You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 virtual machines that run Windows Server 2019 and host Microsoft SQL Server 2019 instances.
You need to ensure that you can manage the SQL Server instances by using a single user account.
What should you do first?
To manage SQL Server instances on multiple Azure virtual machines using a single user account, deploying an Azure Active Directory Domain Services (Azure AD DS) domain and joining the virtual machines to the domain is the best approach. Azure AD DS provides managed domain services such as domain join, group policy, and Kerberos/NTLM authentication. By joining the virtual machines to the Azure AD DS domain, centralized management of user accounts is achieved, simplifying the process of managing SQL Server instances across multiple virtual machines.
B is correct
As per below Microsoft URL, I believe answer is A - Enable user Assigned managed Identity....... . Is Azure Active Directory Domain Services (Azure AD DS) supported with SQL Server on Azure VMs? No. Using Azure Active Directory Domain Services (Azure AD DS) isn't currently supported with SQL Server on Azure VMs. Use an Active Directory domain account instead. https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/frequently-asked-questions-faq?view=azuresql
I thing Answer A is correct because of this link: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
To manage SQL Server instances on multiple Azure virtual machines using a single user account, you should first deploy an Azure Active Directory Domain Services (Azure AD DS) domain and join the virtual machines to the domain (Option B)12. Azure Active Directory Domain Services provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication. By joining the virtual machines to the Azure AD DS domain, you can centralize the management of user accounts, which simplifies the process of managing SQL Server instances across multiple virtual machines.
I will go with B. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - check the video, it shows what is the purpose of Managed Identity - basically to get rid of passwords in code (among other things), so it has nothing to do with server management.
The same user-assigned managed identity can be associated with more than one Azure resource.
Correct ans. B
Chat gpt indicates managed identities are not used for server 2019, so B would be the better answer, imho.
This may just be a horrible question with no good documentation. I've found 2 articles. One definitely indicates it can happen in Sql 2022, but the other document indicates no limitation here at all, even with 2019. I'm not sure where the article is that says it's NOT supported in 2019, as I can't seem to find it anymore. https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity?view=azuresql https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal I may change my answer to A...
Answer B. Enabling a user-assigned managed identity on each virtual machine is not required to solve the above scenario. User-assigned managed identities are used to authenticate to services that support Azure AD authentication, such as Azure Key Vault, without requiring the use of credentials in your code. Add Azure Active Directory User to Azure SQL Database. https://stackoverflow.com/questions/45044760/add-azure-active-directory-user-to-azure-sql-database. Add an existing Azure subscription to your tenant - Microsoft Entra .... https://learn.microsoft.com/en-us/entra/fundamentals/how-subscriptions-associated-directory.
According to the article below we can use managed identity on azure vm only on SQL Server 2022. In the question is 2019, so the answer is B. https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/configure-azure-ad-authentication-for-sql-vm?view=azuresql&tabs=azure-portal
no mention of "Active Directory Domain Services (Azure AD DS)" on this page though
deploy an Azure Active Directory Domain Services (Azure AD DS) domain and join the virtual machines to the domain . This will allow you to use a single domain user account to manage the SQL Server instances on all of the virtual machines. a user-assigned managed identity can be associated with more than one Azure resource. However, in this scenario, the goal is to manage the SQL Server instances using a single user account. While using a user-assigned managed identity would allow you to authenticate to Azure resources using a single identity, it would not provide a way to manage the SQL Server instances using a single user account.
I think it is B, because of this: "by using a single user account".