How to provision a Windows SQL Server virtual machine in the Azure portal

This guide provides details on the different options available when you create a Windows SQL Server virtual machine in the Azure portal. This article covers more configuration options than the SQL Server VM quickstart, which goes more through one possible provisioning task.

Use this guide to create your own SQL Server VM. Or, use it as a reference for the available options in the Azure portal.


If you have questions about SQL Server virtual machines, see the Frequently Asked Questions.

If you don't have an Azure subscription, create a free account before you begin.

SQL Server virtual machine gallery images

When you create a SQL Server virtual machine, you can select one of several pre-configured images from the virtual machine gallery. The following steps demonstrate how to select one of the SQL Server 2017 images.

  1. Log in to the Azure portal using your account.

  2. On the Azure portal, click Create a resource. The portal opens the New window.

  3. In the New window, click Compute and then click See all.

    New Compute window

  4. In the search field, type SQL Server 2017, and press ENTER.

  5. Then click the Filter icon.

  6. In the Filter windows, check the Windows based subcategory and Microsoft for the publisher. Then click Done to filter the results to Microsoft-published, Windows SQL Server images.

    Azure Virtual Machines window

  7. Review the available SQL Server images. Each image identifies a SQL Server version and an operating system.

  8. Select the image named Free SQL Server License: SQL Server 2017 Developer on Windows Server 2016.


    The Developer edition is used in this walkthrough because it is a full-featured, free edition of SQL Server for development testing. You pay only for the cost of running the VM. However, you are free to choose any of the images to use in this walkthrough. For a description of available images, see the SQL Server Windows Virtual Machines overview.


    Licensing costs for SQL Server are incorporated into the per-second pricing of the VM you create and varies by edition and cores. However, SQL Server Developer edition is free for development/testing (not production), and SQL Express is free for lightweight workloads (less than 1 GB of memory, less than 10 GB of storage). You can also bring-your-own-license (BYOL) and pay only for the VM. Those image names are prefixed with {BYOL}.

    For more information on these options, see Pricing guidance for SQL Server Azure VMs.

  9. Under Select a deployment model, verify that Resource Manager is selected. Resource Manager is the recommended deployment model for new virtual machines.

  10. Click Create.

    Create SQL VM with Resource Manager

Configuration options

There are five windows for configuring a SQL Server virtual machine.

Step Description
Basics Configure basic settings
Size Choose virtual machine size
Settings Configure optional features
SQL Server settings Configure SQL server settings
Summary Review the summary

1. Configure basic settings

On the Basics window, provide the following information:

  • Enter a unique virtual machine Name.

  • Select SSD for VM disk type for optimal performance.

  • Specify a User name for the local administrator account on the VM. This account is also added to the SQL Server sysadmin fixed server role.

  • Provide a strong Password.

  • If you have multiple subscriptions, verify that the subscription is correct for the new VM.

  • In the Resource group box, type a name for a new resource group. Alternatively, to use an existing resource group click Use existing. A resource group is a collection of related resources in Azure (virtual machines, storage accounts, virtual networks, etc.).


    Using a new resource group is helpful if you are just testing or learning about SQL Server deployments in Azure. After you finish with your test, delete the resource group to automatically delete the VM and all resources associated with that resource group. For more information about resource groups, see Azure Resource Manager Overview.

  • Select a Location for the Azure region to host this deployment.

  • Click OK to save the settings.

    SQL Basics window

2. Choose virtual machine size

On the Size step, choose a virtual machine size in the Choose a size window. The window initially displays recommended machine sizes based on the image you selected.


The estimated monthly cost displayed on the Choose a size window does not include SQL Server licensing costs. This estimate is the cost of the VM alone. For the Express and Developer editions of SQL Server, this estimate is the total estimated cost. For other editions, see the Windows Virtual Machines pricing page and select your target edition of SQL Server. Also see the Pricing guidance for SQL Server Azure VMs.

SQL VM Size Options

For production workloads, see the recommended machine sizes and configuration in Performance best practices for SQL Server in Azure Virtual Machines.


For more information about virtual machine sizes, Sizes for virtual machines.

Choose your machine size, and then click Select.

3. Configure optional features

On the Settings window, configure Azure storage, networking, and monitoring for the virtual machine.

  • Under Storage, select Yes under use Managed Disks.


    Microsoft recommends Managed Disks for SQL Server. Managed Disks handles storage behind the scenes. In addition, when virtual machines with Managed Disks are in the same availability set, Azure distributes the storage resources to provide appropriate redundancy. For more information, see [Azure Managed Disks Overview][../ For specifics about managed disks in an availability set, see Use managed disks for VMs in availability set.

