Set Up Azure MS SQL Server Authentication

Each Azure MS SQL Server record identifies account login credentials, database information (unless you use auto discovery) and targets.

This record type is only available in accounts with PC or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix


You need the instance name assigned to the TCP/IP port (by default this is set to MSSQLSERVER). This is NOT the host name that is assigned to the MS SQL Server instance name.


- Go to Scans > Authentication.

- Create an Azure MS SQL record for the database instance. Go to New > Databases > Azure MS SQL.

It is recommended you define a dedicated user account for Azure MS SQL Server authentication. You’ll need to tell us the user account to be used for authentication.

Tell us the database instance(s) to authenticate to. You can define one instance (provide instance name, database name, and port). Currently, we support only MSSQLSERVER value for the database instance name and do not support named instances. 

Use the Auto discover option and we'll automatically find database instances on your target hosts, so you don't have to provide database information in your record. This is recommended if you have multiple databases instances on the same host.

Select the target compliance hosts (IPs) to authenticate to. Each IP may be included in one Azure MS SQL Server record.

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

Quick Links

Why use host authentication

Vault Support Matrix

Azure MS SQL Server Auth PDF Icon