make sure the Azure Key Vault can communicate with the instance. I hope this helps!" learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql
@@Tales-from-the-Field & @Calin OPREA, I think I need a little more information on this? A Managed Identity is an Azure specific concept where the services provisioned in Azure have a Managed Identity and can be granted access to other Azure resources. For example: an Azure Data Factory, a Azure Synapse Analytics Workspace, or an Azure DevOps Workspace etc. Have a Managed Identity and can be granted permissions on an Azure SQL Database so they could Read, Write, or Update the schemas of the database depending on the action you want taken. While an Azure Virtual Machine could also have a Managed Identity and be used to grant that VM access to resources, an on premise VM or Server would not have an Azure Active Directory Managed Identity associated with it, that could grant permissions. On prem you would do this with a service account. I hope this helps! learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
@@SQLBalls gotcha, thank you, sir! it's a no-go for me then, was thinking of using it for data migrations from on-prem (either Azure MI or SQL VM, to be seen), but the very definition tells me it's a no go in my case.
@@sageata2002 Sorry that is the case sir, but the good news is if you get into Azure you've got this tool at your disposal! You may be able to use an Azure Service Principal, depending on what you want to do. Hope this helps!
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
This looks like a great option! Question: i only see my VM name for my sql server in the managed identity select list. Would that work or does it have to be listed as sql managed instance?
Hi @CindyofTheShire per Bradley, "Hi Cindy! If I was in the Azure Portal, the way I would find this is to go to my SQL MI Instance, under Security I would then go to Identity, and the Object ID should be there for the Entra ID. As long as that is there you've got a System Managed Identity. If the System Managed Identity is not turned on you can turn it on. The user name for the managed Identity should be the name of the service; for example in the video my Azure SQL Managed instance was named sqlmiinsiders. I hope this helps, please let me know if you have more questions."
Thank you for your video. By any chance do you know how to do it with a SQL Server instance created inside a VM. I tried to create a Managed Identity attached to the VM using the
Storage Blob Data Contributor role for the Azure Blob Container but this didn't worked.
Thanks.
Nice video, but I think it is not possible to proceed if the TDE is active for the following message:
The backup operation for a database with service-managed transparent data encryption is not supported on SQL Database Managed Instance.
TDE should be disabled
Hi @andreablenxcacopardo5359 per Bradley, "Do you have customer managed keys set up? By default all databases in a Azure SQL MI Instance use a Microsoft Managed Key for TDE encryption. Copy only backups cannot be taken using a Microsoft Managed Key. So you must do one of two things: 1. Create an Azure Key Vault, Create a Key, and then associate that Key with the Managed Instance. or 2. (WARNING NOT THE BEST PRACTICE!!!!) Unencrypt the database and drop the TDE Key. If you have done those things and you are still getting an error review the following documentation to make sure the Azure Key Vault can communicate with the instance. I hope this helps!"
learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql
do you think this also works for regular backups from on-prem to url? from the looks of it, it's pretty much yes for the answer.
Hi @Calin OPREA let me reach out to @SQLBalls on this!
@@Tales-from-the-Field & @Calin OPREA, I think I need a little more information on this? A Managed Identity is an Azure specific concept where the services provisioned in Azure have a Managed Identity and can be granted access to other Azure resources. For example: an Azure Data Factory, a Azure Synapse Analytics Workspace, or an Azure DevOps Workspace etc. Have a Managed Identity and can be granted permissions on an Azure SQL Database so they could Read, Write, or Update the schemas of the database depending on the action you want taken.
While an Azure Virtual Machine could also have a Managed Identity and be used to grant that VM access to resources, an on premise VM or Server would not have an Azure Active Directory Managed Identity associated with it, that could grant permissions.
On prem you would do this with a service account.
I hope this helps!
learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
@@SQLBalls gotcha, thank you, sir! it's a no-go for me then, was thinking of using it for data migrations from on-prem (either Azure MI or SQL VM, to be seen), but the very definition tells me it's a no go in my case.
@@sageata2002 Sorry that is the case sir, but the good news is if you get into Azure you've got this tool at your disposal! You may be able to use an Azure Service Principal, depending on what you want to do. Hope this helps!