- MicroHack introduction
- MicroHack context
- Objectives
- Architecture
- Deploy the lab
- MicroHack challenges
- Cost management
- Contributors
This MicroHack walks attendees through the modern path to migrate SQL Server workloads from on-premises to Azure SQL Managed Instance, using the tooling Microsoft recommends as of 2026 — after the retirement of Azure Data Studio (Feb 2025) and the announced retirement of the Azure SQL Migration extension (Feb 28, 2026) in both ADS and SSMS 21.
It is a redesigned, hands-on edition of the original microsoft/MicroHack — SQL Modernization that swaps the deprecated tooling for the Arc + DMS via Portal/PowerShell experience.
You are a customer running a critical SQL Server 2022 workload on-premises (simulated by an Azure VM in an isolated VNet). The business wants to move to a managed PaaS service to reduce operational overhead while preserving the broadest possible compatibility surface. Your target is Azure SQL Managed Instance.
You will plan and execute the migration using the modern Microsoft-recommended toolchain:
- Azure Arc-enabled SQL Server — continuous discovery, real-time migration readiness and SKU sizing recommendations, without deploying an appliance.
- Managed Instance link (Always On Distributed Availability Group) — the single path Microsoft recommends in 2026 for technically up-to-date workloads (SQL Server 2019 CU15+ or 2022 CU1+). Sub-second replication lag, cutover in seconds, bidirectional fail-back.
- Azure DMS + Log Replay Service — kept in the lab as reference appendices for the shrinking population of customers on SQL Server 2017 or older where MI link doesn't apply.
- VS Code + MSSQL extension — the modern client replacing Azure Data Studio.
- SSMS — still required for SQL Agent jobs, Profiler and lifecycle administration.
After completing this MicroHack you will be able to:
- Onboard SQL Server instances into Azure Arc and use Arc-native migration assessments.
- Execute the modern near real-time migration to Azure SQL Managed Instance using Managed Instance link through the Azure Arc Portal wizard (with Copilot in the loop), and explain the trade-offs vs. the legacy DMS/LRS path.
- Validate a migrated workload and operate it post-migration using Azure Monitor, Log Analytics + KQL, and the VS Code MSSQL extension.
- Apply baseline security controls on Azure SQL MI: Data discovery & classification, Defender for SQL (Vulnerability Assessment + Advanced Threat Protection) and Microsoft Entra authentication.
- Articulate the business case to customers based on cost, compatibility and downtime needs.
Open in Excalidraw: https://excalidraw.com/#json=kOdHEuLmKGrkvfQ-Zekt6,tU6tzRpEa_IBmE4cQKM8Sg Source:
docs/diagram.excalidraw· regenerate withimages/.excalidraw-gen.py+images/.excalidraw-render.js.
The lab provisions a self-contained rg-mhsql-<env> resource group with:
- VNet
vnet-mhsql10.42.0.0/16 with three subnets:snet-vm(10.42.10.0/24) — Windows Server 2022 + SQL Server 2022 + AdventureWorks2022 ("on-prem" simulator)snet-mi(10.42.20.0/24, delegated) — Azure SQL Managed Instance (GP_Gen5 4 vCores)snet-dms(10.42.30.0/27) — Azure DMS, only needed if you run the legacy migration appendix (DMS+LRS for SQL Server 2017 or older)
- Platform services (outside the VNet but inside the same RG):
- Azure Arc agent on the VM → Ch.1 assessments without an appliance, and the Portal wizard that orchestrates Managed Instance link in Ch.2
- Storage Account → only used by the legacy DMS/LRS appendices (
sql-backups,lrs-backups). The recommended MI link path needs no Blob staging. - Key Vault →
sa,labadmin,sqladmincredentials. The MI link wizard readssafrom here to authenticate against the source. - Log Analytics workspace → telemetry sink for Ch.3 once the attendee enables MI diagnostic settings
- Budget 2 500 EUR/mo with alerts at 50/75/90/100% (subscription-wide)
See docs/architecture.md for the detailed module breakdown, naming conventions and cost drivers.
