How to permit Active Directory - Integrated authentication and simultaneously prohibit Active Directory - Password authentication

Asked Nov 30 '17 at 17:01

Active Nov 30 '17 at 17:01

Viewed 108 times

I would like to provide to admin users an MS Access database which includes some ODBC linked tables to an Azure SQL Database.

Is it possible to allow Active Directory - Integrated authentication while prohibiting Active Directory - Password authentication? I.e., to force users to be on domain-joined machines.

If in addition to the MS Access database I also provide an ODBC data source which specifies Active Directory - Integrated authentication, a user could potentially create an ODBC data source that specifies Active Directory - Password authentication and re-link the tables on a local copy of the database. This would allow the user to access the Azure SQL Database on any machine irrespective of whether or not it's a domain-joined (company) computer.

asked Nov 30 '17 at 17:01

CalvinDale

9,005
5
29
38

I am not an AAD expert, but I am not aware how to do it using current SQL drivers. If you use AAD integrated you can always use U/P for this account – MirekS SQL PM Dec 08 '17 at 22:10
Indeed @MirekSSQLPM, I also suspect that it's not possible. However, one can restrict IP addresses in the Azure SQL Server firewall to domain-joined machines. – CalvinDale Dec 11 '17 at 16:05

How to permit Active Directory - Integrated authentication and simultaneously prohibit Active Directory - Password authentication

0 Answers0