Azure Arc-enabled SQL Server & SQL Database in Microsoft Fabric - Use Cases
The April 24, 2026 DP-300 outline added two newer Microsoft data platform options under Domain 1:
"Recommend appropriate use cases for Azure Arc-enabled SQL services"
"Recommend appropriate use cases for Azure SQL Database in Microsoft Fabric"
These are recommendation skills - the exam will give you a scenario and ask which platform fits. This page covers both, side-by-side, with positioning vs Azure SQL DB, MI, and SQL VM.
Part 1 - Azure Arc-enabled SQL services
What is Azure Arc-enabled SQL?
Azure Arc-enabled SQL Server projects an existing SQL Server instance - running on-premises, in another cloud (AWS, GCP), or in an edge / disconnected environment - into Azure as a first-class Microsoft.AzureArcData/sqlServerInstances resource. After projection, that instance can use Azure-native services (Defender, Monitor, Backup, Update Manager, Purview, Entra authentication, Best Practices Assessment) without moving the database to Azure.
There is also Azure Arc-enabled data services - a Kubernetes-based set of services (Arc-enabled SQL MI and Arc-enabled PostgreSQL) that you can host on any CNCF-conformant Kubernetes with an Azure control plane. Most exam questions focus on the simpler Arc-enabled SQL Server flavor.
"Arc-enabled SQL Server" = surface a non-Azure SQL Server in Azure for management. "Arc-enabled SQL Managed Instance" = run actual SQL MI on your own Kubernetes with Azure control. Make sure you read the question carefully - the use cases differ. :::
Architecture
What you get when you Arc-enable a SQL Server
| Capability | Notes |
|---|---|
| Inventory & visibility in Azure Portal | One pane for every SQL instance regardless of host cloud |
| Microsoft Defender for SQL | Vulnerability assessment, advanced threat protection on non-Azure SQL |
| Best Practices Assessment | Sysadmin-style health checks, served from Azure |
| Microsoft Entra (Azure AD) authentication | Yes, for Arc-enabled SQL Server 2022+ |
| Azure Backup for SQL Server | Backups to a Recovery Services vault from on-prem/cloud SQL |
| Azure Monitor / Log Analytics integration | Send SQL logs and DMV-based metrics centrally |
| Azure Update Manager | Patch the OS (and SQL CU via the same agent path) |
| Microsoft Purview scanning | Catalog and classify on-prem databases |
| Database Watcher (preview) | Near-real-time KQL monitoring of Arc-enabled SQL |
| Azure Policy | Audit / enforce baselines (e.g., TDE on, auditing enabled) |
| Pay-as-you-go billing | Optional - convert perpetual SQL licensing to monthly Azure billing |
Use-case recommendation table
| Scenario | Recommend? | Why |
|---|---|---|
| Hundreds of on-prem SQL Servers needing centralized inventory & threat protection | Strong fit | Inventory + Defender + Best Practices Assessment everywhere |
| Customer wants Microsoft Entra logins on AWS RDS for SQL | No | RDS is managed by AWS - Arc requires direct OS access. Use Arc on a self-managed SQL on EC2 instead. |
| Edge sites with intermittent connectivity needing local management + occasional Azure visibility | Fit | Arc agents tolerate disconnection; data syncs on reconnect. |
| Convert perpetual SQL licensing to Azure monthly billing without migrating | Fit | Use the pay-as-you-go billing option of Arc-enabled SQL Server. |
| Need a true Azure SQL service with built-in HA and patching | No | That's Azure SQL DB / MI. Arc surfaces a SQL you operate. |
| Need ESU (Extended Security Updates) for SQL Server 2014 on-prem | Fit | Arc-enabled SQL Server supports Azure-billed ESU subscriptions for eligible SQL Server 2014 instances through 2027-07-08. |
| SQL Server 2012 still on-prem and asking for new ESU coverage | No | SQL Server 2012 ESU has ended. Treat it as an upgrade or migration priority, not a new Arc ESU candidate. |
| Want to run SQL MI in a sovereign-cloud Kubernetes cluster controlled by Azure | Fit | Use Arc-enabled SQL Managed Instance on AKS / OpenShift / Rancher. |
ESU through Azure Arc is the current Azure-billed subscription path for eligible SQL Server 2014 instances. It is not the only historical purchase path: customers with the right licensing can also have Volume Licensing ESU coverage, especially for disconnected or transition scenarios. For DP-300, remember the clean rule: SQL Server 2014 = current ESU case; SQL Server 2012 = upgrade or migrate.
