This chapter covers Azure Database for MySQL, a fully managed relational database service in Azure. It is critical for the DP-900 exam because questions on PaaS database offerings appear in roughly 15-20% of the exam, with Azure Database for MySQL being a key option alongside PostgreSQL and SQL Server. You will learn its architecture, deployment options, scaling, high availability, security features, and how it differs from running MySQL on a virtual machine. Mastering this content ensures you can answer scenario-based questions about when to choose Azure Database for MySQL and how to configure it.
Jump to a section
Think of Azure Database for MySQL as a full-service hotel that offers rooms (databases) with all utilities (compute, storage, networking) included. You, the guest, just bring your luggage (data and schema). The hotel handles cleaning (patching), security (firewalls, encryption), and maintenance (backups, high availability). You don't need to fix plumbing or change lightbulbs—those are the hotel's responsibility. But you still control which guests (users) have keys (permissions) and what furniture (table structures) you place. If you need more space, you request a bigger room (scale up) or an adjoining suite (read replica). The hotel ensures your room is always clean and available, even if another room needs repairs (failover). You never enter the maintenance tunnels—you only interact through the front desk (connection endpoint). This abstraction frees you to focus on your stay (application development) rather than building management.
What is Azure Database for MySQL?
Azure Database for MySQL is a Platform-as-a-Service (PaaS) database service that provides a managed MySQL database engine. It is based on the MySQL Community Edition, version 5.7 or 8.0 (as of the latest updates). The service handles all infrastructure management: patching, backups, replication, and high availability. You do not have access to the underlying operating system or MySQL configuration files; instead, you configure the service through Azure portal, CLI, or REST API using server parameters.
Why use Azure Database for MySQL?
The primary benefit is reduced administrative overhead. Traditional MySQL on a VM requires you to manage OS updates, MySQL patches, storage, backups, and replication. With Azure Database for MySQL, these are automated. You can also scale compute and storage independently, set up read replicas with minimal effort, and achieve high availability with a 99.99% SLA (when using Business Critical tier with zone-redundant deployment). The service integrates with Azure Active Directory for authentication and Azure Monitor for performance metrics.
How it works internally
Azure Database for MySQL runs on a managed cluster of virtual machines. Each server instance is a logical MySQL server that maps to a physical node. The service uses a storage layer based on Azure Premium Storage or Ultra Disk, depending on the tier. Write-ahead logging (WAL) ensures durability. The service automatically maintains three copies of data within the same region for redundancy (local redundant storage). For backup, it takes full daily backups, transaction log backups every 5 minutes, and differential backups every 12 hours. These are stored in geo-redundant storage if you enable that option.
Deployment options: Single Server vs Flexible Server
Azure Database for MySQL offers two deployment models: Single Server and Flexible Server. Single Server is the original offering, now in a retirement path (scheduled for retirement in 2025). Flexible Server is the current recommended option. Key differences:
Compute tiers: Single Server offers Basic, General Purpose, and Memory Optimized. Flexible Server offers Burstable, General Purpose, and Memory Optimized.
High Availability: Single Server provides built-in HA with automatic failover (no zone redundancy). Flexible Server provides zone-redundant HA and same-zone HA.
Scaling: Flexible Server allows you to scale compute and storage independently with no downtime for compute scaling (if you choose the right tier). Single Server requires downtime for compute scaling.
Networking: Flexible Server supports private access via VNet integration and public access with firewall rules. Single Server only supports public access with firewall rules.
Maintenance: Flexible Server gives you a configurable maintenance window. Single Server does not.
For the DP-900 exam, you should know that Flexible Server is the newer and more feature-rich option. However, both are still examinable.
Scaling options
You can scale compute (vCores and memory) and storage separately. Compute scaling can be done manually or via autoscale (Flexible Server only). Storage scales automatically up to a maximum of 16 TB. You cannot scale down storage. The service supports up to 10 read replicas (Flexible Server) with asynchronous replication using MySQL's native binlog replication. Replicas can be within the same region or cross-region.
Security features
Firewall rules: You can add IP-based firewall rules at the server level.
VNet service endpoints: For Single Server, you can restrict access to a virtual network. For Flexible Server, you can deploy the server directly into a VNet (private access).
TLS/SSL: Connections are encrypted using TLS 1.2 by default. You can enforce TLS versions.
Authentication: Supports native MySQL authentication and Azure Active Directory passwordless authentication.
Encryption at rest: Data is encrypted using AES-256 with Microsoft-managed keys. You can also use customer-managed keys (CMK) with Azure Key Vault.
Audit logging: You can enable audit logs for compliance.
