in a non web environment where the front end is a windows app (Access probably) linking to the Azure SQL - - what would be the method to deal with traveling users that will have constantly varying and unknowable IP addresses?

I think you need to give security a bit more consideration. In a corporate environment the network can be considered as 'closed', up to a certain point. You have a client/server application (access/sql) in a corporate environment and you can use Windows identity for secure access. In Azure SQL you have to use connection string with user id and password. So if this information is exposed, other people can connect to your SQL, possibly not only exposing his data, but also others. So even a straight forward solution is to open your SQL to all address to allow users to login from anywhere, it is not a good solution. You should also hide the connection string. One approach is to put a web service in front of the SQL and let your application logs in to access the web service.

Excellent points, Frank.

With respect to the firewall issue, I'd recommend using a VPN (preferably a corporate VPN) and then whitelisting the VPN IP Range; when you're travelling.

But take to heart Frank's comments about being skeptical of even your corporate environment. Information like sales data/customer information might make more sense in a web application where you can lock down access in more predictable way.

Is there any way to install one's own VPN technology in front of the Azure SQL?........

Not for Azure SQL I think.

But you can create an Azure VM, put SQL in it. Create a VNet with the VM, create a VPN between your corporate network and the VNet. Your travelling user connects to your corporate network using VPN and get access to your SQL in Azure VM.

Hi msdnPublicIdentity,

The straight forward solution is to add a allowed IP rule start from 0.0.0.0 to 255.255.255.255.



Taking Frank's concern into account, this is obviously not a good solution. Just for your reference.

Connecting to a SQL server located on a Azure VM through VPN could be a better option.

If you have any question, feel free to let me know.

Right - I believe Azure SQL can only be a client/server solution when the client is fixed IP - due to the inherent inability to insert VPN technology - - and I am ok with that.  It is a matter of understanding things.