Azure SQL Database is Microsoft's fully managed relational database service built on SQL Server. It eliminates the overhead of patching, backups, and hardware maintenance that comes with running SQL Server on a VM. You get a highly available, scalable database with built-in intelligence — and you can have it running in under five minutes.
Azure SQL Database vs SQL Server on a VM
Before choosing Azure SQL Database, understand the tradeoff between the managed service and self-managed SQL Server on an Azure VM:
- Azure SQL Database (PaaS): Automatic patching, built-in HA (99.99% SLA), automatic backups, elastic scaling. Best for new applications and modern architectures.
- SQL Server on VM (IaaS): Full SQL Server feature parity including SQL Agent jobs, cross-database queries, and linked servers. Best for lift-and-shift of existing SQL Server deployments.
- Azure SQL Managed Instance: Near-100% SQL Server compatibility in a managed environment. The best migration path for complex on-premises SQL Server databases.
Creating an Azure SQL Database
Azure SQL Database requires a logical server — a management endpoint that hosts one or more databases. The server itself has no compute; compute is allocated per database or per elastic pool.
# Create a resource group
az group create --name rg-sql-demo --location eastus
# Create the logical SQL server
az sql server create
--resource-group rg-sql-demo
--name sql-server-demo-2026
--location eastus
--admin-user sqladmin
--admin-password "Str0ng!Passw0rd#2026"
# Create a General Purpose database (serverless, 1-4 vCores)
az sql db create
--resource-group rg-sql-demo
--server sql-server-demo-2026
--name db-myapp
--edition GeneralPurpose
--family Gen5
--capacity 2
--compute-model Serverless
--auto-pause-delay 60The --auto-pause-delay 60 flag pauses the database after 60 minutes of inactivity, reducing costs to storage-only charges during idle periods — perfect for development databases.
Firewall Rules
By default, the Azure SQL logical server blocks all connections. You must explicitly allow IP addresses:
# Allow your current public IP
MY_IP=$(curl -s https://ifconfig.me)
az sql server firewall-rule create
--resource-group rg-sql-demo
--server sql-server-demo-2026
--name AllowMyIP
--start-ip-address $MY_IP
--end-ip-address $MY_IP
# Allow Azure services to connect (e.g., App Service)
az sql server firewall-rule create
--resource-group rg-sql-demo
--server sql-server-demo-2026
--name AllowAzureServices
--start-ip-address 0.0.0.0
--end-ip-address 0.0.0.0For production, skip the Azure Services rule and use Private Endpoints instead — they route database traffic entirely within your VNet with no public internet exposure.
Connecting with sqlcmd
# Install sqlcmd on Ubuntu/Debian
curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo apt-get install -y mssql-tools unixodbc-dev
# Connect to the database
sqlcmd -S sql-server-demo-2026.database.windows.net
-d db-myapp
-U sqladmin
-P "Str0ng!Passw0rd#2026"
-Q "SELECT @@VERSION"Backup and Point-in-Time Restore
Azure SQL Database automatically takes full, differential, and transaction log backups. Retention is 7 days by default (up to 35 days on Standard and Premium tiers). To restore a database to a specific point in time:
# Restore the database to 2 hours ago
az sql db restore
--resource-group rg-sql-demo
--server sql-server-demo-2026
--name db-myapp-restored
--source-database db-myapp
--time "2026-02-01T07:00:00"The restored database is created as a new database alongside the original — you then verify data integrity and rename or swap as needed.
Scaling: DTU vs vCore Models
Azure SQL Database offers two purchasing models:
- DTU model: Bundled compute, memory, and I/O units. Simple and predictable for small workloads. Available in Basic, Standard, and Premium service tiers.
- vCore model: Choose CPU cores and memory independently. Supports Azure Hybrid Benefit (use existing SQL Server licenses). Recommended for new workloads and easier to size correctly.
Scale up or down with a single CLI command — Azure applies the change online with minimal interruption:
# Scale from 2 vCores to 4 vCores
az sql db update
--resource-group rg-sql-demo
--server sql-server-demo-2026
--name db-myapp
--capacity 4Security: Transparent Data Encryption and Microsoft Defender
All Azure SQL databases have Transparent Data Encryption (TDE) enabled by default — data at rest is encrypted using AES-256 with no application changes required. Enable Microsoft Defender for SQL to get threat detection alerts for SQL injection attempts, unusual access patterns, and brute-force attacks:
az sql server microsoft-support-auditing-policy update
--resource-group rg-sql-demo
--name sql-server-demo-2026
--state EnabledKey Takeaways
Azure SQL Database removes the operational burden of running a database server so your team can focus on application development. Start with Serverless for development and dev/test databases, move to Provisioned vCore for predictable production workloads, and protect everything with Private Endpoints and Microsoft Defender for SQL.