Add a DL as a login in azure sql managed instace

Question

I am able to add individual AD logins as a login in azure sql managed instance, when i try to add a DL is the same way i am getting the following error.

error: Principal '' could not be found or this principal type is not supported.

Query user: CREATE LOGIN [] FROM EXTERNAL PROVIDER GO

Want to add a DL as login so that all individuals withing the DL can access the instance, isn't this not possible? What am I doing wrong here?

By "DL" do you mean that the AAD Group is an "Office 365 Group" and not a "Security Group". https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal — David Browne - Microsoft, Sep 23 '19 at 13:15
See How do I assign an entire Active Directory group security access in SQL Server 2008? for a simple rundown of how this should work. I suspect that this only works for security groups (which are the only type of group I have used this for), but I haven't confirmed this. — Laughing Vergil, Sep 23 '19 at 16:43
by the replies i assume we can give permission to only security groups? What is the difference between Office 365 Group and Security Group? — Venkat, Sep 24 '19 at 05:19

score 2 · Answer 1 · answered Mar 10 '20 at 15:24

To create a DL (assuming it is a group in AAD), you need to create without the @domain.. on the database that you want to connect.. example:

CREATE USER [GroupName] FROM EXTERNAL PROVIDER

Here you have a link

https://techcommunity.microsoft.com/t5/azure-database-support-blog/lesson-learned-23-how-to-add-aad-security-groups-to-azure-sql/ba-p/368866

Add a DL as a login in azure sql managed instace

1 Answers1