How to use a managed instance in Azure SQL Database

In this article you can find various guides, scripts, and explanation that can help you to manage and configure your managed instance.


  • Migrate to a managed instance – Learn about the recommended migration process and tools for migration to a managed instance.

  • Migrate TDE cert to a managed instance – If your SQL Server database is protected with transparent data encryption (TDE), you would need to migrate certificate that a managed instance can use to decrypt the backup that you want to restore in Azure.

Network configuration

  • Determine size of a managed instance subnet – Managed instance is placed in dedicates subnet that cannot be resized once you add the resources inside. Therefore, you would need to calculate what IP range of addresses would be required for the subnet depending on the number and types of instances that you want to deploy in the subnet.
  • Create new VNet and subnet for a managed instance – Azure VNet and subnet where you want to deploy your managed instances must be configured according to the network requirements described here. In this guide you can find the easiest way to create your new VNet and subnet properly configured for managed instances.
  • Configure existing VNet and subnet for a managed instance – if you want to configure your existing VNet and subnet to deploy managed instances inside, here you can find the script that checks the network requirements and make configures your subnet according to the requirements.
  • Configure custom DNS – you need to configure custom DNS if you want to access external resources on the custom domains from your managed instance via linked server of db mail profiles.
  • Sync network configuration - It might happen that although you integrated your app with an Azure Virtual Network, you can't establish connection to a managed instance. One thing you can try is to refresh networking configuration for your service plan.
  • Find management endpoint IP address – Managed instance uses public endpoint for management-purposes. You can determine IP address of the management endpoint using the script described here.
  • Verify built-in firewall protection – Managed instance is protected with built-in firewall that allows the traffic only on necessary ports. You can check and verify the built-in firewall rules using the script described in this guide.
  • Connect applications – Managed instance is placed in your own private Azure VNet with private IP address. Learn about different patterns for connecting the applications to your managed instance.

Feature configuration

  • Transactional replication enables you to replicate your data between managed instances, or from on-premises SQL Server to a managed instance, and vice versa. Find more information how to use and configure transaction replication in this guide.
  • Configure threat detectionthreat detection is a built-in Azure SQL Database feature that detects various potential attacks such as SQL Injection or access from suspicious locations. In this guide you can learn how to enable and configure threat detection for a managed instance.

Next steps