EPC Group - Enterprise Microsoft AI, SharePoint, Power BI, and Azure Consulting
G2 High Performer Summer 2025, Momentum Leader Spring 2025, Leader Winter 2025, Leader Spring 2026
BlogContact
Ready to transform your Microsoft environment?Get started today
(888) 381-9725Get Free Consultation
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌

EPC Group

Enterprise Microsoft consulting with 28+ years serving Fortune 500 companies.

(888) 381-9725
contact@epcgroup.net
4900 Woodway Drive - Suite 830
Houston, TX 77056

Follow Us

Solutions

  • All Services
  • Microsoft 365 Consulting
  • AI Governance
  • Azure AI Consulting
  • Cloud Migration
  • Microsoft Copilot
  • Data Governance
  • Microsoft Fabric
  • vCIO / vCAIO Services
  • Large-Scale Migrations
  • SharePoint Development

Industries

  • All Industries
  • Healthcare IT
  • Financial Services
  • Government
  • Education
  • Teams vs Slack

Power BI

  • Case Studies
  • 24/7 Emergency Support
  • Dashboard Guide
  • Gateway Setup
  • Premium Features
  • Lookup Functions
  • Power Pivot vs BI
  • Treemaps Guide
  • Dataverse
  • Power BI Consulting

Company

  • About Us
  • Our History
  • Microsoft Gold Partner
  • Case Studies
  • Testimonials
  • Blog
  • Resources
  • Contact

Microsoft Teams

  • Teams Questions
  • Teams Healthcare
  • Task Management
  • PSTN Calling
  • Enable Dial Pad

Azure & SharePoint

  • Azure Databricks
  • Azure DevOps
  • Azure Synapse
  • SharePoint MySites
  • SharePoint ECM
  • SharePoint vs M-Files

Comparisons

  • M365 vs Google
  • Databricks vs Dataproc
  • Dynamics vs SAP
  • Intune vs SCCM
  • Power BI vs MicroStrategy

Legal

  • Sitemap
  • Privacy Policy
  • Terms
  • Cookies

Our Specialized Practices

PowerBIConsulting.com|CopilotConsulting.com|SharePointSupport.com

© 2026 EPC Group. All rights reserved.

Azure SQL Managed Instance - EPC Group enterprise consulting

Azure SQL Managed Instance

Enterprise guide to SQL MI migration, networking, security, pricing, high availability, performance tuning, and compliance for on-premises SQL Server modernization.

What Is Azure SQL Managed Instance?

What is Azure SQL Managed Instance and when should you use it? Azure SQL Managed Instance (SQL MI) is a fully managed PaaS database service with near-100% SQL Server compatibility. It supports cross-database queries, SQL Server Agent, CLR, linked servers, and Service Broker — features missing from Azure SQL Database. SQL MI runs inside your Azure VNet for network isolation, requires no OS management, and includes built-in high availability, automated backups, and automatic patching. Use SQL MI when migrating existing SQL Server workloads to Azure with minimal code changes. EPC Group recommends SQL MI as the default migration target for 80% of enterprise SQL Server environments.

Azure SQL Managed Instance sits in a unique position in the Azure database portfolio. It gives you the compatibility and feature richness of SQL Server Enterprise Edition without the infrastructure burden of managing VMs, patching operating systems, configuring failover clusters, or managing backup schedules. It is the closest thing to running SQL Server in the cloud without actually running SQL Server.

For enterprise organizations running dozens or hundreds of SQL Server databases on-premises, SQL MI is typically the most efficient migration path. Applications that use cross-database queries, SQL Server Agent jobs, CLR stored procedures, or Service Broker can migrate to SQL MI with zero or minimal code changes. The same applications migrated to Azure SQL Database would require significant refactoring.

EPC Group has migrated thousands of databases to Azure SQL Managed Instance for organizations across healthcare, financial services, and government. This guide covers everything you need to know about SQL MI for enterprise database modernization.

SQL MI vs Azure SQL Database vs SQL Server on VM

Choosing the right Azure database service depends on compatibility requirements, management overhead tolerance, and workload characteristics.