Backup and restore
Automatic backups are retained for 7 to 35 days (configurable). You can restore to any point within the retention period (point-in-time restore). Restores create a new server instance. Geo-restore is available if you enable geo-redundant storage (for Single Server) or cross-region restore (Flexible Server).
Monitoring and alerts
Azure Database for MySQL integrates with Azure Monitor. Key metrics include CPU percent, memory percent, storage percent, IOPS, connections, and replication lag. You can set alerts based on thresholds. Query Performance Insight provides query-level performance data.
Configuration via server parameters
Although you cannot modify the my.cnf file, you can change many MySQL server parameters through the Azure portal or CLI. Examples:
max_connections
innodb_buffer_pool_size (limited by compute tier)
query_cache_size (deprecated in MySQL 8.0)
time_zone
character_set_server
You can also reset parameters to default values.
How to create an Azure Database for MySQL using Azure CLI
# Create a resource group
az group create --name myResourceGroup --location eastus
# Create a MySQL Flexible Server
az mysql flexible-server create \
--resource-group myResourceGroup \
--name myMySQLServer \
--location eastus \
--admin-user myAdmin \
--admin-password myPassword \
--sku-name Standard_B1ms \
--tier Burstable \
--public-access 0.0.0.0/0
# Configure firewall rule
az mysql flexible-server firewall-rule create \
--resource-group myResourceGroup \
--name myMySQLServer \
--rule-name AllowMyIP \
--start-ip-address 203.0.113.0 \
--end-ip-address 203.0.113.255How to connect to Azure Database for MySQL
Use the MySQL client or any application that supports MySQL protocol. The connection string includes the server name (e.g., myMySQLServer.mysql.database.azure.com), port 3306, and SSL mode required.
mysql --host myMySQLServer.mysql.database.azure.com --user myAdmin --password --ssl-mode=REQUIREDPricing tiers
Burstable (Flexible Server): For workloads that don't need full CPU continuously. Provides baseline CPU and ability to burst.
General Purpose: Balanced compute and memory for most workloads.
Memory Optimized: Higher memory-to-core ratio for memory-intensive workloads.
Basic (Single Server): Entry-level, not for production.
Storage is billed per GB per month. IOPS are billed separately in some tiers.
High availability (Flexible Server)
Zone-redundant HA: Deploys a standby in another availability zone. Automatic failover with data synchronization using synchronous replication. RTO is typically 60-120 seconds, RPO is zero.
Same-zone HA: Deploys a standby in the same zone. Lower latency but less resilience.
Read replicas
You can create up to 10 read replicas. Replication is asynchronous. Replicas can be in the same region or cross-region. You can promote a replica to a standalone server. Replication lag is monitored.
Limitations
No superuser privilege. You cannot install plugins or modify system tables.
No direct file system access.
Maximum storage size: 16 TB.
Maximum number of databases: limited by storage.
InnoDB is the only supported storage engine.
Some MySQL features are not supported, e.g., the EVENT scheduler is disabled by default but can be enabled.
How it interacts with related technologies
Azure App Service: You can connect App Service web apps to Azure Database for MySQL using connection strings. Service endpoints or VNet integration ensure secure connectivity.
Azure Kubernetes Service (AKS): Pods can connect to MySQL using connection strings. For production, use a sidecar or application to manage connections.
Azure Functions: Can use MySQL bindings (preview).
Azure Data Factory: Can copy data to/from MySQL.
Azure Monitor: Collects metrics and logs.
Exam relevance
For DP-900, you need to understand the differences between PaaS and IaaS, when to choose Azure Database for MySQL over SQL Server or PostgreSQL, the high-level features (backup, HA, scaling), and the deployment options (Single Server vs Flexible Server). You will not be asked to write CLI commands, but you should know what is possible.
Create an Azure Database for MySQL
In the Azure portal, search for 'Azure Database for MySQL' and select 'Flexible Server' (recommended). Provide server name, admin username, password, location, compute tier, and storage size. You can also configure networking (public or private), backup retention, and tags. The deployment takes a few minutes. Alternatively, use Azure CLI or PowerShell. Once created, you get a fully functional MySQL server with no OS access.
Configure firewall rules
By default, no external connections are allowed. You must add firewall rules to permit client IP addresses or ranges. For public access, add rules in the 'Networking' blade. For private access (VNet), integrate the server into a virtual network. You can also allow Azure services to connect. Each rule has a name, start IP, and end IP. Changes are immediate.
Connect to the server using MySQL client
Use the MySQL command-line client or any GUI tool like MySQL Workbench. The server hostname is in the format `<servername>.mysql.database.azure.com`. Port is 3306. SSL is required by default. You must use the admin user and password set during creation. Example command: `mysql --host myServer.mysql.database.azure.com --user myAdmin --password --ssl-mode=REQUIRED`. Once connected, you can create databases, tables, and run queries.
Create a database and table
After connecting, create a database with `CREATE DATABASE mydb;`. Switch to it with `USE mydb;`. Create a table with `CREATE TABLE employees (id INT PRIMARY KEY, name VARCHAR(100));`. Insert data and query. This is standard MySQL syntax. The service behaves like a normal MySQL server from a client perspective.
Set up a read replica
In the Azure portal, go to your server, select 'Replication', and add a new replica. Provide a name and region. The replica will be created with the same compute and storage as the primary. It uses asynchronous binlog replication. You can monitor replication lag in metrics. Replicas can be promoted to standalone servers. Up to 10 replicas are supported.
Scale compute or storage
In the 'Compute + storage' blade, you can change the compute tier or storage size. For Flexible Server, compute scaling can be done with minimal downtime (a few seconds). Storage can only be increased, not decreased. The server will restart if needed. Scaling is billed immediately. You can also configure autoscale for compute (preview).
Perform a point-in-time restore
In the 'Overview' blade, click 'Restore'. Choose a restore point within the backup retention period (7-35 days). The restore creates a new server with the same settings. You can specify a new name. The process takes time proportional to the database size. After restore, you can verify data integrity and switch applications to the new server.
Enterprise Scenario 1: E-commerce Application with Seasonal Spikes
An online retailer runs a MySQL-based e-commerce platform on Azure. They chose Azure Database for MySQL Flexible Server in the General Purpose tier. During Black Friday, traffic spikes require additional compute. They enable autoscale (preview) to automatically increase vCores from 4 to 16 during peak hours. The database handles thousands of transactions per second. They set up a read replica in a different Azure region for disaster recovery. Monitoring alerts on CPU > 80% trigger scaling actions. Misconfiguration could occur if the max storage is set too low (e.g., 100 GB instead of 1 TB), causing auto-growth failures. They also use VNet integration to secure traffic between the web tier and database.
Enterprise Scenario 2: SaaS Multi-Tenant Application
A SaaS provider uses Azure Database for MySQL to serve multiple tenants. Each tenant gets a separate database on the same server. They use connection pooling to manage hundreds of connections. The Burstable tier is cost-effective for small tenants, but they upgrade to General Purpose for larger ones. They enable audit logs to track data access for compliance. A common pitfall is reaching the max_connections limit (default 100 for Burstable B1ms). They increase it via server parameters. They also use Azure Active Directory authentication to avoid storing passwords in application code.
Enterprise Scenario 3: Migration from On-Premises MySQL
A financial services company migrates a legacy MySQL 5.7 database to Azure. They use Azure Database Migration Service to assess compatibility and perform an online migration with minimal downtime. Post-migration, they enable geo-redundant backups for compliance. They configure a maintenance window for patching during off-hours. A challenge is that some stored procedures use MySQL features not supported in Azure (e.g., superuser privileges). They refactor the code. They also set up performance monitoring using Query Performance Insight to identify slow queries.
What DP-900 Tests on Azure Database for MySQL
The DP-900 exam objectives under 'Describe relational data workloads' and 'Describe relational data services on Azure' include understanding the characteristics of Azure Database for MySQL as a PaaS offering. You need to know:
Objective 2.1: Describe relational data services on Azure. This includes identifying Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, and Azure SQL Managed Instance.
Objective 2.2: Describe relational data workloads. This includes understanding when to use MySQL vs SQL Server vs PostgreSQL.
Common Wrong Answers and Why Candidates Choose Them
1. Wrong answer: 'Azure Database for MySQL supports all MySQL features including superuser access.' Why: Candidates assume PaaS is just MySQL in the cloud. The reality is that superuser is restricted for security. 2. Wrong answer: 'You can only use public endpoints to connect to Azure Database for MySQL.' Why: Candidates are unaware of VNet integration in Flexible Server. Both public and private access are available. 3. Wrong answer: 'Scaling compute always requires downtime.' Why: In Single Server, scaling compute requires a restart (downtime). But in Flexible Server, compute scaling can be done with minimal downtime (a few seconds). The exam may test this difference. 4. Wrong answer: 'Backups are stored locally on the server.' Why: Backups are stored in Azure Blob Storage, not on the server disk.
Specific Numbers, Values, and Terms That Appear on the Exam
Backup retention: 7 to 35 days (configurable).
Maximum storage: 16 TB.
Maximum read replicas: 10 (Flexible Server).
Default TLS version: 1.2.
HA RTO: 60-120 seconds (zone-redundant).
HA RPO: 0 (zero data loss) for zone-redundant.
Compute tiers: Burstable, General Purpose, Memory Optimized (Flexible Server).
Deployment models: Single Server (retiring) and Flexible Server.
Edge Cases and Exceptions the Exam Loves to Test
You cannot downgrade storage.
You cannot change the MySQL version after creation without migration.
The EVENT scheduler is disabled by default but can be enabled via server parameters.
Cross-region read replicas are supported only in Flexible Server (not Single Server).
Geo-redundant backup is available only in Single Server (not Flexible Server by default, but cross-region restore is available).
How to Eliminate Wrong Answers Using the Underlying Mechanism
When a question asks about high availability, think: zone-redundant HA uses synchronous replication between zones, so RPO is zero. Same-zone HA uses synchronous replication within one zone, so RPO is zero but less resilient. Single Server HA is automatic but not zone-redundant. If the question mentions 'zero data loss', zone-redundant HA is correct. If the question mentions 'cost-effective', same-zone HA is cheaper. For scaling, remember that storage auto-grows but cannot shrink. Compute scaling may cause a short connection interruption. For security, remember that private access requires VNet integration. Public access uses firewall rules. These mechanisms guide the correct answer.
Azure Database for MySQL is a PaaS offering based on MySQL Community Edition (5.7 or 8.0).
Two deployment models: Single Server (retiring) and Flexible Server (recommended).
Flexible Server supports zone-redundant HA with RPO=0 and RTO 60-120 seconds.
Maximum storage is 16 TB; storage auto-grows but cannot be decreased.
Backup retention is configurable from 7 to 35 days.
Up to 10 read replicas are supported with asynchronous replication.
You cannot access the underlying OS or MySQL configuration files; use server parameters instead.
Connections require TLS 1.2 by default; SSL enforcement is configurable.
Scaling compute in Flexible Server causes minimal downtime (a few seconds).
Only InnoDB storage engine is supported.
These come up on the exam all the time. Here's how to tell them apart.
Azure Database for MySQL (PaaS)
Fully managed: automatic patching, backups, HA
No OS access; restricted superuser privileges
Scaling compute with minimal downtime (Flexible Server)
Integrated with Azure Monitor and security features
Higher cost due to management overhead included
MySQL on Azure VM (IaaS)
Full control over OS and MySQL configuration
You manage patching, backups, and HA yourself
Scaling requires manual intervention and downtime
You need to set up monitoring and security manually
Potentially lower cost if you optimize resources
Mistake
Azure Database for MySQL is just MySQL installed on an Azure VM.
Correct
It is a fully managed PaaS service. You do not have access to the OS or MySQL configuration files. Microsoft handles patching, backups, and high availability.
Mistake
You can use any MySQL storage engine.
Correct
Only InnoDB is supported. Other engines like MyISAM or MEMORY are not available.
Mistake
Scaling storage is reversible.
Correct
You can only increase storage, not decrease it. Plan accordingly.
Mistake
All Azure Database for MySQL servers support zone-redundant HA.
Correct
Only Flexible Server supports zone-redundant HA. Single Server does not have zone redundancy.
Mistake
You can connect to Azure Database for MySQL without SSL.
Correct
By default, SSL is enforced. You can disable it, but that is not recommended and may be blocked by policy.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Yes, it is designed for production. The Business Critical tier with zone-redundant HA offers a 99.99% SLA. You should choose the appropriate compute tier and storage size based on your workload. Ensure you configure backups, monitoring, and security properly.
You can use Azure Database Migration Service for online or offline migrations. For small databases, you can export using mysqldump and import using mysql command. For large databases, use the migration service to minimize downtime. Ensure compatibility: only InnoDB is supported, and some features like superuser are restricted.
Single Server is the older model with public access only, no zone-redundant HA, and requires downtime for scaling. Flexible Server is the newer model with VNet integration, zone-redundant HA, minimal downtime scaling, and more compute tiers. Microsoft recommends Flexible Server for new deployments.
Yes, you can set the 'ssl_enforcement' server parameter to DISABLED. However, this is a security risk. Azure enforces SSL by default. For production, keep SSL enabled. You can also configure the minimum TLS version.
Use Azure Monitor metrics like CPU percent, memory percent, IOPS, and connections. Enable Query Performance Insight to identify slow queries. Set alerts for threshold breaches. You can also enable audit logs for security.
The database will become read-only. You must increase storage or delete data to resume writes. Storage auto-growth can be enabled, but it cannot exceed the maximum limit (16 TB). Monitor storage usage and set alerts.
Yes, Azure Database for MySQL Flexible Server supports Azure AD authentication. You can create Azure AD users and use token-based authentication. This eliminates the need for passwords in connection strings.
You've just covered Azure Database for MySQL — now see how well it sticks with free DP-900 practice questions. Full explanations included, no account needed.
Done with this chapter?