Native Windows principals for Azure SQL Managed Instance are now generally available

Today we’re announcing the general availability for Native Windows Principals for Azure SQL Managed Instance. This capability simplifies the migration to Azure SQL Managed Instance and unblock the migration of legacy applications that are tied to windows logins.

This feature is crucial for the SQL Managed Instance link. While the Managed Instance link facilitates near real-time data replication between SQL Server and Azure SQL Managed Instance, the read-only replica in the cloud restricts the creation of Microsoft Entra principals. The Windows authentication metadata mode allows customers to use an existing Windows login to authenticate to the replica in the event of a failover

With this feature, the following Authentication metadata modes are available for SQL Managed Instance, and the different modes determine which authentication metadata is used for authentication, along with how the login is created:

• Microsoft Entra (Default): This mode allows authenticating Microsoft Entra users using Microsoft Entra user metadata. In order to use Windows authentication in this mode, see Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance.
• Paired (SQL Server default): The default mode for SQL Server authentication.
• Windows (New Mode):  This mode allows authenticating Microsoft Entra users using the Windows user metadata within SQL Managed Instance.

The Windows authentication metadata mode is a new mode that allows users to use Windows authentication or Microsoft Entra authentication (using a Windows principal metadata) with Azure SQL Managed Instance. This mode is available for Azure SQL Managed Instance only. The Windows authentication metadata mode isn't available for Azure SQL Database

To learn more, please refer to the documentation https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/native-windows-principals