Connecting to Azure SQL DB

This section describes connections to Azure managed database service Azure SQL DB. Versions V12 and later are supported.

If connecting to an Azure SQL MI (Managed Instance) then please refer to Connecting to SQL Server instead.

If this is the first time connecting to the database from your current IP address then Azure may reject the connection request in which case you may need to add the IP address to the Azure server firewall.

DataVeil uses JDBC for connectivity.


Database Type

This must be Azure SQL Database for correct operation. This value is set when the Connection definition is created. After it has been created the value cannot be changed directly. This is why the field is disabled.

If there is a reason why this value must be changed, such as because the Connection definition was created using the wrong value by mistake, then the Migrate Masks function can be used to move to a new Connection definition.

Database Name

The name of the Azure SQL Database.


SQL Server

Authentication shall take place at the Azure SQL Database using the specified Username and Password.

Azure Active Directory - Integrated

Authentication shall be performed by Azure Active Directory using integrated authentication.

Azure Active Directory - Password

Authentication shall be performed by Azure Active Directory using the specified Username and Password.

Azure Active Directory - Interactive MFA

Authentication shall be performed by Azure Active Directory multi-factor authentication using the specified Username.

Hostname or IP

This should correspond to the server name where the Azure SQL Database is hosted. This value can be found in the database configuration information at the Azure portal.


This should be empty for Azure SQL Database connections.


This should be empty for Azure SQL Database connections.


This checkbox should be cleared for Azure SQL Database connections so that it is untrusted. Untrusted connections will ensure that the certificate is validated during connection establishment.


Use JDBC Connection String

If connection cannot be established using one of the above DataVeil built-in Authentication methods then you can use your own JDBC connection string instead. This may be necessary in non-conventional user configurations. E.g. If the domain in the host name certificate does not match the domain where the database is hosted.

When this option is selected DataVeil shall use the user-specified JDBC connection string to establish connections instead of the other connection parameters on the form, with the exception of the Username and Password fields. Although it is possible to specify username and password details in a JDBC connection string it is strongly recommended that you omit these from the JDBC string. This is for security reasons and is discussed in more detail further below.

Suggested JDBC connection strings can be found in the user Azure portal. In the Azure SQL details panel for the configured database, find the "Connection strings" page. At the top of this page click on the "JDBC" tab. The screen below shows Azure JDBC connection strings for a database named


Note that some of the Azure-supplied JDBC connection strings will contain username and password placeholder properties such  as user={your_username_here};password={your_password_here};. Although you could enter your login credentials in the JDBC string it is recommended that you do not. This is because these details would be exposed as plain text and that presents a security risk. Therefore, these properties should be removed from the JDBC string and instead they should be specified in the Username and Password fields of the DataVeil Connection form. DataVeil manages the Password field securely and encrypts it whenever saved to a project file.

For example, the form below shows a connection that uses a JDBC string to connect using Azure Active Directory Password authentication where the username is user01. Note that the username and password properties are not in the JDBC string but are instead specified in the Username and Password fields of the form.


Other Parameters

Other execution parameters that apply to this connection, such as masking batch sizes and the maximum number of parallel JDBC connections (threads), can be specified in Execution Settings.


DataVeil performance will vary greatly according to the performance level configured for the database on Azure (DTUs). This includes not only the mask execution time but also the setup phase of a masking run. Discovery performance is also affected.


Database Logging

DataVeil cannot automatically disable Azure SQL DB transaction logging (unlike SQL Server where DataVeil automatically changes recovery mode to Simple while masking). DataVeil generates writes to the transaction log during actual masking runs and also during preview runs when connected to Azure SQL DB.