Skip to content

sql-vm-create-portal-quickstart.md

Latest commit

 

History

History
223 lines (131 loc) · 14.2 KB

sql-vm-create-portal-quickstart.md

File metadata and controls

223 lines (131 loc) · 14.2 KB
title Create SQL Server on a Windows Virtual Machine in the Azure Portal
description This tutorial shows how to create a Windows virtual machine with SQL Server in the Azure portal.
author MashaMSFT
ms.author mathoma
ms.reviewer dpless
ms.date 09/16/2025
ms.service azure-vm-sql-server
ms.subservice deployment
ms.topic quickstart
ms.custom
mode-ui
sfi-image-nochange
tags azure-resource-manager

Quickstart: Create SQL Server on a Windows virtual machine in the Azure portal

[!INCLUDE appliesto-sqlvm]

[!div class="op_single_selector"]

This quickstart steps through creating a SQL Server virtual machine (VM) in the Azure portal. Follow the article to deploy either a conventional SQL Server on Azure VM or SQL Server deployed to an Azure confidential VM.

Tip

Get an Azure subscription

If you don't have an Azure subscription, create a free account before you begin.

Select a SQL Server VM image

  1. Go to Azure SQL hub at aka.ms/azuresqlhub.

  2. In the pane for SQL Server on Azure Virtual Machines, select Show options.

    :::image type="content" source="media/sql-vm-create-portal-quickstart/show-options-create-virtual-machine.png" alt-text="Screenshot from the Azure portal of the Azure SQL hub, showing the Show options button and the Create SQL Managed Instance button." lightbox="media/sql-vm-create-portal-quickstart/show-options-create-virtual-machine.png":::

  3. In the Select an image offer box, choose a SQL Server image (such as Free SQL Server License: SQL Server 2025 Enterprise Developer on Windows Server 2025).

    For conventional SQL Server VMs, select one of the versions labeled Free SQL Server License... from the dropdown. For Confidential VMs, choose the SQL Server 2022 Enterprise / Developer / Standard / Web on Windows Server 2022 - x64 Gen 2 image from the drop-down list.

  4. Select Create virtual machine.

Provide basic details

The instructions for basic details vary between deploying a conventional SQL Server on Azure VM and SQL Server on an Azure confidential VM.

[!INCLUDE sql-vm-deployment-failure]

Conventional VM

To deploy a conventional SQL Server on Azure VM, on the Basics tab, provide the following information:

  1. In the Project Details section, select your Azure subscription, and then select Create new to create a new resource group. Type SQLVM-RG for the name.

    Screenshot showing the Subscription section when creating your SQL VM in the Azure portal.

  2. Under Instance details:

    1. Type SQLVM for the Virtual machine name.
    2. Choose a location for your Region.
    3. For the purpose of this quickstart, leave Availability options set to No infrastructure redundancy required. To find out more information about availability options, see Availability.
    4. In the Image list, select the image with the version of SQL Server and operating system you want. For example, you can use an image with a label that begins with Free SQL Server License.
    5. Choose to See all sizes for the Size of the virtual machine, and select the A2 Basic offering. Be sure to clean up your resources once you're done with them to prevent any unexpected charges.

    Screenshot showing the Instance details section when creating your SQL VM in the Azure portal.

  3. Under Administrator account, provide a username such as azureuser and a password. The password must be at least 12 characters long and meet the defined complexity requirements.

    Screenshot showing the Administrator account section when creating your SQL VM in the Azure portal.

  4. Under Inbound port rules, choose Allow selected ports, and then select RDP (3389) from the dropdown.

    Screenshot showing the Inbound port rules section when creating your SQL VM in the Azure portal.

Confidential VM

To deploy your SQL Server to an Azure confidential VM, on the Basics tab, provide the following information:

  1. In the Project Details section, select your Azure subscription, and then select Create new to create a new resource group. Type SQLVM-RG for the name.

    Screenshot showing the Subscription section when creating your SQL VM in the Azure portal.

  2. Under Instance details:

    1. Type SQLVM for the Virtual machine name.
    2. Choose a location for your Region. To validate region supportability, look for the ECadsv5-series or DCadsv5-series in VM products Available by Azure region.
    3. For Security type, choose Confidential virtual machines from the dropdown. If this option is grayed out, it's likely the chosen region doesn't currently support confidential VMs. Choose a different region from the drop-down.
    4. For the purpose of this quickstart, leave Availability options set to No infrastructure redundancy required. To find out more information about availability options, see Availability.
    5. In the Image list, choose the SQL Server 2022 Enterprise on Windows Server 2022 Database Engine Only image. To change the SQL Server image, select See all images, and then filter by Security type = Confidential VMs to identify all SQL Server images that support confidential VMs.
    6. Leave the size at the default of Standard_EC2ads_v5. However, to see all available sizes, select See all sizes to identify all the VM sizes that support confidential VMs, as well as the sizes that don't.

