az sql mi

  • Reference

Manage SQL managed instances.

Commands

az sql mi ad-admin

Manage a managed instance's Active Directory administrator.
az sql mi ad-admin create

Creates a new managed instance Active Directory administrator.
az sql mi ad-admin delete

Deletes an existing managed instance Active Directory Administrator.
az sql mi ad-admin list

Returns a list of managed instance Active Directory Administrators.
az sql mi ad-admin update

Updates an existing managed instance Active Directory administrator.
az sql mi ad-only-auth

Manage a Managed Instance's Azure Active Directory only settings.
az sql mi ad-only-auth disable

Disable Azure Active Directory only Authentication for this Managed Instance.
az sql mi ad-only-auth enable

Enable Azure Active Directory only Authentication for this Managed Instance.
az sql mi ad-only-auth get

Get a specific Azure Active Directory only Authentication property.
az sql mi advanced-threat-protection-setting

Manage a SQL managed instance's advanced threat protection setting.
az sql mi advanced-threat-protection-setting show

Gets an advanced threat protection setting.
az sql mi advanced-threat-protection-setting update

Update a SQL managed instance's advanced threat protection setting.
az sql mi create

Create a managed instance.
az sql mi delete

Delete a managed instance.
az sql mi endpoint-cert

Endpoint certificates management commands.
az sql mi endpoint-cert list

List certificates used on endpoints on the target instance.
az sql mi endpoint-cert show

Get a certificate used on the endpoint with the given id.
az sql mi failover

Failover a managed instance.
az sql mi key

Manage a SQL Instance's keys.
az sql mi key create

Creates a SQL Instance key.
az sql mi key delete

Deletes a SQL Instance key.
az sql mi key list

Gets a list of managed instance keys.
az sql mi key show

Shows a SQL Instance key.
az sql mi link

Instance link management commands.
az sql mi link create

Create a distributed availability group between Sql On-Prem and Sql Managed Instance.
az sql mi link delete

Drop a distributed availability group between Sql On-Prem and Sql Managed Instance.
az sql mi link list

Get a list of a distributed availability groups in instance.
az sql mi link show

Get a distributed availability group info.
az sql mi link update

Update a distributed availability group between Sql On-Prem and Sql Managed Instance.
az sql mi list

List available managed instances.
az sql mi op

Manage operations on a managed instance.
az sql mi op cancel

Cancels the asynchronous operation on the managed instance.
az sql mi op list

Gets a list of operations performed on the managed instance.
az sql mi op show

Gets a management operation on a managed instance.
az sql mi partner-cert

Server trust certificate management commands.
az sql mi partner-cert create

Upload a server trust certificate from box to Sql Managed Instance.
az sql mi partner-cert delete

Delete a server trust certificate that was uploaded from box to Sql Managed Instance.
az sql mi partner-cert list

Get a list of server trust certificates that were uploaded from box to the given Sql Managed Instance.
az sql mi partner-cert show

Get a server trust certificate that was uploaded from box to Sql Managed Instance.
az sql mi show

Get the details for a managed instance.
az sql mi tde-key

Manage a SQL Instance's encryption protector.
az sql mi tde-key set

Sets the SQL Instance's encryption protector.
az sql mi tde-key show

Shows a server encryption protector.
az sql mi update

Update a managed instance.

az sql mi create

Edit

Create a managed instance.

az sql mi create --name
                 --resource-group
                 --subnet
                 [--admin-password]
                 [--admin-user]
                 [--assign-identity]
                 [--backup-storage-redundancy]
                 [--capacity]
                 [--collation]
                 [--edition]
                 [--enable-ad-only-auth]
                 [--external-admin-name]
                 [--external-admin-principal-type]
                 [--external-admin-sid]
                 [--family]
                 [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                 [--key-id]
                 [--license-type {BasePrice, LicenseIncluded}]
                 [--location]
                 [--maint-config-id]
                 [--minimal-tls-version {1.0, 1.1, 1.2, None}]
                 [--no-wait]
                 [--pid]
                 [--proxy-override {Default, Proxy, Redirect}]
                 [--public-data-endpoint-enabled {false, true}]
                 [--service-principal-type {None, SystemAssigned}]
                 [--storage]
                 [--tags]
                 [--timezone-id]
                 [--user-assigned-identity-id]
                 [--vnet-name]
                 [--yes]

Examples

Create a managed instance with minimal set of parameters

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName}

Create a managed instance with specified parameters and with identity

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --license-type LicenseIncluded --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName} --capacity 8 --storage 32GB --edition GeneralPurpose --family Gen5

Create managed instance with specified parameters and tags

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --license-type LicenseIncluded --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName} --capacity 8 --storage 32GB --edition GeneralPurpose --family Gen5 --tags tagName1=tagValue1 tagName2=tagValue2

