You are configuring Azure SQL Database firewall rules for a new application. The application runs on Azure VMs in the same region. To minimize latency and security risk, which approach should you use?
Trap 1: Add a firewall rule allowing all Azure IP addresses.
Allowing all Azure IPs is overly broad and insecure.
Trap 2: Add a firewall rule for each VM's public IP address.
Public IPs may change and are less secure than VNet integration.
Trap 3: Add a firewall rule allowing all Azure services to access the…
Allowing all Azure services is too permissive and not secure.
- A
Add a firewall rule allowing all Azure IP addresses.
Why wrong: Allowing all Azure IPs is overly broad and insecure.
- B
Configure a virtual network service endpoint and a virtual network firewall rule.
Service endpoints provide secure, low-latency connectivity from the VNet to Azure SQL.
- C
Add a firewall rule for each VM's public IP address.
Why wrong: Public IPs may change and are less secure than VNet integration.
- D
Add a firewall rule allowing all Azure services to access the database.
Why wrong: Allowing all Azure services is too permissive and not secure.