Manage automatic connection for SQL Server enabled by Azure Arc
Applies to: SQL Server
SQL Server instances are automatically connected to Azure Arc when they are installed on an Azure Arc-enabled Server and the Arc server resource is in a supported region. All the SQL Server instance resources are automatically created in Azure, providing a centralized management platform for all your SQL Server instances. For more information, visit SQL Server enabled by Azure Arc.
This article details how the streamlined process of connecting SQL Server to Azure works.
Note
Existing servers with the extension from the November 2024 release or later will automatically have least privileged configuration applied. This application will happen gradually.
To prevent automatic application of least privilege, block extension upgrades to the November 2024 release.
Prerequisites
Complete the Prerequisites.
Specify license type
Optionally, specify the license type for each instance of SQL Server.
To specify the desired license type, provide the license type value tag. The automatic connecting workflow requires that tag. For more information, visit Tag resources, resource groups, and subscriptions for a logical organization.
Add one of the following tags and values to your subscription, resource groups, or Arc Server resources.
Tag | Value |
---|---|
ArcSQLServerExtensionDeployment |
Paid |
ArcSQLServerExtensionDeployment |
PAYG |
ArcSQLServerExtensionDeployment |
LicenseOnly |
Microsoft uses this value when the automatic connecting workflow deploys the SQL Server extension.
Important
To maximize the value of Azure Arc for SQL Server customers, Microsoft uses an automated process of determining the license type value if you have not set the default value using the ArcSQLServerExtensionDeployment
tag. If your SQL Server is covered by Software Assurance (SA) or Subscription and Support, and the number of licenses you have purchased is greater than the number of licenses you already committed to Azure to use Azure Hybrid Benefit, this process sets the license type value to Paid for the onboarded SQL Server instances on a first-come-first-serve basis. As a result, you automatically have access to valuable management features provided to SA customers.
Automatically install the Azure Extension for SQL Server on new servers connected to Arc
Microsoft automatically installs Azure extension for SQL Server on each Arc-enabled server connected to Azure Arc if it has any installed SQL Server instances. This automated process involves the following tasks:
Register the
Microsoft.AzureArcData
resource provider if not already registered.Set the license type.
Install the Azure extension for SQL Server.
Note
The license type is set if the
ArcSQLServerExtensionDeployment
tag value is set.Create Arc-enabled SQL Server instance resource in Azure.
To automatically connect SQL Server enabled by Azure Arc, use one of the provided methods that meet your requirements Automatically connect your SQL Server to Azure Arc.
Once the connecting is complete, you can benefit from the Azure features for SQL Server. For more information, visit Manage SQL Server license and billing options.
Verify and correct the license type configuration
To verify the license type configuration created by the onboarding process, run this resource graph query.
resources
| where type == "microsoft.hybridcompute/machines"
| extend
joinID = toupper(id)
| join kind = inner (
resources
| where type == "microsoft.hybridcompute/machines/extensions"
| extend machineId = toupper(substring(id, 0, indexof(id, '/extensions')))
| where properties.type in ("WindowsAgent.SqlServer","LinuxAgent.SqlServer")
| extend licenseType = iff(properties.settings.LicenseType == '', 'Configuration needed', properties.settings.LicenseType)
| project machineId, licenseType
) on $left.joinID == $right.machineId
| project id, licenseType
The value 'Configuration needed' indicates that the onboarding process didn't have enough information to configure the license type automatically. For details how to set the missing value, or change a value automatically configured, visit Manage SQL Server license and billing options.
Note
Setting license type to Paid or PAYG will unlock to valuable management features provided to SA customers.
Opt out of automatic connecting
To opt out of the automatic installation of Azure extension for SQL Server, add the following tag and value to a subscription, resource group(s), or Arc Server resource(s). If there are already existing Arc-enabled servers in the subscription or resource group, it may take up to 8 hours for any changes to the tag value to take effect, as the tag value is cached.
Tag | Value |
---|---|
ArcSQLServerExtensionDeployment |
Disabled |
Alternatively, you can limit which extensions can be installed on your server. You can configure lists of the extensions you wish to allow and block on the server. To learn more, see Extension allowlists and blocklists.
Learn how Microsoft automatically installs Azure extension for SQL Server
Microsoft can run extension installations on an Arc-enabled server through the Windows service Guest Configuration Extension service (ExtensionService
). When the server is connected to Arc, the Windows service Guest Configuration Extension service (ExtensionService
) is installed. This service is responsible for installing, upgrading, and deleting extensions (agents, scripts, or other software) on the machine. The guest configuration and extension services run as Local System on Windows and as root on Linux. For details about the Arc agent services and service accounts, review Agent security and permissions | Agent security and permissions
Microsoft can call APIs to deploy Azure extension for SQL Server and automatically connect to Arc-enabled SQL Server.
You can also install the extensions using the Azure portal, Azure Resource Manager (ARM) APIs, Azure Policy, ARM templates, the Azure CLI, or the Azure PowerShell module. Deployment options for SQL Server enabled by Azure Arc
Find SQL Server instances connected to Arc, but missing Azure extension for SQL Server
Use the following Azure graph query to list the machine and subscription IDs that contain Arc Servers with SQL Server installed but missing the Azure extension for SQL Server.
resources
| where type == "microsoft.hybridcompute/machines" and properties['detectedProperties']['mssqldiscovered'] has "true"
| extend
joinID = toupper(id)
| join kind= inner (
resources
| where type == "microsoft.hybridcompute/machines/extensions"
| extend machineId = toupper(substring(id, 0, indexof(id, '/extensions')))
| project machineId, name
| summarize allExtensions = make_list(name) by machineId
| where allExtensions !has ("SqlServer")
) on $left.joinID == $right.machineId
| project id, subscriptionId, tenantId