Create managed instance with specified parameters and backup storage redundancy specified

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --license-type LicenseIncluded --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName} --capacity 8 --storage 32GB --edition GeneralPurpose --family Gen5 --backup-storage-redundancy Local

Create a managed instance with maintenance configuration

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName} -m SQL_{Region}_{MaintenanceConfigName}

Create a managed instance with Service Principal enabled

az sql mi create -g mygroup -n myinstance -l mylocation -i -u myusername -p mypassword --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNETName}/subnets/{SubnetName} --service-principal-type SystemAssigned

Create a managed instance without SQL Admin, with AAD admin and AD Only enabled

az sql mi create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName --external-admin-sid c5e964e2-6bb2-2222-1111-3b16ec0e1234 -g myResourceGroup -n miName --subnet /subscriptions/78975f9f-2222-1111-1111-29c42ac70000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/vnet-test/subnets/ManagedInstance

Create a managed instance without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is SystemAssigned,UserAssigned.

az sql mi create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --subnet /subscriptions/78975f9f-2222-1111-1111-29c42ac70000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/vnet-test/subnets/ManagedInstance

Create a managed instance without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is UserAssigned.

az sql mi create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --subnet /subscriptions/78975f9f-2222-1111-1111-29c42ac70000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/vnet-test/subnets/ManagedInstance

Required Parameters

--name -n

The managed instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subnet

Name or ID of the subnet that allows access to an Azure Sql Managed Instance. If subnet name is provided, --vnet-name must be provided.

Optional Parameters

--admin-password -p

The administrator login password (required formanaged instance creation).

--admin-user -u

Administrator username for the managed instance. Canonly be specified when the managed instance is beingcreated (and is required for creation).

--assign-identity -i

Generate and assign an Azure Active Directory Identity for this managed instance for use with key management services like Azure KeyVault.

default value: False
--backup-storage-redundancy --bsr

Backup storage redundancy used to store backups. Allowed values include: Local, Zone, Geo, GeoZone.

--capacity -c

The capacity of the managed instance in integer number of vcores.

--collation

The collation of the managed instance.

--edition --tier -e

The edition component of the sku. Allowed values include: GeneralPurpose, BusinessCritical.

--enable-ad-only-auth

Enable Azure Active Directory Only Authentication for this server.

default value: False
--external-admin-name

Display name of the Azure AD administrator user, group or application.

--external-admin-principal-type

User, Group or Application.

--external-admin-sid

The unique ID of the Azure AD administrator. Object Id for User or Group, Client Id for Applications.

--family -f

The compute generation component of the sku. Allowed values include: Gen4, Gen5.

--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssignedUserAssigned and None.

accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned
--key-id -k

The key vault URI for encryption.

--license-type

The license type to apply for this managed instance.

accepted values: BasePrice, LicenseIncluded
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--maint-config-id -m

Assign maintenance configuration to this managed instance.

--minimal-tls-version

The minimal TLS version enforced by the managed instance for inbound connections.

accepted values: 1.0, 1.1, 1.2, None
--no-wait

Do not wait for the long-running operation to finish.

default value: False
--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--proxy-override

The connection type used for connecting to the instance.

accepted values: Default, Proxy, Redirect
--public-data-endpoint-enabled

Whether or not the public data endpoint is enabled for the instance.

accepted values: false, true
--service-principal-type

Service Principal type to be used for this Managed Instance. Possible values are SystemAssigned and None.

accepted values: None, SystemAssigned
--storage

The storage size of the managed instance. Storage size must be specified in increments of 32 GB.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--timezone-id

The time zone id for the instance to set. A list of time zone ids is exposed through the sys.time_zone_info (Transact-SQL) view.

--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

--vnet-name

The virtual network name.

--yes -y

Do not prompt for confirmation.

default value: False

az sql mi delete

Edit

Delete a managed instance.

az sql mi delete [--ids]
                 [--name]
                 [--no-wait]
                 [--resource-group]
                 [--subscription]
                 [--yes]

Examples

Delete a managed instance

az sql mi delete -g mygroup -n myinstance --yes

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The managed instance name.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

az sql mi failover

Edit

Failover a managed instance.

az sql mi failover [--ids]
                   [--name]
                   [--no-wait]
                   [--replica-type]
                   [--resource-group]
                   [--subscription]

Examples

Failover a managed instance primary replica

az sql mi failover -g mygroup -n myinstance

Failover a managed instance readable secodary replica

az sql mi failover -g mygroup -n myinstance --replica-type ReadableSecondary

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The managed instance name.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--replica-type

The type of replica to be failed over. Known values are: "Primary" and "ReadableSecondary". Default value is None.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az sql mi list

Edit

List available managed instances.

az sql mi list [--expand-ad-admin]
               [--resource-group]

