Azure SQL Virtual Machine - AD/User Access

jase jackson USA 201 Reputation points
2020-08-28T16:47:25.723+00:00

Can a SQL VM machine be added to a Azure Resource Group whereby only a select group of users have access to the VM machine excluding the tenant Admin. To reiterate the list of users that can access the VM machine differ to the tenant admin who would be unable to access the VM machine; unless granted the login details?

I understand this is maybe at odds with general practice however it would be helpful to understand whether the security model supports such a situation.

SQL Server on Azure Virtual Machines
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,665 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,461 Reputation points Microsoft Employee
    2020-08-31T21:55:04.343+00:00

    @jase jackson USA
    Thank you for your post!

    You should be able to accomplish these tasks by using Azure Role Based Access Control (RBAC). Azure RBAC helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. You can enable Azure RBAC at the management group, subscription, resource group, or resource level.

    When it comes to denying your tenant admin rights, you can easily do so by using Azure deny assignments.

    21731-iam.jpg

    Please let me know if you have any other questions.
    Thank you for your time and patience!

    Additional Links:
    List Azure role assignments using the Azure portal