You can make a secure connection to a SQl Azure instance following these instructions from microsoft. However, this only works when the user specifies it in the connection string. How do I set SQL Azure to reject any insecure connections, should a user forget to set the option.
SQL Azure TLS – How to Force TLS Connections on SQL Azure
azure-sql-database
Related Question
- Azure SQL Database – Fixing ‘Login Failed for User’ Error in Applications
- SQL Azure – Login Failed for User from Azure Hosted Web Application
- Azure Sql Update Statistic Using Powershell
- Unable to Connect Using Azure AD Service Principal on SQL Server
- Creating a Maintenance Plan for a SQL Azure Database
- SQL Server – Connection String Parameter for Read-Only Access
- SQL Server Linked Server to Azure SQL using Azure AD
Best Answer
All connections to Azure SQL Azure are encrypted even when encryption is not specified. When a client first attempts a connection to SQL Azure, it sends an initial connection request. Consider this a "pre-pre-connection" request. At this point the client does not know if SSL/Encryption is required and waits an answer from SQL Azure to determine if SSL is indeed required throughout the session (not just the login sequence, the entire connection session). A bit is set on the response indicating so. Then the client library disconnects and reconnects armed with this information.
For example, when you set "Encrypt connection" setting on SQL Server Management Studio you avoid the "pre-pre-connection", you are preventing any proxy from turning off the encryption bit on the client side of the proxy, this way attacks like man-in-the-middle attack are avoided.