I have a number of sql servers in Azure and under Networking Section in the area
"Firewall rules Allow certain public internet IP addresses to access your resource"
there are a number of ip addresses added which allows a user to connect via SSMS.
Now if the address is not there SSMS gives you the option to add it , I dont want to allow that . So is there a way to allow the user to login lets say via Microsoft Entra Id and have no ipp addresses in that section ?
On
So, is there a way to allow the user to login let's say via Microsoft Entra Id and have no IP addresses in that section ?
NO, you can't allow user to connect the server without whitelisting the IP
When setting up a new server in Azure SQL Database, a server-level firewall is automatically implemented to block access to the public endpoint. These firewall rules are designed to allow clients to connect to the entire server, granting access to all the databases hosted on that server.
To be able to create and manage IP firewall rules for the Azure SQL Server, you will need to either be:
Without these roles Users can't add their IP to server and If IP is not whitelisted, they can't Connect to the server.
For more information check this document
Not really. IP exceptions in the firewall are completely separate from authentication.
The option for users to add their IP when connecting with SSMS will only work if they have the appropriate roles to edit the firewall rules. If they aren't already in the firewall rules, and they can't add their IP, then they can't connect.