prerequisites.md

title	description	author	ms.author	ms.reviewer	ms.date	ms.topic	ms.custom
Prerequisites	Describes prerequisites required for SQL Server enabled by Azure Arc.	anosov1960	sashan	mikeray, randolphwest	03/25/2025	conceptual	references_regions

Prerequisites - SQL Server enabled by Azure Arc

[!INCLUDE sqlserver]

An Azure Arc-enabled instance of [!INCLUDE ssnoversion-md] is an instance on-premises or in a cloud provider that is connected to Azure Arc. This article explains those prerequisites.

If your SQL Server VMs are on VMware clusters, review Support on VMware.

Before you deploy

Before you can Arc-enable an instance of [!INCLUDE ssnoversion-md], you need to:

• Have an Azure account with an active subscription. If needed, create a free Azure Account.

• Verify Arc connected machine agent prerequisites. The Arc agent must be running in the typical 'full' mode.

• Verify Arc connected machine agent network requirements.

• Open firewall to Azure Arc data processing service.

• Register resource providers. Specifically:

  • Microsoft.AzureArcData
  • Microsoft.HybridCompute

  For instructions, see Register resource providers.

Installation account permissions

The user or service principal requires:

• Read permission on the subscription
• Local administrator permission on the operating system to install and configure the agent
  • For Linux, use the root account
  • For Windows, use an account that is a member of the Local Administrators group

Before enabling SQL Servers with Arc, the installation script checks:

• The region where the Arc-enabled SQL Server is supported
• Microsoft.AzureArcData resource provider is registered

These checks require read permission on the subscription for the user.

The user or service principal requires the following permissions in the Azure resource group to complete the task. Specifically:

• Azure Connected Machine Onboarding role
• Microsoft.AzureArcData/register/action
• Microsoft.HybridCompute/machines/extensions/read
• Microsoft.HybridCompute/machines/extensions/write
• Microsoft.Resources/deployments/validate/action

Users can be assigned to built-in roles that have these permissions, for example:

• Contributor
• Owner

For more information, see Assign Azure roles using the Azure portal.

Verify state of user databases

When a SQL Server instance is enabled by Azure Arc, the connection sets some database permissions so that you can manage databases from Azure. For details about the permissions set at a database level, review SQL permissions.

Only databases that are online and updateable are included.

Verify the state of any databases you plan to manage from Azure.

This query lists all databases, their status, and if they are updateable:

SELECT 
    name AS DatabaseName,
    CASE 
        WHEN state_desc = 'ONLINE' THEN 'Online'
        WHEN state_desc = 'OFFLINE' THEN 'Offline'
        ELSE 'Unknown'
    END AS Status,
    CASE 
        WHEN is_read_only = 0 THEN 'READ_WRITE'
        ELSE 'READ_ONLY'
    END AS UpdateableStatus
FROM sys.databases;

Run that query on any instance that you enable.

Service account permissions

The SQL Server service account must be a member of the sysadmin fixed server role on each SQL Server instance. By default, the SQL Server service account is a member of the sysadmin fixed server role.

For more information about this requirement, review SQL Server service account.

Set proxy exclusions

Note

The exclusion in this section is required for the March, 2024 release and before.

Beginning with the release in April, 2024 this exclusion is not required.

If a proxy server is used, set the NO_PROXY environment variable to exclude proxy traffic for:

• localhost
• 127.0.0.1

Note

Beginning with extension version 1.1.2986.256, you can set NO_PROXY environment variable to bypass proxy for URLs.

You can configure the extension to bypass the proxy endpoint for requests to specific URLs while using a proxy server for all other requests.

For example, you can configure the extension by setting NO_PROXY environment variable to use private endpoints for requests to Azure Key Vault, while all other requests use the proxy server.

Connect to Azure Arc data processing service

[!INCLUDE data-processing-service-permission]

Note

You can't use Azure Private Link connections to the Azure Arc data processing service. See Unsupported configurations.

Network requirements for enabling Entra ID authentication

[!INCLUDE entra-id-authentication-prerequisites]

Supported SQL Server versions and environments

[!INCLUDE supported-configurations]

Unsupported configurations

[!INCLUDE unsupported-configurations]

Register resource providers

To register the resource providers, use one of the following methods:

Azure portal

1. Select Subscriptions.
2. Choose your subscription.
3. Under Settings, select Resource providers.
4. Search for Microsoft.AzureArcData and Microsoft.HybridCompute and select Register.

PowerShell

Run:

Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.AzureArcData

Azure CLI

Run:

az provider register --namespace 'Microsoft.HybridCompute'
az provider register --namespace 'Microsoft.AzureArcData'

---

Azure subscription and service limits

Before configuring your [!INCLUDE ssnoversion-md] instances and machines with Azure Arc, review the Azure Resource Manager subscription limits and resource group limits to plan for the number of machines to be connected.

Supported regions

[!INCLUDE azure-arc-data-regions]

Install Azure extension for SQL Server

The [!INCLUDE sssql22-md] Setup Installation Wizard doesn't support installation of the Azure extension for SQL Server. There are two ways to install this component. Do one of the following:

• Automatically connect your SQL Server to Azure Arc
• Install Azure extension for SQL Server from the command line

For VMware clusters, review Support on VMware.

Related content

• SQL Server enabled by Azure Arc
• Known issues: SQL Server enabled by Azure Arc