Transitioning from On-Prem AD to Entra ID

In the evolving landscape of IT infrastructure, many organizations find themselves making the pivotal switch from traditional on-premises Active Directory (AD) to modern solutions like Microsoft's Entra ID. While this shift offers enhanced flexibility and cloud integration, it also presents challenges—especially when legacy applications are still in play. For a small organization previously relying on an on-prem AD/DS setup for around 40 users, the transition to Entra ID means rethinking how to provide access to critical applications.

The Challenge: Accessing SQL Server 2017 on Server 2016

As you embark on this journey, you're faced with a tricky situation: an old application running on SQL Server 2017 housed on Windows Server 2016. Without the local AD to manage user authentication, how do you ensure users can still access vital resources until that legacy app is phased out?

Exploring Your Options

One practical route might be to create a hybrid environment that syncs Entra ID to an on-premises server setup, mimicking your previous arrangement. However, with security being a top priority, many are reluctant to maintain an on-prem AD server due to potential vulnerabilities.

Is Azure Arc the Silver Bullet?

There’s buzz around using Azure Arc for this very purpose. Initially, credentialing against Entra ID for on-prem Windows environments wasn’t supported, focusing instead on Linux. Yet, there are whispers of updates! If these capabilities have been rolled out, could it mean simply registering your SQL server and databases with an Azure instance would allow users to authenticate using Entra ID?

The Local User Account Dilemma

Alternatively, one could opt for simpler solutions like creating local user accounts directly on the server and granting them access to the SQL databases. However, this might come at the expense of security and scalability.

Cost Considerations: Is Azure AD Worth It?

As you evaluate your options, the financial aspect cannot be ignored. Setting up an Azure AD server could cost around $100-$150 monthly. While manageable, being cautious about spending for a single-use case—for SQL access—remains crucial.

Connecting SQL with Entra ID Through Azure Arc?

If you’ve experimented with Azure Arc and successfully registered your server, you might wonder if this provides the solution you need for SQL credentialing. In SQL, there's an option to use Microsoft Entra ID authentication instead of relying solely on Windows Authentication. However, does this only work when tied to an Azure AD server?

Final Thoughts: Striking a Balance Between Ease and Security

Navigating this complexity involves weighing ease of access for users against robust security measures. It’s vital to keep your infrastructure streamlined while exploring innovative methods like Azure Arc. If you've cracked the code on Entra ID authentication through Azure, you might just open a new chapter in secure access management!