    :::image type="content" source="media/sql-vm-create-portal-quickstart/basic-instance-details-confidential.png" alt-text="Screen shot of the Azure portal showing instance details.":::

  3. Under Administrator account, provide a username such as azureuser and a password. The password must be at least 12 characters long and meet the defined complexity requirements.

    :::image type="content" source="media/sql-vm-create-portal-quickstart/basics-administrator-account.png" alt-text="Screen shot of the Azure portal, Administrator account":::

  4. Under Inbound port rules, choose Allow selected ports, and then select RDP (3389) from the dropdown.

    :::image type="content" source="media/sql-vm-create-portal-quickstart/basics-inbound-port-rules.png" alt-text="Screen shot of the Azure portal, Inbound port rules.":::

Disks

Configure confidential OS disk encryption. This is optional for test VMs but recommended for production environments. For greater details, review the Quickstart: Deploy a confidential VM.

  1. On the tab Disks, configure the following settings:

    1. Under Disk options, enable Confidential compute encryption if you want to encrypt your VM's OS disk during creation.
    2. For Confidential compute encryption type, select the type of encryption to use.
    3. If Confidential disk encryption with a customer-managed key is selected, create a Confidential disk encryption set before creating your confidential VM.

  2. (Optional) If necessary, create a Confidential disk encryption set as follows.

    1. Create an Azure Key Vault. For the pricing tier, select Premium (includes support for HSM backed keys), or create an Azure Key Vault managed Hardware Security Module (HSM).

    2. In the Azure portal, search for and select Disk Encryption Sets.

    3. Select Create.

    4. For Subscription, select which Azure subscription to use.

    5. For Resource group, select or create a new resource group to use.

    6. For Disk encryption set name, enter a name for the set.

    7. For Region, select an available Azure region.

    8. For Encryption type, select Confidential disk encryption with a customer-managed key.

    9. For Key Vault, select the key vault you already created.

    10. Under Key Vault, select Create new to create a new key.

      [!NOTE]
      If you selected an Azure managed HSM previously, use PowerShell or the Azure CLI to create the new key instead.

    11. For Name, enter a name for the key.

    12. For the key type, select RSA-HSM.

    13. Select your key size.

    14. Select Create to finish creating the key.

    15. Select Review + create to create a new disk encryption set. Wait for the resource creation to complete successfully.

    16. Go to the disk encryption set resource in the Azure portal.

    17. Select the pink banner to grant permissions to Azure Key Vault.

      [!IMPORTANT]
      You must perform this step to successfully create the confidential VM.

SQL Server settings

On the SQL Server settings tab, configure the following options:

  1. Under Security & Networking, select Public (Internet) for SQL Connectivity, and change the port to 1401 to avoid using a well-known port number in the public scenario.

  2. Under SQL Authentication, select Enable. The SQL login credentials are set to the same user name and password that you configured for the VM. Use the default setting for Azure Key Vault integration. Storage configuration isn't available for the basic SQL Server VM image, but you can find more information about available options for other images at storage configuration.

    Screenshot showing the SQL Server security settings section when creating your SQL VM in the Azure portal.

  3. Change any other settings if needed, and then select Review + create.

    Screenshot showing the Review + create section when creating your SQL VM in the Azure portal.

Create the SQL Server VM

On the Review + create tab, review the summary, and select Create to create SQL Server, resource group, and resources specified for this VM.

You can monitor the deployment from the Azure portal. The Notifications button at the top of the screen shows basic status of the deployment. Deployment can take several minutes.

Connect to SQL Server

  1. In the portal, find the Public IP address of your SQL Server VM in the Overview section of your virtual machine's properties.

  2. On a different computer connected to the Internet, open SQL Server Management Studio (SSMS).

  3. In the Connect to Server or Connect to Database Engine dialog box, edit the Server name value. Enter your VM's public IP address. Then add a comma and add the custom port (1401) that you specified when you configured the new VM. For example, 11.22.33.444,1401.

  4. In the Authentication box, select SQL Server Authentication.

  5. In the Login box, type the name of a valid SQL login.

  6. In the Password box, type the password of the login.

  7. Select Connect.

    Screenshot of the Connect to Server window in SSMS.

Log in to the VM remotely

Use the following steps to connect to the SQL Server virtual machine with Bastion:

[!INCLUDE Connect to SQL Server VM with remote desktop]

After you connect to the SQL Server virtual machine, you can launch SQL Server Management Studio and connect with Windows Authentication using your local administrator credentials. If you enabled SQL Server Authentication, you can also connect with SQL Authentication using the SQL login and password you configured during provisioning.

Access to the machine enables you to directly change machine and SQL Server settings based on your requirements. For example, you could configure the firewall settings or change SQL Server configuration settings.

Clean up resources

If you don't need your SQL VM to run continually, you can avoid unnecessary charges by stopping it when not in use. You can also permanently delete all resources associated with the virtual machine by deleting its associated resource group in the portal. This permanently deletes the virtual machine as well, so use this command with care. For more information, see Manage Azure resources through portal.

Next step

[!div class="nextstepaction"] Migration guide: SQL Server to SQL Server on Azure Virtual Machines