- An Azure subscription with
Owner(orContributor+User Access Administrator). - Azure CLI (
az >= 2.60) - Azure Developer CLI (
azd >= 1.23) - Terraform (
>= 1.5, AzureRM provider~> 4.0) - GitHub CLI (
gh) — optional, only for OIDC bootstrap - PowerShell 7+ — for helper scripts
- ~$10 USD of Azure budget per lab session (see Cost management)
az login
azd auth login
# Provision the base lab (VNet, on-prem VM, monitoring) - takes ~15 min
azd upThe Azure SQL Managed Instance is intentionally NOT deployed by default, because it takes 4–6 hours to provision and costs ~$0.85 USD/hr. Provision it the evening before the lab session with:
azd env set DEPLOY_SQL_MI true
azd provisionDetailed step-by-step in Challenge 0.
For a guided MicroHack with a cohort of customer attendees, follow the operator's guide:
📘 docs/cohort-delivery.md — deploy + plumbing 📘 docs/facilitator-briefing.md — presenter notes + timing 📘 docs/faq.md — questions students will ask 📘 docs/retro-template.md — post-session retro 📘 docs/student-cheatsheet.md — student-facing quick reference
If your subscription enforces MCAPS (or similar Microsoft-internal) Azure Policies, the lab is pre-hardened to comply with the most common ones out of the box. The compliance matrix and recovery patterns live in:
📘 docs/mcaps-policy-compliance.md
The cohort tooling under scripts/ deploys one independent lab
per attendee in parallel:
bootstrap-arc-onboarding-sp.ps1— create the SP that auto-onboards each VM to Arcdeploy-cohort.ps1— parallelterraform applyacross the cohortcohort-status.ps1— MI/Arc/VM readiness + cost report + per-student handoutcohort-progress.ps1— real-time per-student challenge progress (live during the session)preflight-check.ps1— green/yellow/red checklist before the session startsdiscover-mcaps-policies.ps1— enumerate policies on the sub and report compliancedestroy-cohort.ps1— clean teardownverify-cohort-teardown.ps1— forensic post-teardown check (zombie resources, soft-deleted KVs)
azd down --purge --force- Basic Azure knowledge (Azure fundamentals)
- Basic database knowledge (SQL Server backup/restore, T-SQL)
- Microsoft Teams Desktop Sharing should be allowed to collaborate with other participants (only for remote deliveries)
- Challenge 0 — Provision the lab environment ← start here
- Challenge 1 — Discovery & Assessment with Azure Arc
- Challenge 2 — Modern migration to Azure SQL MI with Managed Instance link ← the recommended 2026 path
- Challenge 3 — Monitoring & Performance on Azure SQL MI
- Challenge 4 — Security on Azure SQL MI
- Finish
- Solution 0 — Lab deployment
- Solution 1 — Arc-based assessment
- Solution 2 — MI link migration (Portal wizard + T-SQL scripts)
- Solution 3 — Monitoring & Performance
- Solution 4 — Security
For customers stuck on SQL Server 2017 or older (where MI link is not available) or with strict outbound-only networking, the lab keeps two reference walkthroughs:
The dominant cost driver is Azure SQL Managed Instance.
| Resource | Approx. cost (USD) | Notes |
|---|---|---|
SQL MI GP_Gen5_4vCores 32GB |
~$0.85/hr (~$620/month) | No auto-pause; remember to delete |
| Standard_B4ms VM (on-prem sim) | ~$0.13/hr | Stop when not in use |
| Azure DMS (Standard) | Free | |
| Storage / Log Analytics / networking | < $5/month |
Typical lab session cost: ~$5–10 USD for a 6-hour delivery (MI on for ~6h).
The subscription used to develop this lab has an active budget MonthlyBudget-2500USD
with alerts at 50/75/90/100% and forecast 100/110%. Configure your own before going live.
azd down --purge --force immediately after the lab session.
- Omar Mokrani — redesign and 2026 update
- Original MicroHack: Cornel Sukalla, Mert Següner, Sean Cowburn