Onboarding (high-level)
# 1. On the SQL host (run as admin), install the Connected Machine agent
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent `
-OutFile AzureConnectedMachineAgent.msi
msiexec /i AzureConnectedMachineAgent.msi /qn
# 2. Connect to Azure (interactive - service principals supported for at-scale)
& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect `
--resource-group rg-arc-sql `
--tenant-id <tenant> `
--subscription-id <sub> `
--location westeurope `
--cloud AzureCloud
# 3. Install/enable the SQL Server extension (auto-discovers SQL instances)
az connectedmachine extension create `
--name WindowsAgent.SqlServer `
--machine-name <host> `
--resource-group rg-arc-sql `
--type WindowsAgent.SqlServer `
--publisher Microsoft.AzureData `
--location westeurope
After ~10 minutes the Portal shows Azure Arc -> SQL Server with each instance and database listed.
Limitations & gotchas
- Arc-enabled SQL Server requires SQL Server 2012 or later; Defender features and Entra authentication require SQL Server 2022+.
- The host must be able to make outbound HTTPS to Azure Arc endpoints (or via private link).
- PaaS-managed SQL (Amazon RDS, Google Cloud SQL) cannot be Arc-enabled - Arc requires OS access.
- Arc-enabled SQL MI on Kubernetes has a separate licensing/pricing model and requires a connected mode for many features.
Part 2 - Azure SQL Database in Microsoft Fabric
What it is
SQL Database in Microsoft Fabric is a fully-managed, OLTP-grade relational database that lives inside a Fabric workspace. It is built on the same Azure SQL Database engine, but provisioned, billed, and surfaced through Fabric - and it automatically replicates its tables into the Fabric OneLake as Delta Parquet for analytics, AI, and Power BI consumption.
It is not a re-skinned Azure SQL DB - it adopts a new Fabric-native experience (capacity-based licensing via F-SKUs, web-based query editor, automatic OneLake mirroring, integration with Fabric items like Notebooks, Data Pipelines, Direct Lake semantic models, Power BI reports).
Architecture
Capabilities & features
| Feature | Status |
|---|---|
| Standard T-SQL surface (incl. window functions, JSON, native vectors) | Yes |
| Transactions (ACID) at OLTP scale | Yes |
| Microsoft Entra authentication | Yes |
| Storage encryption with service-managed keys | Yes |
| Transparent Data Encryption (TDE) / customer-managed TDE keys | No |
| Always Encrypted | No |
| Row-Level Security, Dynamic Data Masking | Yes |
| Automatic OneLake mirroring (Delta Parquet) | Yes - built in |
| Connect via SSMS, Azure Data Studio, ADO.NET, JDBC, ODBC | Yes |
| GraphQL API can be created from the Fabric portal | Yes |
| Automatic backups & point-in-time restore | Yes - managed by Fabric |
| Geo-Replication / Failover Groups | No (use Azure SQL DB if cross-region failover is needed) |
| Customer-managed keys at the database level | No - use service-managed storage encryption today |
| SQL Agent jobs | No - use Fabric Data Pipelines or Elastic Jobs |
| Service Broker, Database Mail, CLR | No |
| Linked servers | Target-only; do not use for workloads that require outbound linked-server queries |
Use-case recommendation table
| Scenario | Recommend? | Why |
|---|---|---|
| Net-new analytics-ready SaaS app where Power BI reports must reflect new data within seconds | Strong fit | Mirrored OneLake + Direct Lake = no ETL, sub-minute freshness. |
| Existing OLTP system with linked servers, SQL Agent jobs, Service Broker | No | Fabric SQL DB lacks those features - stay on Azure SQL DB / MI. |
| Data engineer prototyping a relational store inside Fabric, alongside Lakehouses and Notebooks | Fit | Native Fabric item, billed against the same capacity. |
| Strict regulatory requirement for customer-managed TDE keys today | No | Use Azure SQL DB with customer-managed keys in Azure Key Vault. |
| Need Active Geo-Replication & Auto-Failover Groups for an RPO <= 5 s, multi-region | No | Use Azure SQL DB or MI failover groups. |
| Building a new application that combines OLTP, AI vector search, and Power BI dashboards | Strong fit | Vector data type + OneLake + Direct Lake all in one Fabric workspace. |
| Lift-and-shift of a 4 TB legacy on-prem SQL Server with stored procs + agent jobs | No | Choose Azure SQL Managed Instance. |
Fabric SQL Database shares the Azure SQL Database engine, but not every Azure SQL Database feature is available. The exam trap is treating it as a drop-in replacement for Azure SQL DB or SQL MI. If the scenario needs TDE/customer-managed database keys, Always Encrypted, failover groups, SQL Agent, Service Broker, or outbound linked-server behavior, pick another SQL platform.
