Description:
Use Azure Active Directory Authentication for authentication with SQL Database to manage credentials in a single place.
Rationale:
Azure Active Directory authentication is a mechanism to connect to Microsoft Azure SQL Database and SQL Data Warehouse by using identities in Azure Active Directory (Azure AD). With Azure AD authentication, identities of database users and other Microsoft services can be managed in one central location. Central ID management provides a single place to manage database users and simplifies permission management.
This will create administrative overhead with user account and permission management. For further security on these administrative accounts, you may want to consider higher tiers of AAD which support features like Multi Factor Authentication, that will cost more.
From Azure Portal
From Azure CLI
az ad user show --id
For each Server, set AD Admin
az sql server ad-admin create --resource-group --server --display-name --object-id
From PowerShell
For each Server, set AD Admin
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName -ServerName -DisplayName ""