FeatureSQL Managed InstanceAzure SQL DatabaseSQL Server on VM
SQL Server Compatibility~99%~95%100%
Cross-Database QueriesYesNo (elastic queries only)Yes
SQL Server AgentYesNoYes
CLR AssembliesYesNoYes
Linked ServersYesNoYes
Service BrokerYes (within instance)NoYes
VNet IntegrationNative (dedicated subnet)Private endpointNative (VM in VNet)
OS ManagementNone (fully managed)None (fully managed)Full responsibility
PatchingAutomaticAutomaticManual or Update Mgmt
Backup ManagementAutomatic (7-35 day retention)Automatic (7-35 day retention)Manual or Azure Backup
High AvailabilityBuilt-in (99.99% SLA)Built-in (99.99% SLA)Manual (AG/FCI setup)
Max Database Size16 TB100 TB (Hyperscale)Unlimited (disk-dependent)
Best ForMigrating existing SQL Server workloadsNew cloud-native applicationsFull SQL Server control needed

Migration from On-Premises SQL Server

EPC Group follows a proven 5-step migration methodology that delivers near-zero-downtime migrations using Azure Database Migration Service (DMS).

1
🔍

Assessment

Run Azure Migrate and Data Migration Assistant against all source databases. Identify compatibility issues, deprecated features, and performance baselines. Generate migration scope and effort estimate.

2
📐

SKU Sizing

Analyze CPU, memory, IOPS, and storage metrics from source servers. Map to appropriate SQL MI tier (General Purpose or Business Critical) and vCore count. Factor in growth projections for 12-24 months.

3
🌐

Network Setup

Configure Azure VNet with dedicated SQL MI subnet (/27 minimum). Set up ExpressRoute or VPN for hybrid connectivity. Configure NSG rules, DNS resolution, and firewall rules for application connectivity.

4
🚀

Migration

Execute migration using DMS for online (minimal downtime) or backup/restore for offline. Online migration provides continuous replication until cutover. Validate data integrity with checksums and row counts.

5
✅

Validation

Run comprehensive test suite comparing query results, execution plans, and performance metrics against source. Validate Agent jobs, linked servers, and CLR assemblies. Monitor for 2 weeks before decommissioning source.

Azure Database Migration Service (DMS) is the recommended tool for enterprise migrations. DMS supports online migration — continuous data replication from source to target with minimal downtime during cutover (typically under 10 minutes). For databases over 1 TB, DMS uses a log replay approach that streams transaction log backups from the source to an Azure Blob Storage account, which SQL MI then applies continuously.

Alternative migration tools include: native backup and restore (simple but requires downtime), ShareGate/Metalogix for SharePoint databases, and custom SSIS packages for complex ETL-based migrations. EPC Group selects the optimal tool based on database size, downtime tolerance, and complexity. Read our complete Azure cloud migration strategy guide for the full enterprise migration methodology.

VNet Networking Architecture

SQL MI networking is the most complex aspect of deployment and the most common source of configuration errors. SQL MI requires a dedicated subnet with specific routing and NSG rules. Understanding the networking model is essential for successful deployment and ongoing operations.

Dedicated Subnet Requirements

SQL MI requires a subnet delegated to Microsoft.SqlManagedInstances. This subnet cannot contain any other Azure resources. Minimum size: /27 (32 addresses) — but Microsoft recommends /24 (256 addresses) to allow for growth, additional instances, and management overhead. The subnet requires a route table with a 0.0.0.0/0 next-hop-type Internet route and specific service endpoint routes for Azure management traffic.

Connectivity Options

On-premises connectivity: ExpressRoute (recommended for production — private, dedicated, low-latency) or VPN Gateway (encrypted over internet, suitable for dev/test or low-bandwidth scenarios). Cross-VNet connectivity: VNet peering (same region or global) for connecting to application VNets, shared services VNets, or other SQL MI instances. Private endpoints can expose SQL MI to VNets without peering.

NSG Configuration

Required inbound rules: ports 9000, 9003 (Azure management), 1433 (SQL client connectivity), 11000-11999 (redirect connectivity). Required outbound rules: port 443 to AzureCloud, port 12000 to AzureCloud for management. Block all other inbound traffic. Application-specific rules should allow only the IP ranges of your application servers on port 1433.

DNS Configuration

SQL MI provides a fully qualified domain name (FQDN) in the format: instancename.dns-zone.database.windows.net. For hybrid environments, configure conditional DNS forwarding from on-premises DNS servers to Azure DNS (168.63.129.16). For private DNS resolution within Azure VNets, use Azure Private DNS zones linked to relevant VNets.

Security and Compliance

SQL MI includes enterprise-grade security features that meet the most stringent compliance requirements. For regulated industries — healthcare (HIPAA), finance (SOC 2, PCI DSS), government (FedRAMP) — SQL MI provides the encryption, auditing, and access control capabilities required for certification.

Encryption at Rest

Transparent Data Encryption (TDE) encrypts all data, logs, and backups at rest using AES-256. Default: Microsoft-managed keys. Enterprise option: customer-managed keys (CMK) stored in Azure Key Vault, giving you full control over key rotation and access policies.

Encryption in Transit

TLS 1.2 encryption for all client connections (TLS 1.0/1.1 disabled by default). Always Encrypted provides client-side encryption for sensitive columns — data is encrypted before leaving the application and decrypted only on the client. The database engine never sees plaintext data.

Azure Defender for SQL

Advanced threat detection identifies SQL injection attempts, anomalous access patterns, brute force attacks, and data exfiltration. Vulnerability assessment scans for misconfigurations, excessive permissions, and unencrypted sensitive data. Alerts integrate with Azure Security Center and SIEM tools.

Auditing and Monitoring

SQL Auditing captures all database events to Azure Storage, Log Analytics, or Event Hubs. Track logins, query execution, schema changes, and permission modifications. Retain audit logs for 7+ years for compliance. Azure Monitor provides real-time performance and health metrics with custom alerting.

Pricing and Cost Optimization

SQL MI pricing is based on vCore count, storage, and tier selection. The most impactful cost optimization is Azure Hybrid Benefit — applying existing SQL Server licenses saves up to 55% compared to pay-as-you-go pricing.

ConfigurationPay-As-You-GoAzure Hybrid BenefitReserved (3-Year + AHB)
GP 4 vCores, 32 GB storage~$440/mo~$280/mo~$180/mo
GP 8 vCores, 256 GB storage~$920/mo~$580/mo~$380/mo
GP 16 vCores, 512 GB storage~$1,800/mo~$1,100/mo~$720/mo
BC 8 vCores, 256 GB storage~$2,200/mo~$1,300/mo~$850/mo
BC 16 vCores, 512 GB storage~$4,200/mo~$2,500/mo~$1,650/mo

GP = General Purpose, BC = Business Critical. Prices are approximate and vary by region. Storage costs additional $0.115/GB/month for General Purpose.

Cost Optimization Strategies

Azure Hybrid Benefit: Apply existing SQL Server licenses with Software Assurance for up to 55% savings

Reserved Instances: Commit to 1-year (20% savings) or 3-year (40% savings) reservations for predictable workloads

Right-sizing: Use Azure Monitor to identify over-provisioned instances and downsize vCores

Dev/Test pricing: Use Azure Dev/Test subscriptions for non-production instances (up to 55% discount)

Stop/Start: Stop non-production instances outside business hours (saves compute costs, storage still charged)

Performance Tuning on SQL MI

SQL MI performance tuning uses many of the same techniques as on-premises SQL Server — Query Store, DMVs, execution plans, and index tuning. However, SQL MI adds cloud-specific considerations around storage I/O, compute scaling, and automatic tuning features that can significantly improve performance with minimal manual effort.

Query Store Analysis

Query Store is enabled by default on SQL MI and captures query execution statistics, plans, and runtime metrics. Use it to identify: regressed queries (queries that got slower after plan changes), top resource consumers (CPU, duration, I/O), and queries with multiple plans (plan instability). Review the top 10 resource-consuming queries weekly.

Automatic Tuning

SQL MI supports automatic tuning for: automatic index creation (identifies missing indexes and creates them), automatic index drop (removes unused indexes after 90 days), and automatic plan correction (forces last known good plan when regression is detected). Enable all three for hands-off performance optimization. Review automatic tuning recommendations monthly.

Intelligent Insights

AI-powered performance analysis that identifies: wait statistics anomalies, execution plan regressions, tempdb contention, lock blocking, and excessive compilations. Intelligent Insights provides root cause analysis and remediation recommendations. Integrate alerts with Azure Monitor for real-time notification of performance degradation.

