Azure Database for PostgreSQL flexible server should have Entra-only auth

HIGH

Ensures Azure Database for PostgreSQL uses Entra ID (Azure AD) authentication only, disabling local password auth.

What does this mean?

This recommendation enforces Entra ID-only authentication for Azure Database for PostgreSQL Flexible Server, disabling local username/password authentication. This centralizes identity management and enables conditional access policies.

Benefits of implementation

Eliminates password-based authentication risks
Enables conditional access and MFA for database access
Centralizes identity management through Entra ID

Drawbacks and considerations

All applications must support Entra ID token-based authentication
Legacy applications using connection strings need migration
Requires managed identity or service principal setup for application access

Implementation

Implementation guidance coming soon.

Related recommendations will be linked here.

Frameworks

Defender for Cloud Recommendations

Details

Risk Level: HIGH
Category: Identity & Access Management
Azure Resource
Frameworks: 1 frameworks
Last updated: 2026-02-12