  • Under Network, select any inbound ports that in the Select public inbound ports list. For example, if you want to remote desktop into the VM, select the RDP (3389) port.

    Inbound ports


    You can select the MS SQL (1433) port to access SQL Server remotely. However, this is not necessary here, because the SQL Server settings step provides this option as well. If you do select port 1433 at this step, it will be opened irregardless of your selections in the SQL Server settings step.

    You can make other changes to network settings, or keep the default values.

  • Azure enables Monitoring by default with the same storage account designated for the VM. You can change these settings here.

  • Under Availability set, you can leave the default of none for this walkthrough. If you plan to set up SQL AlwaysOn Availability Groups, configure the availability to avoid recreating the virtual machine. For more information, see Manage the Availability of Virtual Machines.

When you are done configuring these settings, click OK.

4. Configure SQL server settings

On the SQL Server settings window, configure specific settings and optimizations for SQL Server. The settings that you can configure for SQL Server include the following.

Storage configuration
Automated Patching
Automated Backup
Azure Key Vault Integration
SQL Server Machine Learning Services


Under SQL connectivity, specify the type of access you want to the SQL Server instance on this VM. For the purposes of this walkthrough, select Public (internet) to allow connections to SQL Server from machines or services on the internet. With this option selected, Azure automatically configures the firewall and the network security group to allow traffic on port 1433.

SQL Connectivity Options


By default, SQL Server listens on a well-known port, 1433. For increased security, change the port in the previous dialog to listen on a non-default port, such as 1401. If you change the port, you must connect using that port from any client tools, such as SSMS.

To connect to SQL Server via the internet, you also must enable SQL Server Authentication, which is described in the next section.

If you would prefer to not enable connections to the Database Engine via the internet, choose one of the following options:

  • Local (inside VM only) to allow connections to SQL Server only from within the VM.
  • Private (within Virtual Network) to allow connections to SQL Server from machines or services in the same virtual network.

In general, improve security by choosing the most restrictive connectivity that your scenario allows. But all the options are securable through Network Security Group rules and SQL/Windows Authentication. You can edit Network Security Group after the VM is created. For more information, see Security Considerations for SQL Server in Azure Virtual Machines.


If you require SQL Server Authentication, click Enable under SQL authentication.

SQL Server Authentication


If you plan to access SQL Server over the internet (the Public connectivity option), you must enable SQL authentication here. Public access to the SQL Server requires the use of SQL Authentication.

If you enable SQL Server Authentication, specify a Login name and Password. This user name is configured as a SQL Server Authentication login and member of the sysadmin fixed server role. For more information about Authentication Modes, see Choose an Authentication Mode.

If you do not enable SQL Server Authentication, then you can use the local Administrator account on the VM to connect to the SQL Server instance.

Storage configuration

Click Storage configuration to specify the storage requirements.

SQL Storage Configuration


If you manually configured your VM to use standard storage, this option is not available. Automatic storage optimization is available only for Premium Storage.


The number of stops and the upper limits of each slider is dependent on the size of VM you selected. A larger and more powerful VM is able to scale up more.

You can specify requirements as input/output operations per second (IOPs), throughput in MB/s, and total storage size. Configure these values by using the sliding scales. You can change these storage settings based on workload. The portal automatically calculates the number of disks to attach and configure based on these requirements.

Under Storage optimized for, select one of the following options:

  • General is the default setting and supports most workloads.
  • Transactional processing optimizes the storage for traditional database OLTP workloads.
  • Data warehousing optimizes the storage for analytic and reporting workloads.

Automated patching

Automated patching is enabled by default. Automated patching allows Azure to automatically patch SQL Server and the operating system. Specify a day of the week, time, and duration for a maintenance window. Azure performs patching in this maintenance window. The maintenance window schedule uses the VM locale for time. If you do not want Azure to automatically patch SQL Server and the operating system, click Disable.

SQL Automated Patching

For more information, see Automated Patching for SQL Server in Azure Virtual Machines.

Automated backup

Enable automatic database backups for all databases under Automated backup. Automated backup is disabled by default.

When you enable SQL automated backup, you can configure the following settings:

  • Retention period (days) for backups
  • Storage account to use for backups
  • Encryption option and password for backups
  • Backup system databases
  • Configure backup schedule

To encrypt the backup, click Enable. Then specify the Password. Azure creates a certificate to encrypt the backups and uses the specified password to protect that certificate.

SQL Automated Backup

For more information, see Automated Backup for SQL Server in Azure Virtual Machines.

Azure Key Vault integration

To store security secrets in Azure for encryption, click Azure key vault integration and click Enable.

SQL Azure Key Vault Integration

The following table lists the parameters required to configure Azure Key Vault Integration.

Key Vault URL The location of the key vault.
Principal name Azure Active Directory service principal name. This name is also referred to as the Client ID. fde2b411-33d5-4e11-af04eb07b669ccf2
Principal secret Azure Active Directory service principal secret. This secret is also referred to as the Client Secret. 9VTJSQwzlFepD8XODnzy8n2V01Jd8dAjwm/azF1XDKM=
Credential name Credential name: AKV Integration creates a credential within SQL Server, allowing the VM to have access to the key vault. Choose a name for this credential. mycred1

For more information, see Configure Azure Key Vault Integration for SQL Server on Azure VMs.

SQL Server Machine Learning Services

You have the option to enable SQL Server Machine Learning Services. This option enables you to use advanced analytics with SQL Server 2017. Click Enable on the SQL Server Settings window.

Enable SQL Server Machine Learning Services

When you are finished configuring SQL Server settings, click OK.

5. Review the summary

On the Summary window, review the summary and click Purchase to create SQL Server, resource group, and resources specified for this VM.

You can monitor the deployment from the Azure portal. The Notifications button at the top of the screen shows basic status of the deployment.


To provide you with an idea on deployment times, I deployed a SQL VM to the East US region with default settings. This test deployment took approximately 12 minutes to complete. But you might experience a faster or slower deployment time based on your region and selected settings.

Open the VM with Remote Desktop

Use the following steps to connect to the SQL Server virtual machine with Remote Desktop:

  1. After the Azure virtual machine is created and running, click the Virtual Machines icon in the Azure portal to view your VMs.

  2. Click the ellipsis, ..., for your new VM.

  3. Click Connect.

    Connect to VM in portal

  4. Open the RDP file that your browser downloads for the VM.

  5. The Remote Desktop Connection notifies you that the publisher of this remote connection cannot be identified. Click Connect to continue.

  6. In the Windows Security dialog, click Use a different account. You might have to click More choices to see this. Specify the user name and password that you configured when you created the VM. You must add a backslash before the user name.

    Remote desktop authentication

  7. Click OK to connect.

After you connect to the SQL Server virtual machine, you can launch SQL Server Management Studio and connect with Windows Authentication using your local administrator credentials. If you enabled SQL Server Authentication, you can also connect with SQL Authentication using the SQL login and password you configured during provisioning.

Access to the machine enables you to directly change machine and SQL Server settings based on your requirements. For example, you could configure the firewall settings or change SQL Server configuration settings.

Connect to SQL Server remotely

In this walkthrough, you selected Public access for the virtual machine and SQL Server Authentication. These settings automatically configured the virtual machine to allow SQL Server connections from any client over the internet (assuming they have the correct SQL login).


If you did not select Public during provisioning, then you can change your SQL connectivity settings through the portal after provisioning. For more information, see Change your SQL connectivity settings.

The following sections show how to connect over the internet to your SQL Server VM instance.

Configure a DNS Label for the public IP address

To connect to the SQL Server Database Engine from the Internet, consider creating a DNS Label for your public IP address. You can connect by IP address, but the DNS Label creates an A Record that is easier to identify and abstracts the underlying public IP address.


DNS Labels are not required if you plan to only connect to the SQL Server instance within the same Virtual Network or only locally.

To create a DNS Label, first select Virtual machines in the portal. Select your SQL Server VM to bring up its properties.

  1. In the virtual machine overview, select your Public IP address.

    public ip address

  2. In the properties for your Public IP address, expand Configuration.

  3. Enter a DNS Label name. This name is an A Record that can be used to connect to your SQL Server VM by name instead of by IP Address directly.

  4. Click the Save button.

    dns label

Connect to the Database Engine from another computer

  1. On a computer connected to the internet, open SQL Server Management Studio (SSMS). If you do not have SQL Server Management Studio, you can download it here.

  2. In the Connect to Server or Connect to Database Engine dialog box, edit the Server name value. Enter the IP address or full DNS name of the virtual machine (determined in the previous task). You can also add a comma and provide SQL Server's TCP port. For example,,1433.

  3. In the Authentication box, select SQL Server Authentication.

  4. In the Login box, type the name of a valid SQL login.

  5. In the Password box, type the password of the login.

  6. Click Connect.

    ssms connect

Next Steps

For other information about using SQL Server in Azure, see SQL Server on Azure Virtual Machines and the Frequently Asked Questions.