Document Details
Tutorial Connect Msi Azure Database
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
powershell_heavy
⚠️
windows_tools
Summary:
The documentation demonstrates a moderate Windows bias, particularly in the 'Set up your dev environment' section. Visual Studio for Windows is presented first and in more detail, while macOS and cross-platform scenarios are treated as exceptions or afterthoughts. Windows-specific tools (Visual Studio, Azure PowerShell) are mentioned before their Linux/macOS equivalents, and PowerShell is given its own tab, whereas Linux-specific shells or tools are not. There are no explicit Linux command-line or shell examples, and the guidance for Linux users is less direct, often referring to Azure CLI as a workaround.
Recommendations:
- Present cross-platform or Linux-native tools (such as Azure CLI) before or alongside Windows-specific tools.
- Add explicit Linux/macOS shell examples and instructions, not just references to Azure CLI.
- Include development environment setup instructions for common Linux IDEs (e.g., JetBrains Rider, VS Code on Linux) and shell environments.
- Avoid treating macOS/Linux as exceptions; instead, structure sections so that Windows, macOS, and Linux are presented with parity.
- Where PowerShell is mentioned, also provide Bash/zsh equivalents for Linux/macOS users.
- Clarify that Azure CLI and VS Code are fully cross-platform and highlight their use on Linux/macOS.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-09-16 00:00 | #113 | completed | ✅ Clean |
| 2025-09-15 00:00 | #112 | completed | ❌ Biased |
| 2025-09-14 00:00 | #111 | completed | ✅ Clean |
| 2025-09-13 00:00 | #110 | completed | ✅ Clean |
| 2025-09-12 00:00 | #109 | completed | ✅ Clean |
| 2025-09-11 00:00 | #108 | completed | ✅ Clean |
| 2025-09-10 00:00 | #107 | completed | ✅ Clean |
| 2025-08-17 00:01 | #83 | in_progress | ❌ Biased |
| 2025-07-13 21:37 | #48 | completed | ❌ Biased |
| 2025-07-09 13:09 | #3 | cancelled | ✅ Clean |
| 2025-07-08 04:23 | #2 | cancelled | ❌ Biased |
Flagged Code Snippets
# [Azure PowerShell](#tab/ps)
1. The Azure Identity client library that you'll use later can use tokens from Azure PowerShell. To enable command-line based development, [install Azure PowerShell](/powershell/azure/install-azure-powershell) on your local machine.
1. Sign in to Azure CLI with the following cmdlet using your Microsoft Entra user:
-----
1. Grant permission to pre-created tables
[!INCLUDE [PostgreSQL grant permission](../service-connector/includes/postgres-grant-permission.md)]
-----
This Service Connector command completes the following tasks in the background:
* Enable system-assigned managed identity, or assign a user identity for the app `<server-name>` hosted by Azure App Service.
* Set the Microsoft Entra admin to the current signed-in user.
* Add a database user for the system-assigned managed identity or user-assigned managed identity. Grant all privileges of the database `<database-name>` to this user. The username can be found in the connection string in preceding command output.
* Set configurations named `AZURE_MYSQL_CONNECTIONSTRING`, `AZURE_POSTGRESQL_CONNECTIONSTRING`, or `AZURE_SQL_CONNECTIONSTRING` to the Azure resource based on the database type.
* For App Service, the configurations are set in the **App Settings** blade.
If you encounter any problem when creating a connection, refer to [Troubleshooting](../service-connector/tutorial-passwordless.md#troubleshooting) for help.
## 3. Modify your code
# [Azure SQL Database](#tab/sqldatabase-sc)
[!INCLUDE [code sample for sql managed identity authentication connection](./includes/tutorial-connect-msi-azure-database/code-sql-mi.md)]
# [Azure Database for MySQL](#tab/mysql-sc)
Connectivity to the Azure Database for MySQL in your code follows the `DefaultAzureCredential` pattern for all language stacks. `DefaultAzureCredential` is flexible enough to adapt to both the development environment and the Azure environment. When running locally, it can retrieve the logged-in Azure user from the environment of your choice (Visual Studio, Visual Studio Code, Azure CLI, or Azure PowerShell). When running in Azure, it retrieves the managed identity. So it's possible to have connectivity to database both at development time and in production. The pattern is as follows:
1. Instantiate a `DefaultAzureCredential` from the Azure Identity client library. If you're using a user-assigned identity, specify the client ID of the identity.
2. Get an access token for Azure Database for MySQL: `https://ossrdbms-aad.database.windows.net/.default`.
3. Add the token to your connection string.
4. Open the connection.
[!INCLUDE [code sample for mysql managed identity authentication connection](./includes/tutorial-connect-msi-azure-database/code-mysql-mi.md)]
# [Azure Database for PostgreSQL](#tab/postgresql-sc)
Connectivity to the Azure Database for PostgreSQL in your code follows the `DefaultAzureCredential` pattern for all language stacks. `DefaultAzureCredential` is flexible enough to adapt to both the development environment and the Azure environment. When running locally, it can retrieve the logged-in Azure user from the environment of your choice (Visual Studio, Visual Studio Code, Azure CLI, or Azure PowerShell). When running in Azure, it retrieves the managed identity. So it's possible to have connectivity to database both at development time and in production. The pattern is as follows:
1. Instantiate a `DefaultAzureCredential` from the Azure Identity client library. If you're using a user-assigned identity, specify the client ID of the identity.
2. Get an access token for Azure Database for PostgreSQL: `https://ossrdbms-aad.database.windows.net/.default`.
3. Add the token to your connection string.
4. Open the connection.
[!INCLUDE [code sample for postgres managed identity authentication connection](./includes/tutorial-connect-msi-azure-database/code-postgres-mi.md)]
-----
## 4. Set up your dev environment
This sample code uses `DefaultAzureCredential` to get a usable token for your Azure database from Microsoft Entra ID and then adds it to the database connection. While you can customize `DefaultAzureCredential`, it's already versatile by default. It gets a token from the signed-in Microsoft Entra user or from a managed identity, depending on whether you run it locally in your development environment or in App Service.
Without any further changes, your code is ready to be run in Azure. To debug your code locally, however, your develop environment needs a signed-in Microsoft Entra user. In this step, you configure your environment of choice by signing in with your Microsoft Entra user.
# [Visual Studio Windows](#tab/windowsclient)
1. Visual Studio for Windows is integrated with Microsoft Entra authentication. To enable development and debugging in Visual Studio, add your Microsoft Entra user in Visual Studio by selecting **File** > **Account Settings** from the menu, and select **Sign in** or **Add**.
1. To set the Microsoft Entra user for Azure service authentication, select **Tools** > **Options** from the menu, then select **Azure Service Authentication** > **Account Selection**. Select the Microsoft Entra user you added and select **OK**.
# [Visual Studio for macOS](#tab/macosclient)
1. Visual Studio for Mac is *not* integrated with Microsoft Entra authentication. However, the Azure Identity client library that you'll use later can also retrieve tokens from Azure CLI. To enable development and debugging in Visual Studio, [install Azure CLI](/cli/azure/install-azure-cli) on your local machine.
1. Sign in to Azure CLI with the following command using your Microsoft Entra user: