This article is contributed. See the original author and article here.

It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:”PrinicipalNotFound”,”message”:”Principal ***** does not exist in the directory ****. ”}  with HTTPS status code 400 (bad request)


This error states , There is no Azure AD Identity assigned  for your Azure SQL Server . To solve the problem you may need to create an Azure AD  identity and assign the identity to the Azure SQL logical server with below steps.


  • Open a new cloud shell window  from the top right side of  azure portal or you may use PowerShell to connect with your Azure subscription.







  • Paste the below PowerShell code and execute it ,  it will create a function(Assign-AzSQLidentity)  for the current PowerShell session.

    Function Assign-AzSQLidentity
    "Checking if server identity exists..."
    if(Get-AzADServicePrincipal -DisplayName $ServerName)
    "Server identity already exists"
    Get-AzADServicePrincipal -DisplayName $ServerName
    else {
    "Server identify for server " + $ServerName + " does not exist"
    "Assigning identity to server " + $ServerName
    Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity

  • Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.


  • Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.


     I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .

    Thank you @Yochanan Rachamim for guidance.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: