Last updated: May 2026

Azure Databases Intermediate AZ-104 ⏱ 14 min read

Azure SQL Database

Azure SQL Database is a fully managed relational database service built on Microsoft SQL Server. It handles patching, backups, high availability, and scaling automatically — so you focus on your application, not database infrastructure. It's the most popular Azure database service and one of the most heavily tested in AZ-104.

What you'll learn Deployment options (single database, elastic pool, serverless) · Purchasing models (DTU vs vCore) · Service tiers · Elastic pools for multi-tenant apps · Active geo-replication · Automated backups and PITR · Security features · Connecting to SQL Database · Creating via CLI

Table of Contents

Deployment Options
Purchasing Models
Service Tiers
Elastic Pools
Serverless Tier
Active Geo-Replication
Automated Backups and PITR
Security Features
Connecting to Azure SQL Database
Creating via CLI
Practice Questions

Deployment Options

Option	Description	Best For
Single Database	One database with its own guaranteed resources	Isolated databases with predictable workloads
Elastic Pool	Multiple databases sharing a pool of resources	Multi-tenant SaaS apps with variable usage
Serverless	Auto-scales compute, pauses when idle	Dev/test, sporadic workloads

Purchasing Models

DTU Model (Database Transaction Units)

A bundled measure of compute, memory, and I/O. Simpler but less transparent. Three tiers: Basic, Standard, Premium.

vCore Model (Recommended)

Choose specific number of vCPUs, memory, and storage independently. More transparent pricing. Supports Azure Hybrid Benefit. Five tiers: General Purpose, Business Critical, Hyperscale, Serverless, and Free offer.

💡

Choose vCore for New Deployments vCore model allows Azure Hybrid Benefit (use existing SQL Server licences), is more flexible, and maps better to on-premises concepts. Microsoft recommends vCore for new workloads.

Service Tiers (vCore)

Tier	Storage	IOPS	HA	Best For
General Purpose	Up to 4 TB	Up to 7,000	99.99%	Most production workloads
Business Critical	Up to 4 TB	Up to 200,000	99.99%	High IOPS, in-memory OLTP, readable secondary
Hyperscale	Up to 100 TB	High	99.99%	Very large databases, variable workloads

Elastic Pools

Elastic Pools allow multiple databases to share a pool of compute and storage resources. Instead of provisioning maximum resources for each database (that each uses at different times), they share the pool — reducing overall cost.

ℹ️

Perfect for SaaS Applications If you have 100 customer databases, most customers are active at different times — you don't need to provision peak resources for all 100 simultaneously. An elastic pool lets them share resources, reducing cost by 50–70% vs individual databases.

Serverless Tier

Serverless Azure SQL Database auto-scales compute between a configured min and max, and automatically pauses the database after a period of inactivity — billing stops for compute while paused (storage charges continue). Perfect for development, testing, or applications with infrequent usage.

Auto-pause delay: 1 hour minimum, up to 7 days
First query after pause has a "cold start" delay (~30 seconds)
Not suitable for workloads requiring 24/7 availability

Active Geo-Replication

Active Geo-Replication creates up to 4 readable secondary databases in different regions. Secondaries are continuously synchronised (asynchronously). For disaster recovery — if the primary region fails, you can manually failover to a secondary. Secondaries can also handle read workloads to offload the primary.

Auto-Failover Groups

Auto-Failover Groups build on geo-replication and add automatic failover — if the primary becomes unavailable, Azure automatically fails over to the secondary. A single connection string is provided that always points to the current primary — your application doesn't need to change anything.

Automated Backups and PITR

Azure SQL Database automatically takes:

Full backups — Weekly
Differential backups — Every 12 hours
Transaction log backups — Every 5–10 minutes

Point-in-time restore (PITR) — Restore to any point within the retention period. Default retention: 7 days. Configurable: 1–35 days.

💡

Long-Term Retention (LTR) Need to keep backups for compliance (years)? Enable Long-Term Retention to store weekly, monthly, or yearly backups in Azure Blob Storage for up to 10 years — at low archival cost.

Security Features

Transparent Data Encryption (TDE) — Encrypts data at rest automatically (enabled by default)
Always Encrypted — Column-level encryption; data is encrypted even from the database engine's perspective
Row-Level Security (RLS) — Filter rows based on user identity
Dynamic Data Masking — Mask sensitive data for non-privileged users (e.g., show only last 4 digits of phone numbers)
Azure AD Authentication — Authenticate with Azure AD identities instead of SQL logins
Advanced Threat Protection — Detect unusual access patterns (SQL injection attempts, anomalous access)
Firewall Rules — Control which IPs can connect; Private Endpoint for no public access

Connecting to Azure SQL Database

Azure SQL Database uses port 1433. Connection string format:

Connection StringAzure SQL Database connection

Server=tcp:myserver.database.windows.net,1433;
Initial Catalog=mydatabase;
Persist Security Info=False;
User ID=myuser;
Password=mypassword;
Encrypt=True;
TrustServerCertificate=False;

Creating via CLI

Azure CLICreate SQL Server and Database

# Create a logical SQL server
az sql server create \
  --name mydbserver-2026 \
  --resource-group myRG \
  --location centralindia \
  --admin-user sqladmin \
  --admin-password "SecureP@ssword123!"

# Create a database (General Purpose, 2 vCores)
az sql db create \
  --resource-group myRG \
  --server mydbserver-2026 \
  --name myDatabase \
  --edition GeneralPurpose \
  --compute-model Provisioned \
  --family Gen5 \
  --capacity 2

# Allow Azure services to connect (optional)
az sql server firewall-rule create \
  --resource-group myRG \
  --server mydbserver-2026 \
  --name AllowAzureServices \
  --start-ip-address 0.0.0.0 \
  --end-ip-address 0.0.0.0

💡

AZ-104 Exam Tip Know the purchasing models (DTU vs vCore), elastic pools for multi-tenant apps, PITR and backup retention (1–35 days), Active Geo-Replication for readable secondaries, Auto-Failover Groups for automatic failover, and TDE as always-on encryption.

📝 Practice Questions

Click an option to check your answer.

Q1. A SaaS company has 200 customer databases that each have variable and unpredictable usage — some peak at different times. Which Azure SQL Database deployment model optimises cost?

A — 200 individual single databases

B — Elastic Pool containing all 200 databases

C — SQL Managed Instance

D — Serverless tier for each database

Q2. What is the maximum backup retention period for Azure SQL Database Point-in-Time Restore?

A — 7 days

B — 14 days

C — 35 days

D — 90 days

Q3. What does Active Geo-Replication provide for Azure SQL Database?

A — Automatic failover to another region without manual intervention

B — Up to 4 readable secondary databases in different regions, manually failover if primary fails

C — Synchronous replication with zero data loss guarantee

D — Load balancing write operations across multiple regions

Q4. Is Transparent Data Encryption (TDE) enabled by default on Azure SQL Database?

A — Yes — TDE is always enabled by default and cannot be disabled

B — No — TDE must be manually enabled for each database

C — Only for Business Critical tier databases

D — Only when using Customer-Managed Keys

Q5. What is the Serverless tier for Azure SQL Database best suited for?

A — High-traffic production databases requiring 24/7 availability

B — Development, testing, and applications with infrequent or sporadic usage

C — Applications requiring extremely high IOPS

D — Multi-tenant SaaS applications with hundreds of databases

← PreviousChoosing the Right Database Next →Azure SQL Managed Instance

Comments

Disclaimer: RedKite Cloud is an independent educational resource and is not affiliated with Microsoft Corporation.