Run a trace against Azure SQL Managed Instance using Windows Authentication for Microsoft Entra principals

This article shows how to connect and run a trace against Azure SQL Managed Instance using Windows Authentication for principals in Microsoft Entra ID (formerly Azure Active Directory). Windows authentication provides a convenient way for customers to connect to a managed instance, especially for database administrators and developers who are accustomed to launching SQL Server Management Studio (SSMS) with their Windows credentials.

This article shares two options to run a trace against a managed instance: you can trace with extended events or with SQL Server Profiler. While SQL Server Profiler may still be used, the trace functionality used by SQL Server Profiler is deprecated and will be removed in a future version of Microsoft SQL Server.

Note

Microsoft Entra ID was previously known as Azure Active Directory (Azure AD).

Prerequisites

To use Windows Authentication to connect to and run a trace against a managed instance, you must first meet the following prerequisites:

If you have not yet enabled Windows authentication for Microsoft Entra principals against your managed instance, you may run a trace against a managed instance using a Microsoft Entra authentication option, including:

  • Password offers authentication with Microsoft Entra credentials
  • Universal with MFA adds multifactor authentication
  • Integrated uses federation providers like Active Directory Federation Services (ADFS) to enable single sign-on (SSO) experiences
  • Service Principal enables authentication from Azure applications
  • Managed Identity enables authentication from applications assigned Microsoft Entra identities

Run a trace with extended events

To run a trace with extended events against a managed instance using Windows Authentication, you will first connect Object Explorer to your managed instance using Windows Authentication.

  1. Launch SQL Server Management Studio from a client machine where you have logged in using Windows Authentication.

  2. The 'Connect to Server' dialog box should automatically appear. If it does not, ensure that Object Explorer is open and select Connect.

  3. Enter the name of your managed instance as the Server name. The name of your managed instance should be in a format similar to managedinstancename.12a34b5c67ce.database.chinacloudapi.cn.

  4. After Authentication, select Windows Authentication.

    Dialog box from SQL Server Management Studio with a managed instance name in the 'Server Name' area and 'Authentication' set to 'Windows Authentication'.

  5. Select Connect.

Now that Object Explorer is connected, you can create and run an extended events trace. Follow the steps in Quick Start: Extended events in SQL Server to learn how to create, test, and display the results of an extended events session.

Run a trace with Profiler

To run a trace with SQL Server Profiler against a managed instance using Windows Authentication, launch the Profiler application. Profiler may be run from the Windows Start menu or from SQL Server Management Studio.

  1. On the File menu, select New Trace.

  2. Enter the name of your managed instance as the Server name. The name of your managed instance should be in a format similar to managedinstancename.12a34b5c67ce.database.chinacloudapi.cn.

  3. After Authentication, select Windows Authentication.

    Dialog box from SQL Server Management Studio with a managed instance name in the 'Server Name' area and 'Authentication' set to 'Windows Authentication'.

  4. Select Connect.

  5. Follow the steps in Create a Trace (SQL Server Profiler) to configure the trace.

  6. Select Run after configuring the trace.

Next steps

Learn more about Windows Authentication for Microsoft Entra principals with Azure SQL Managed Instance: