Overview
Once Azure SQL is connected, the Dema Agent can explore schemas, read records, and run governed queries against your Azure SQL Database — useful for bringing live operational data into an analysis alongside Dema metrics without rebuilding the data into a separate warehouse. The agent connects over MCP to a Microsoft SQL MCP Server that you run in your own Azure subscription using Data API builder (DAB). Your database stays in your tenant — Dema only sees the entities you expose and the rows the agent reads. What the agent is allowed to do (read vs. write, and which tables) is controlled entirely by your DAB configuration, not by Dema. The agent only acts when you ask it to.What the agent can do
The SQL MCP Server exposes a fixed, predictable set of tools over the entities you publish. The agent never writes raw SQL or sees your internal schema directly — it works through Data API builder’s secure abstraction layer, so every call is deterministic and governed by your role-based permissions. The tools cover:- Discover — list and describe the entities you’ve exposed (
describe_entities). - Read — fetch and summarize records (
read_records,aggregate_records). - Write — create, update, and delete records (
create_record,update_record,delete_record) — only on entities where you grant those actions. - Stored procedures — run a stored procedure mapped as an entity (
execute_entity). To suppress this tool, do not expose any stored-procedure entities indab-config.json.
read) refuses every create, update, and delete. Stored-procedure entities are a separate entity type: execute_entity runs whatever the procedure does internally regardless of read/write grants, so control it by choosing which procedures — if any — you expose as entities.
Prerequisites
- An Azure SQL Database (or SQL Server) with the data you want the agent to access.
- The ability to deploy the SQL MCP Server — Data API builder 2.0 — to Azure Container Apps or Azure App Service with network access to your database.
- Permission in Microsoft Entra ID to register an application and create a client secret.
- An Azure role that can grant the MCP Server access to your database (for example to assign a managed identity).
The SQL MCP Server ships with Data API builder version 1.7 and later. Use the latest 2.0 release for the current capabilities and fixes.
Set up the SQL MCP Server
This is a one-time setup in your own Azure environment. The steps below are the essentials — follow the linked Microsoft Learn guides for full detail.Deploy Data API builder pointed at your database
Deploy the DAB SQL MCP Server to Azure Container Apps (or App Service) and point its connection string at your Azure SQL Database. For outbound database authentication, Microsoft recommends managed identity rather than a SQL username and password:The server exposes a streamable HTTP MCP endpoint at
https://<host>/mcp. See the Azure Container Apps quickstart.Expose only the entities the agent needs
In Anything you don’t expose as an entity is invisible to the agent. The MCP Server turns each entity into the tool surface described in What the agent can do above.
dab-config.json, add an entity for each table or view you want the agent to reach, and grant read-only access with the authenticated:read permission so only authenticated callers (Dema) can read them:Register an app in Microsoft Entra ID
Register one application in Microsoft Entra ID. It serves as both the API that the MCP Server protects and the identity Dema uses to call it. Record the:
- Directory (tenant) ID — used to build the issuer and token URLs.
- Application (client) ID and Application ID URI in the form
api://<app-id>.
Configure inbound authentication on the MCP Server
Data API builder 2.0 starts unauthenticated by default, so you must turn on Entra ID JWT validation. Set the provider to See Configure authentication for SQL MCP Server.
EntraId and point the audience at your Application ID URI and the issuer at your tenant:Connect Azure SQL in Dema
Open the Azure SQL connector
In Dema, go to Agents → Settings → Integrations, find Azure SQL, and click Connect.
Enter the connection details
Fill in the values from your setup:
- MCP URL — your server’s endpoint, in the form
https://<host>/mcp(for examplehttps://<app-name>.azurecontainerapps.io/mcp). - Token URL —
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token. - Client ID — the Application (client) ID of the Entra app you registered.
- Client secret — the secret you created on that app.
Use the same Entra app as both the protected API (the DAB
jwt.audience) and Dema’s client. That keeps the Application ID URI api://<app-id> aligned with the client ID, so the connection works with just the four values above — no extra configuration in Dema.Permissions
Dema does not request named scopes of its own. What the agent can do is governed entirely by the entity permissions in yourdab-config.json. Grant the authenticated role only the access the agent should have:
- For read-only access, expose each entity with
authenticated:read. - The agent can only see entities you explicitly define — unexposed tables and views stay out of reach.
When the connection expires
Dema uses a machine-to-machine (client-credentials) flow: it mints a fresh access token from your client ID and secret for each session and refreshes automatically. There is no interactive sign-in to repeat. The connection breaks only when the client secret expires or is rotated in Microsoft Entra ID. When that happens, create a new secret on the app, then go to Agents → Settings → Integrations, find Azure SQL, click Reconnect, and enter the new secret.Troubleshooting
Authentication fails when connecting
Authentication fails when connecting
Double-check the Client ID, Client secret, and Token URL. The secret must be current (not expired or rotated), and the token URL must use your Directory (tenant) ID. Confirm the Entra app exposes the
api://<app-id> Application ID URI that the MCP server validates as its audience.Dema says the MCP URL is invalid
Dema says the MCP URL is invalid
The MCP URL must be an HTTPS URL on your own tenant — on
.azurecontainerapps.io, .azurewebsites.net, or .azure-api.net — and must end in /mcp. Copy it from your deployed app rather than typing it by hand.Dema says the Token URL is invalid
Dema says the Token URL is invalid
The token URL must be on
login.microsoftonline.com, in the form https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token. Use your Directory (tenant) ID.The agent gets a 401 or 403 from the MCP server
The agent gets a 401 or 403 from the MCP server
The token Dema sends must match what Data API builder validates. Confirm
runtime.host.authentication.jwt.audience is api://<app-id> and jwt.issuer is https://login.microsoftonline.com/<tenant-id>/v2.0 (note the /v2.0). For a 403, make sure the entity grants authenticated:read (or the action the agent needs).The agent cannot see a table I expected
The agent cannot see a table I expected
Only entities defined in
dab-config.json are visible. Add the table or view as an entity and grant it authenticated:read, then ask the agent again.
