I'm dealing with an issue on a standalone SQL Server installed on an Azure VM. We've set it up to use Microsoft Entra integrated authentication so we can connect using the SQL Server Management Studio (SSMS) client. However, our database administrator is unable to connect using the Entra integrated option. The error they are encountering is:
"ADDITIONAL INFORMATION:
31
Failed to authenticate the user NT Authority Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).
Error code Oxintegrated_windows_auth_not_supported_managed_user.
Integrated Windows Auth is not supported for managed users. See https://aka.ms/msal-net-iwa for details. (Microsoft SQL Server, Error: 0)".
Does anyone have insights or solutions for this?
2 Answers
Have you tried other authentication options in SSMS? It might be worth checking if they lead to the same error. I've only typically worked with Azure SQL, but there are different methods to connect that might not give the same issue.
It looks like this issue can be tricky. Azure VMs have some complexities compared to on-premise setups, especially with Azure AD authentication. Make sure you've checked the guidance here: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql. You might need to grant the VM identity some permissions to properly authenticate. I suggest grouping VMs with similar setups to simplify permission management.
We heard it can work with MFA for Entra integrated if a token is supplied. We're suspecting it may be linked to a conditional access policy, but we're not sure. Any thoughts?