Grant access to Azure DB via host name (reverse DNS) instead of IP address
Clients behind dynamic IP addresses are unable to make use of Azure DB for desktop and server application because I cannot know the IP address that their workstations might be calling from.
I can use DynDNS to maintain their external host name but good luck to anyone who wants to use DB sync or to direct access the Azure DB databases in this type of environment.
Static IP is not available to many of our clients as they are in remote locations that only have 3G/4G coverage
There are no plans to make this change, but we’ll keep this item open for voting and comments. Thanks
This is solved by Azure Private Endpoint. Only remaining issue is the custom DNS host name will not work for certificate validation.
Gopi Reddy commented
User authentication, DB connection authentication, and feature authorization together are more than adequate. If an Azure DB customer doesn't want IP address access control, then that should be available as an option.
Why not use an ssh key like for instance digitalocean does? Needing a fixed IP prevents me from using azure!
GCP has a much more usable approach to this using a local Proxy: https://cloud.google.com/sql/docs/mysql/quickstart-proxy-test
This would be so much more convenient!
How's this effort coming along?
Using azure SQL and azure apps, the only option in the firewall is to allow the entire Azure cloud. With this idea you can limit access from the Azure cloud by adding appname.azurewebsites.net into the firewall.
Chris Schaller commented
My current work around is to enable all IP addresses, I get a shiver down my spine every time I think about it, and I'm too embarrassed to say it out loud.
Current allow rule is 0.0.0.0 - 255.255.255.255