Why "automatic OneLake mirroring" is the killer feature
Mirroring continuously writes a Delta Parquet replica of every table into OneLake without requiring you to build a pipeline:
- Direct Lake semantic models in Power BI can query the Delta files without an import refresh - dashboards reflect transactional changes within seconds.
- Notebooks (Spark, Python) can query the same data without contending for the OLTP engine.
- Cross-item analytics (joining the SQL DB with Lakehouse tables) is a single SQL statement against the SQL analytics endpoint.
Compared to the historical pattern (Change Data Capture -> ADF -> Lakehouse -> semantic model refresh), Fabric SQL DB removes 3 layers of plumbing.
Provisioning - quick walk-through
In a Fabric workspace:
- Create item -> SQL Database.
- Pick a name; pick the workspace's capacity (F-SKU).
- The DB is provisioned in ~1 minute. A connection string is shown for SSMS / drivers.
- Open the web-based query editor to run T-SQL.
- Open the mirror item that's auto-created in OneLake to verify Delta files exist.
- Build a semantic model in Direct Lake mode pointing at the mirror.
Decision matrix - Azure SQL DB vs Azure SQL MI vs Fabric SQL DB vs SQL VM
| Need | Best fit |
|---|---|
| Modern OLTP + native analytics + Power BI in one platform | Fabric SQL DB |
| Maximum SQL Server compatibility (CLR, Service Broker, MSDTC, agent jobs) | Azure SQL MI |
| Standard PaaS OLTP at scale, with cross-region failover groups, BYOK | Azure SQL DB |
| Full OS control, custom tempdb config, third-party SQL extensions | SQL Server on Azure VM |
| Surface a non-Azure SQL Server for governance & threat protection | Arc-enabled SQL Server |
| Run SQL MI on customer-controlled Kubernetes (sovereign / edge) | Arc-enabled SQL MI |
Oracle DBA parallel:
- Arc-enabled SQL Server is the conceptual cousin of Oracle Cloud@Customer (control plane in Oracle Cloud, data plane in your DC).
- Fabric SQL DB with auto-mirroring is the closest thing Microsoft has built to Oracle's Autonomous Database + Autonomous Data Warehouse in a single dual-purpose engine - but on Microsoft's Lakehouse-first OneLake architecture. :::
Anti-Patterns
- "Arc replaces migration." It doesn't. Arc projects an existing SQL Server into the Azure control plane (Defender, Monitor, Entra auth, BPA, Backup). It does not move data, change runtime, or give you PaaS. Cost is added, not replaced.
- "Arc-enable Amazon RDS for SQL Server." Impossible. Arc requires the Connected Machine agent on the OS. RDS is AWS-managed. You can only Arc a self-managed SQL Server on EC2.
- "Fabric SQL DB is just Azure SQL DB inside Fabric." Same engine, different container. Fabric SQL DB is provisioned at Fabric capacity (CU-based), auto-mirrors to OneLake (T+1 second), and has no portal-style firewall management. If your billing is in vCore SQL DB, you can't switch to Fabric without a separate provisioning model.
- "Arc-enabled SQL MI on K8s = the same as managed SQL MI." No. Arc-MI runs on your Kubernetes (typically AKS / OpenShift / Tanzu), with you owning HA, upgrades, networking, certs. The Azure portal manages billing + compliance, not lifecycle.
- "Defender for SQL via Arc is free." It's a paid plan billed per-server per-month. Arc registration itself is free; the value-add services aren't.
- "Auto-mirroring from Fabric SQL DB to OneLake is replication." It's a near-real-time copy for analytics. There's no failover path. Don't treat OneLake delta tables as a DR target.
Arc-enabled SQL Server inventory is per-machine, not per-instance. A box with 3 SQL instances counts as 3 SQL servers in inventory but is 1 Arc machine. Defender pricing follows the SQL count.
Migration Between Options
| From -> To | Path | Cost |
|---|---|---|
| On-prem SQL Server -> Arc-enabled SQL Server | Install Connected Machine agent + SQL Server extension | Free agent; pay only for opted-in services |
| Arc-enabled SQL Server -> Azure SQL MI | MI Link (online) or DMS / backup-restore (offline) | One-way to PaaS; lose host control, gain managed lifecycle |
| Arc-enabled SQL Server -> SQL VM in Azure | Backup/restore or AG seeding to a new VM | Lift-and-shift; keep host control, drop on-prem footprint |
| Azure SQL DB (vCore) -> Fabric SQL DB | Export/import or BACPAC; no in-place conversion | New provisioning model; recompute Fabric capacity sizing |
| Fabric SQL DB -> Azure SQL DB (vCore) | BACPAC export | Reverse path; lose auto-mirroring to OneLake |
| Arc-enabled SQL MI on K8s -> Azure SQL MI | Backup-to-URL + LRS or DMS | Drop K8s ownership; gain Azure-managed HA |
| SQL Server in EC2 -> Arc-enabled SQL Server | Connected Machine agent works cross-cloud | Free; gain Defender/Monitor/Entra without leaving AWS |
Most expensive move: Fabric <-> vCore. No in-place path; rebuild + cutover.
Real Scenarios
- Fortune-500 with 800 SQL Servers across 4 clouds -> Arc-enable everything + Defender for SQL + Best Practices Assessment. Driver: single security plane, governance reporting. Trade-off: Defender per-server cost x 800.
- ISV with sovereign-cloud requirement (Germany) -> Arc-enabled SQL MI on customer K8s in country. Driver: data residency + Azure billing. Trade-off: customer owns Kubernetes lifecycle.
- Net-new SaaS analytics product on Fabric -> Fabric SQL DB with auto-mirroring + Power BI Direct Lake. Driver: zero-ETL analytics. Trade-off: Fabric capacity (CU) sizing is its own discipline.
- EC2 SQL Server, want Entra auth without rehosting -> Arc-enable + configure Entra auth via Arc. Driver: kill local AD-only auth. Trade-off: still on EC2, AWS bill unchanged.
- Customer on Cloud@Customer for Oracle, evaluating Microsoft equivalent -> Arc-enabled SQL MI on AKS deployed at the customer DC. Driver: control-plane-in-cloud, data-plane-on-prem story. Trade-off: AKS operational maturity required.
Flashcards
Practice quiz
Sources & further reading
- Azure Arc-enabled SQL Server overview
- What is Azure Arc-enabled data services
- Pay-as-you-go billing for Arc-enabled SQL Server
- SQL Server ESU enabled by Azure Arc
- SQL Server 2014 ESU FAQ
- SQL Database in Microsoft Fabric - overview
- SQL Database in Microsoft Fabric - limitations
- Fabric SQL DB - auto-mirroring to OneLake
- Direct Lake semantic models
- DP-300 study guide (April 24, 2026)
Last verified against Microsoft Learn: 2026-05-12.