We have an Azure Express Route that allows us to extend our on-prem network into Azure vNets. Within one of the vNets/subnet, I have created a private endpoint and associated it to an Azure SQL Database. I configured this within the Azure SQL DB blade.
From my laptop (across VPN into the corp net), I'm able to connect to the Azure SQL DB using the private IP + SQL Authentication (using the SQL DB server name @).
I'm also able to connect using AAD Universal with MFA to the public fqdn/IP. Love this.
I want to be able to connect using the private IP (using a name) AND AAD Universal w MFA (or even just AAD w Password).
We tried adding a DNS entry to our custom/on-prem AD DNS (an A Record with a custom name - not the fqdn as provided by Azure) that resolves to the private endpoint IP just fine. However, when we attempt to connect using anything but SQL Auth, we get:
"target principal name is incorrect"
How can we configure this correctly to allow users to connect via name/fqdn with AAD Universal w MFA?
TIA, -Pete
