Connecting to Azure SQL

PounceSQL signs in to Azure SQL with your Microsoft account. Sign-in is handled by Microsoft — the app only receives a short-lived token and never sees your password. Here's the normal flow, then fixes for the exact messages you might hit.

The normal flow

  1. Add Database → Azure SQL → Sign in to Azure. A Microsoft window opens.
  2. Sign in with your account's primary email (the address you actually use for Microsoft — not an alias).
  3. Pick your directory. PounceSQL lists the directories your account can access, by name. Choose the one that holds your server.
  4. Pick the subscription, then the server, then the database, and add it to the tree.
  5. The first connection may need your IP allowed on the server firewall — see below. This is the most common thing to trip on.

Sign in to a specific directory (guest / personal accounts)

If sign-in guesses the wrong directory — common when your account is a guest in an organization, or a personal Microsoft account — you can tell PounceSQL exactly which one to use. In the Azure step, open Advanced → sign in to a specific directory and paste your directory's domain.

To find it, open Azure portal → Settings → Directories + subscriptions. Your directories are listed with a Domain and a Directory ID — copy the Domain (it's easier to read than the ID):

Directory nameDomainDirectory ID
Default Directory yourname.onmicrosoft.com ← copy this 7c9c…-719a

Paste that domain (e.g. yourname.onmicrosoft.com) into the Advanced box and sign in. The Directory ID (the long GUID) works too — the domain is just friendlier. If you own that directory, you can approve the app right there in the sign-in window.

🔥 "Client with IP address … is not allowed to access the server"

This is the big one, and it means sign-in worked — the server's firewall is just blocking your network. Azure SQL only accepts connections from IP addresses you've allowed. To fix it:

  1. Note the IP address in the error message (it's your current public IP).
  2. Go to the Azure portal → your SQL server (not the database) → Networking (older portals: "Firewall and virtual networks").
  3. Under Firewall rules, click "Add your client IPv4 address," or add a rule with that IP as both start and end.
  4. Click Save. It can take up to ~5 minutes to take effect.
  5. Back in PounceSQL, click Test Connection again.

If you switch networks (office ↔ home ↔ VPN) your IP changes, so you may need to add the new one.

"Database is not currently available" / first connection times out

Serverless Azure SQL databases auto-pause when idle. The first connection wakes it, which takes ~30–60 seconds — so the very first attempt can time out. Wait a moment and try again once it's awake.

"<something> isn't in our system" at sign-in

Microsoft only accepts your account's primary sign-in address, not an alias. If your Microsoft account has several email aliases, use the original one. Not sure which it is? Check it at account.microsoft.com → Your info.

"Need admin approval"

Your organization requires an administrator to approve apps before members can use them — this is an org policy set by your IT department, not something the app controls. Ask your admin to approve PounceSQL, or use an account whose directory allows it. If it's a work database, your DBA / IT team can grant access.

The sign-in window doesn't finish, or you picked the wrong account

Just click Sign in to Azure again — it cancels the previous attempt and opens a fresh window so you can choose a different account.

Personal or guest accounts

A personal Microsoft account, or one that's a guest in someone else's directory, is routed differently by Microsoft and may not complete in-app sign-in. Using a work/school account that's a native member of the directory — or having that directory's admin grant you access — is the reliable route.

Still stuck?

Post in GitHub Discussions with the exact error text — the Trace ID / Correlation ID in Azure errors helps a lot. Happy to help you get connected.