Storage I/O Optimization

General Purpose tier uses Azure Premium Storage (remote) with IOPS limits based on storage size. Business Critical tier uses local NVMe SSD with significantly higher IOPS. If IOPS is the bottleneck: increase storage allocation (more storage = more IOPS on GP tier), upgrade to Business Critical for I/O-intensive workloads, or optimize queries to reduce I/O requirements.

Related Resources

Azure Consulting Services

Enterprise Azure architecture, migration, and managed services from EPC Group.

Read more

Azure Cloud Migration Strategy

Complete enterprise guide to planning and executing Azure cloud migrations.

Read more

Azure AI Foundry Guide

Enterprise guide to building and deploying AI solutions on Azure.

Read more

Frequently Asked Questions

What is Azure SQL Managed Instance and when should you use it?

Azure SQL Managed Instance (SQL MI) is a fully managed PaaS database service that provides near-100% compatibility with on-premises SQL Server Enterprise Edition. It runs in your own Azure VNet (Virtual Network) for network isolation, supports cross-database queries, SQL Server Agent, CLR, linked servers, Service Broker, and Database Mail — features not available in Azure SQL Database. Use SQL MI when: you need to migrate from on-premises SQL Server with minimal application changes, your databases use features not supported by Azure SQL Database (cross-database queries, CLR, Agent jobs), you require VNet-level network isolation, or you need the SQL Server engine without managing the underlying OS and infrastructure. EPC Group recommends SQL MI as the primary migration target for 80% of enterprise SQL Server workloads.

What is the difference between Azure SQL MI and Azure SQL Database?

Azure SQL Database is a single-database or elastic pool service optimized for new cloud applications. Azure SQL MI is an instance-level service designed for migrating existing SQL Server workloads. Key differences: SQL MI supports cross-database queries, SQL Server Agent jobs, CLR assemblies, linked servers, Service Broker, and Database Mail — Azure SQL Database does not. SQL MI runs inside your VNet; Azure SQL Database uses public endpoints by default. SQL MI supports up to 100 databases per instance; Azure SQL Database is per-database or elastic pool. SQL MI supports TDE with customer-managed keys natively; Azure SQL Database supports this with additional configuration. Choose Azure SQL Database for new microservices and single-database workloads. Choose SQL MI for lift-and-shift migration of existing SQL Server environments.

How do you migrate from on-premises SQL Server to Azure SQL MI?

Migration follows a 5-step process: 1) Assessment — use Azure Migrate and Data Migration Assistant (DMA) to identify compatibility issues, feature parity gaps, and performance requirements. 2) SKU sizing — analyze current workload metrics (CPU, memory, IOPS, storage) to select the right SQL MI tier and compute size. 3) Network setup — configure VNet with dedicated subnet for SQL MI, set up ExpressRoute or VPN gateway for connectivity, and configure NSG rules. 4) Migration execution — use Azure Database Migration Service (DMS) for online migration with minimal downtime, or backup/restore for offline migration. 5) Validation — run comprehensive tests comparing query results, execution plans, and performance metrics against the source. EPC Group migrations achieve 99.9% uptime during cutover using online migration with DMS.

What does Azure SQL Managed Instance cost?

SQL MI pricing depends on tier, compute, and storage. General Purpose tier (4 vCores, 20 GB storage): approximately $350-450/month. General Purpose (8 vCores, 100 GB): approximately $700-900/month. Business Critical (8 vCores, 100 GB): approximately $1,800-2,200/month. Key pricing factors: vCore count (4, 8, 16, 24, 32, 40, 64, 80), storage (32 GB to 16 TB), backup retention (7-35 days), and license model (pay-as-you-go or Azure Hybrid Benefit for existing SQL Server licenses — saves up to 55%). Azure Hybrid Benefit is the single biggest cost optimization: if you already own SQL Server licenses with Software Assurance, apply them to SQL MI. EPC Group cost optimization assessments typically reduce SQL MI spend by 30-45% through right-sizing, reserved instances, and license optimization.

How does networking work with Azure SQL MI?

SQL MI requires a dedicated subnet within an Azure VNet with specific configuration: the subnet must be delegated to Microsoft.SqlManagedInstances, minimum /27 CIDR (32 addresses, though /24 recommended for growth), and no other resources can share the subnet. Network connectivity options: VNet peering for connecting to other Azure VNets, ExpressRoute for dedicated private connectivity to on-premises, VPN gateway for encrypted connectivity over the internet, and private endpoints for accessing SQL MI from other VNets without peering. NSG rules must allow: inbound on ports 9000-9003, 1433, 11000-11999 for management. Outbound must allow connectivity to Azure management endpoints. EPC Group configures SQL MI networking with defense-in-depth: NSG rules, private endpoints, no public endpoint, and ExpressRoute for on-premises connectivity.

What high availability options does Azure SQL MI provide?

SQL MI includes built-in high availability at no additional cost. General Purpose tier: uses Azure Premium Storage with 3 replicas, provides 99.99% SLA, but failover involves storage remounting (10-30 second downtime). Business Critical tier: uses Always On Availability Groups with 3-4 synchronous replicas, provides 99.99% SLA with faster failover (under 10 seconds), and includes a free readable secondary replica for read-only workloads. For disaster recovery across regions: auto-failover groups replicate databases to a secondary SQL MI instance in another Azure region with automatic DNS failover. RPO: 5 seconds. RTO: under 1 hour. Geo-redundant backup provides backup restoration in a paired region if the primary region is unavailable. EPC Group recommends Business Critical tier with auto-failover groups for mission-critical enterprise databases.

How do you tune performance on Azure SQL MI?

SQL MI performance tuning covers four areas: 1) Compute right-sizing — monitor CPU, memory, and IOPS using Azure Monitor and adjust vCore count. Over-provisioning wastes money; under-provisioning causes throttling. 2) Storage optimization — use the right storage tier (General Purpose uses remote storage, Business Critical uses local SSD). Monitor IOPS and throughput against tier limits. 3) Query optimization — use Query Store (enabled by default) to identify regressed queries, missing indexes, and plan changes. Review top resource-consuming queries weekly. 4) Index management — implement automated index tuning or review missing index DMVs regularly. Remove unused indexes that consume storage and slow writes. Additional tools: Intelligent Insights provides AI-powered performance analysis, and automatic tuning can create indexes and force good query plans automatically. EPC Group performance tuning engagements typically improve query performance by 40-60%.

Can you use SQL Server Agent with Azure SQL MI?

Yes, SQL Server Agent is fully supported on Azure SQL MI — this is one of the key differentiators from Azure SQL Database (which does not support Agent). SQL MI supports: scheduled jobs with multiple job steps, T-SQL, PowerShell, SSIS package execution, and operating system (CmdExec) steps. Alerts and notifications via Database Mail. Job scheduling with complex recurrence patterns. Proxy accounts for executing steps under different security contexts. Maintenance plans for index rebuilds, statistics updates, and integrity checks. Important note: SQL MI Agent jobs run within the managed instance — they cannot access local file systems or network shares like on-premises Agent jobs. Adapt file-based operations to use Azure Blob Storage instead. EPC Group migrates Agent jobs as part of every SQL MI migration, converting file-based operations to cloud-native equivalents.

Is Azure SQL MI HIPAA and SOC 2 compliant?

Yes, Azure SQL Managed Instance is certified for HIPAA, SOC 1/2/3, FedRAMP High, PCI DSS, ISO 27001, and 50+ other compliance standards. SQL MI compliance features include: Transparent Data Encryption (TDE) with Microsoft-managed or customer-managed keys, Always Encrypted for column-level encryption, Dynamic Data Masking for sensitive fields, Row-Level Security for multi-tenant access control, Azure Defender for SQL (threat detection, vulnerability assessment), Auditing to Azure Storage or Log Analytics, and Ledger tables for tamper-proof data integrity. For HIPAA: sign a Business Associate Agreement (BAA) with Microsoft, enable TDE and auditing, configure threat detection, and implement access controls. EPC Group configures SQL MI for HIPAA, SOC 2, and FedRAMP compliance as part of every healthcare and financial services database migration.

Plan Your SQL Server to Azure Migration

EPC Group database migration assessments evaluate your SQL Server environment, recommend the optimal Azure target (SQL MI, Azure SQL Database, or VM), and deliver a migration roadmap with timeline, cost projections, and risk mitigation strategies.

Request Migration Assessment (888) 381-9725