Daniel Calbimonte
Tags for Managed instances

Getting started with Azure SQL Managed Instance

September 14, 2022 by


In the previous article, Getting started with Azure SQL, we learned the basics to create an Azure SQL database.

Azure SQL is a nice option to easily have a database in Azure and at an accessible price. However, sometimes we need more features that we have in our SQL Server on-premises that we do not have in Azure SQL.

That is why Microsoft introduced some years ago the Azure SQL Managed Instance which contains several features that are not present in Azure SQL. In this article, we will learn how to create an Azure SQL Managed Instance in Azure and discuss its prices, configurations, and options during installation.

System requirements

To install an Azure SQL Managed Instance, you need the have an Azure Account. The following Azure subscriptions support an Azure SQL Managed Instance.

Getting started

First of all, to start, in the Azure Portal, select the Create a resource option.

Create a resource

Secondly, select Databases, and then on Azure SQL Managed Instance, select Create to create.

Create SQL Managed Instance

In the Basics section, select your subscription. In the Resource group select an existing Resource Group of your preference. Otherwise, select the Create new to create a new one.

The Managed Instance name is the name of the instance. It is the same concept as an instance on-premises. Make sure that the name is unique. About authentication, you can use SQL Authentication, Azure AD, or a mixed mode of both. The SQL Authentication is simple, you create the user and password of a SQL user. The other option is related to Azure Active Directory. For more information about Azure Authentication, we have a nice article written by one of our best authors here:

Basics azure sql database managed instance

The Networking section has several sections. First, you have to select the virtual network.

You can choose or create a new virtual network to connect to the Managed Instance. The subnet is used for the managed instances. You also require a subnet for the dedicated managed instance.

For more information about Virtual networks, refer to these links:

The connection types are used to select the way that the customer connects to an Azure SQL Managed Instance.

There are two main options:

  • Redirect, where the clients establish a connection directly to the node that hosts the database.
  • Proxy, where the connections use a proxy gateway.

For more information about both options, please refer to this link:

The public endpoint is disabled by default but is used to manage your instance outside the virtual network. It is recommended not to enable it for security reasons. For more information about public endpoint configuration, refer to the following link:

Finally, we have the minimum TLS version. Transport Layer Security is used for security. We can control the TLS version with version 1.0, 1.1, or 1.2. We may have new versions in the future. For security reasons, it is recommended to use the last version available.

For more information about TLS versions, please refer to these links:

Networking Azure SQL Minimum TLS version

We also have the security section. In this section, we handle the Azure Active Directory Authentication. You can enable or disable managed identities and you can also add users here.

You also have the option to handle transparent data encryption. You have 2 options here.

  1. Service-managed key
  2. Customer-managed key

You can have your customer-managed key to protect your data. For this, a Database Encryption Key (DEK) is used.

For more information about managed keys, please refer to these links:

Security configuration

Working with Additional Settings

Additional settings are used to configure the collation, time zone, geo-replication, and Maintenance.

Collation is referred to the characters and encoding used to handle information. The data will be ordered according to the collation. For example, if I use the Greek alphabet, the order of a select order by will not be the same as the latin1_general collation.

For more information about collation, please check these articles related:

Time zone is used to define your local time according to your country and region. For more information about available time zones and some recommendations and explanations, refer to this link:

The option to use as a Failover Secondary, by default is in no. This option allows having replication and failover of some databases in another managed instance in a different region.

For more information, refer to these links:

Finally, maintenance Windows allow setting the preferred schedule time. For more information, refer to this link:

The tags allow to categorize search and administer resources. It is a best practice to organize your resources.

For more information about Tags, refer to this link:

Tags for Managed instances

The Review + Create is the final part. You can review if the configuration is fine here and check the prices and terms. For more pricing information, refer to this link:

Review and create instances

If everything goes well, you will have your Azure SQL Managed Instance installed successfully.


In this article, we learned how to install the Azure SQL Managed Instance. We verified the different options to install, subnets, networking, TLS configuration, Security, and more.

Daniel Calbimonte
Latest posts by Daniel Calbimonte (see all)

About Daniel Calbimonte

Daniel Calbimonte is a Microsoft Most Valuable Professional, Microsoft Certified Trainer and Microsoft Certified IT Professional for SQL Server. He is an accomplished SSIS author, teacher at IT Academies and has over 13 years of experience working with different databases. He has worked for the government, oil companies, web sites, magazines and universities around the world. Daniel also regularly speaks at SQL Servers conferences and blogs. He writes SQL Server training materials for certification exams. He also helps with translating SQLShack articles to Spanish View all posts by Daniel Calbimonte