System Requirements for Azure SQL Managed Instance

Verify that your environment meets the system requirements for Azure SQL Managed Instance.

Azure Cloud

You must create an Azure Blob Storage account.

Backup: The databases are backed up with SQL Server backup to URL for Microsoft Azure Blob Storage, which writes directly to Azure Blob Storage. These backup files are deleted from the storage account after the backup operation is complete.
Restore: The backup files are staged to Azure Blob Storage, and the databases are restored with the RESTORE FROM URL option. These backup files are deleted from the storage account after the restore operation is complete.

Access Nodes Behind Firewalls

If the Access Node has restricted access to the internet and/or Azure resources, the user account running the Commvault services must have the Access Node network settings configured through Internet Explorer or an internet proxy. Run the following steps to configure the settings:
1. To open a command window with the local system account, run the following command:
```
psexec.exe -i -s -d cmd.exe
```
2. To confirm the user account, run the following command:
```
whoami.exe
```
3. To set the proxy server, run the following command:
```
iexplore.exe
```
For restoring an on-premises backup to the Azure cloud:
- Install SQL Server on the access node.
  
  The operating system of the access node can be either Windows or Red Hat Enterprise Linux.
- Verify that the SQL server on the proxy client has the most recent SQL version so that the proxy server is in sync with the Azure instance.
  
  Note
  
  Azure always has the most recent SQL version.

Azure SQL Managed Instance User Accounts and Authentication

This section describes the supported user accounts and authentication methods for the Azure SQL Managed Instance.

The Azure SQL Managed Instance supports the following types of user accounts for data protection:

Azure SQL Server Admin account: Serves as the server administrator for the Azure SQL instance.
Microsoft Entra Password: Manages user accounts, security settings, and permissions for users who access the Azure SQL Managed Database.
- Ensure that login names for user accounts are in UPN (User Principal Name) format.
  
  Note
  
  Multifactor authentication is not supported.
- Install the Microsoft Active Directory Authentication Library (ADAL) for Microsoft SQL Managed Instance Server or SQL Server Management Studio (SSMS) on the access node.

Database user: A database-level account used to configure minimal permissions for data protection operations. This authentication type requires the following minimum permissions:

Server-Level Roles	Database-Level Roles
dbcreator This role is required because the restore operation needs to create the database if it does not exist.	Login account and/or user account on the master database. A login account is recommended especially when managing multiple databases on the instance; the password is associated with the login account instead of with individual databases. A user account on the master database requires VIEW ANY DEFINITION permission. This is required to allow the gathering of metadata from sys.master_files and is only needed if you are not configuring a dbcreator server role for restore purposes. The user account at the databases level associated with the login account must have the following roles: db_backupoperator on the database that is being backed up db_datareader on the database that is being backed up

Server-Level Roles

Database-Level Roles

dbcreator

This role is required because the restore operation needs to create the database if it does not exist.

Login account and/or user account on the master database.

A login account is recommended especially when managing multiple databases on the instance; the password is associated with the login account instead of with individual databases.

A user account on the master database requires VIEW ANY DEFINITION permission. This is required to allow the gathering of metadata from sys.master_files and is only needed if you are not configuring a dbcreator server role for restore purposes.

The user account at the databases level associated with the login account must have the following roles:

db_backupoperator on the database that is being backed up
db_datareader on the database that is being backed up

The following Microsoft Entra authentication methods are also supported:

Microsoft Entra Managed Identity:
Provides a secure, credential-less method for Azure resources to authenticate and authorize with Azure SQL Managed Instance.

Both system-assigned and user-assigned managed identities are supported.

The managed identity must be provisioned as a login on the Managed Instance and granted the required server-level and database-level permissions listed above.

For more information, see Enabling Microsoft Entra Managed Identity Authentication.
Microsoft Entra Service Principal:
Provides a secure, non-interactive method to authenticate and access Azure SQL Managed Instance without using individual user credentials.

The service principal must be provisioned as a login on the Managed Instance and granted the required permissions listed above.

For more information, see Enabling Microsoft Entra Service Principal Authentication.

Supported TLS Version

The software supports database protection operations on TLS version 1.2.

System Requirements for Azure SQL Managed Instance

Azure Cloud

Access Nodes Behind Firewalls

Azure SQL Managed Instance User Accounts and Authentication

Supported TLS Version

Page contents