Thanks for reaching out to Microsoft Q&A.
- Check if that your SQL Server has appropriate firewall rules to allow traffic from your azure function app (even though it uses MSI). Make sure the necessary IP addresses and Azure services have access.
- Ensure that the MI permissions were applied to the correct database, and that the identity you created matches exactly the one assigned to your Azure Function.
- Test if the MSI is working properly by acquiring a token from it and testing other services (like Key Vault).
You can use the following Python code jor this:
from azure.identity import ManagedIdentityCredential
credential = ManagedIdentityCredential()
token = credential.get_token("https://database.windows.net/.default")
print(token.token)
- Your connection string looks good, but make sure that
Authentication=ActiveDirectoryMsi
is correctly set. - Verify the function app can reach your SQL Server by setting up a diagnostic to test network traffic between the function and the SQL Server.
- If your Azure SQL Database is in a VNET, ensure that your Function App is properly integrated into that VNET
How SQL Server Recognizes MI?
When you connect using ActiveDirectoryMsi
, azure SQL identifies the Managed Identity from the token provided by AAD. The ODBC driver, in combination with the ManagedIdentityCredential
, will obtain a token from AAD, which SQL Server uses to verify the identity. You can confirm this by checking the token retrieved in the ManagedIdentityCredential.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.