Examples

List all managed instances in the current subscription.

az sql mi list

List all managed instances in a resource group.

az sql mi list -g mygroup

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

default value: False
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az sql mi show

Edit

Get the details for a managed instance.

az sql mi show [--expand-ad-admin]
               [--ids]
               [--name]
               [--resource-group]
               [--subscription]

Examples

Get the details for a managed instance

az sql mi show -g mygroup -n myinstance

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The managed instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az sql mi update

Edit

Update a managed instance.

az sql mi update [--add]
                 [--admin-password]
                 [--assign-identity]
                 [--backup-storage-redundancy]
                 [--capacity]
                 [--edition]
                 [--family]
                 [--force-string]
                 [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                 [--ids]
                 [--key-id]
                 [--license-type {BasePrice, LicenseIncluded}]
                 [--maint-config-id]
                 [--minimal-tls-version {1.0, 1.1, 1.2, None}]
                 [--name]
                 [--no-wait]
                 [--pid]
                 [--proxy-override {Default, Proxy, Redirect}]
                 [--public-data-endpoint-enabled {false, true}]
                 [--remove]
                 [--resource-group]
                 [--service-principal-type {None, SystemAssigned}]
                 [--set]
                 [--storage]
                 [--subnet]
                 [--subscription]
                 [--tags]
                 [--user-assigned-identity-id]
                 [--vnet-name]
                 [--yes]

Examples

Updates a mi with specified parameters and with identity

az sql mi update -g mygroup -n myinstance -i -p mypassword --license-type mylicensetype --capacity vcorecapacity --storage storagesize

Update mi edition and hardware family

az sql mi update -g mygroup -n myinstance --tier GeneralPurpose --family Gen5

Add or update a tag.

az sql mi update -g mygroup -n myinstance --set tags.tagName=tagValue

Remove a tag.

az sql mi update -g mygroup -n myinstance --remove tags.tagName

Update a managed instance. (autogenerated)

az sql mi update --name myinstance --proxy-override Default --resource-group mygroup --subscription MySubscription

Update a managed instance. (autogenerated)

az sql mi update --name myinstance --public-data-endpoint-enabled true --resource-group mygroup --subscription MySubscription

Update a managed instance with maintenance configuration

az sql mi update -g mygroup -n myinstance -m SQL_{Region}_{MaintenanceConfigName}

Remove maintenance configuration from managed instance

az sql mi update -g mygroup -n myinstance -m SQL_Default

Update a managed instance with Service Principal

az sql mi update -g mygroup -n myinstance --service-principal-type SystemAssigned

Update a managed instance with User Managed Identies and Identity Type is SystemAssigned,UserAssigned.

az sql mi update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Update a managed instance with User Managed Identies and Identity Type is UserAssigned

az sql mi update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Move managed instance to another subnet

az sql mi update -g myResourceGroup -n myServer -i \ --subnet /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \

Update mi backup storage redundancy

az sql mi update -g mygroup -n myinstance --bsr Local

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

default value: []
--admin-password -p

The administrator login password (required formanaged instance creation).

--assign-identity -i

Generate and assign an Azure Active Directory Identity for this managed instance for use with key management services like Azure KeyVault. If identity is already assigned - do nothing.

default value: False
--backup-storage-redundancy --bsr

Backup storage redundancy used to store backups. Allowed values include: Local, Zone, Geo, GeoZone.

--capacity -c

The capacity of the managed instance in integer number of vcores.

--edition --tier -e

The edition component of the sku. Allowed values include: GeneralPurpose, BusinessCritical.

--family -f

The compute generation component of the sku. Allowed values include: Gen4, Gen5.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

default value: False
--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssignedUserAssigned and None.

accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-id -k

The key vault URI for encryption.

--license-type

The license type to apply for this managed instance.

accepted values: BasePrice, LicenseIncluded
--maint-config-id -m

Change maintenance configuration for this managed instance.

--minimal-tls-version

The minimal TLS version enforced by the managed instance for inbound connections.

accepted values: 1.0, 1.1, 1.2, None
--name -n

The managed instance name.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--proxy-override

The connection type used for connecting to the instance.

accepted values: Default, Proxy, Redirect
--public-data-endpoint-enabled

Whether or not the public data endpoint is enabled for the instance.

accepted values: false, true
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

default value: []
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service-principal-type

Service Principal type to be used for this Managed Instance. Possible values are SystemAssigned and None.

accepted values: None, SystemAssigned
--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

default value: []
--storage

The storage size of the managed instance. Storage size must be specified in increments of 32 GB.

--subnet

Name or ID of the subnet that allows access to an Azure Sql Managed Instance. If subnet name is provided, --vnet-name must be provided.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

--vnet-name

The virtual network name.

--yes -y

Do not prompt for confirmation.

default value: False