Single database means one Azure SQL Database that stands on its own instead of being placed in an elastic pool or a managed instance. You choose its compute model, service tier, storage, backup redundancy, firewall rules, identities, and monitoring for that database. It is still managed by Azure, so patching, infrastructure maintenance, backups, and high availability are handled by the platform. For learners, the key point is scope: most choices apply to this one database, not every database on the server.
Azure SQL single database, SQL single database, single Azure SQL database
Difficulty
fundamentals
CLI mappings
5
Last verified
2026-05-24
Microsoft Learn
A single database in Azure SQL Database is a fully managed database with its own compute, storage, backup, and service-tier settings, hosted under a logical server. It is isolated from other databases unless you explicitly share connectivity, identity, or application dependencies.
Technically, a single database sits in the Azure SQL Database PaaS control plane under a logical SQL server. The logical server provides a DNS name, firewall configuration, admin identity, Microsoft Entra integration, and management scope, while the database owns compute, storage, service tier, backup, auditing, Query Store, and performance settings. Applications connect through the database endpoint, but operators manage it through ARM, Azure SQL APIs, Azure CLI, Bicep, Azure Monitor, and database-level security configuration. This keeps operational ownership explicit.
Why it matters
Single databases matter when an application needs predictable ownership and sizing without sharing throughput with unrelated databases. They make cost, performance tuning, backup policy, security review, and deployment risk easier to reason about because the operational blast radius is one database. A team can scale the database up, switch between serverless and provisioned compute where supported, configure zone redundancy, add private connectivity, or restore to a point in time without negotiating an elastic pool. The tradeoff is that underused capacity is not shared, so engineers must watch idle compute, storage growth, and backup retention instead of assuming a pool will absorb waste.
⌁
Where you see it
Signals, screens, and Azure surfaces where this term usually becomes operational.
Signal 01
The Azure portal SQL database Overview blade shows database name, server, location, status, pricing tier, compute model, storage usage, and connection guidance during operator review.
Signal 02
Azure CLI output from az sql db show exposes serviceObjectiveName, sku, status, edition, zoneRedundant, backupStorageRedundancy, collation, maxSizeBytes, and database identifiers for approved database change evidence.
Signal 03
Bicep or ARM templates usually declare Microsoft.Sql/servers/databases with sku, location, zone redundancy, maintenance configuration, auditing, diagnostic settings, and optional private endpoint resources.
✦
When this becomes relevant
Specific situations where this term helps solve real Azure design, operations, migration, security, reliability, cost, or governance problems.
Run a separately owned application database that needs independent scale, backup, and restore decisions without sharing compute in an elastic pool.
Migrate one SQL Server database to Azure SQL Database while keeping application scope small and avoiding managed instance complexity.
Give a tenant, product, or department its own database boundary for access review, cost tracking, auditing, and change control.
Use point-in-time restore or geo-restore for one database without affecting other databases on the same logical server.
Size an unpredictable dev, reporting, or seasonal workload with serverless or provisioned compute based on utilization evidence.
◆
Real-world case studies
Different enterprise-style examples that show the term being used to hit measurable objectives.
Case study 01
SaaS catalog gets an independent database boundary
Scenario, objectives, solution, measured impact, and takeaway.
📌Scenario
A software marketplace was running product catalog, pricing, and tenant settings in a shared SQL Server VM. Every price update competed with reporting jobs and made release nights risky.
🎯Business/Technical Objectives
Move the catalog workload to managed PaaS without redesigning the whole application.
Give the catalog team independent backup, scale, and restore ownership.
Reduce deployment-related database incidents during weekly releases.
Make database cost visible to the product owner.
✅Solution Using Single database
The platform team created an Azure SQL Database single database under a dedicated logical server and moved only the catalog schema first. They configured Microsoft Entra admin access, private endpoint connectivity, auditing to Log Analytics, Query Store, and geo-redundant backup storage. Deployment pipelines captured az sql db show output before every release, then ran schema migrations behind a feature flag. The database used provisioned vCore compute during launch, with performance metrics reviewed weekly to decide whether serverless would fit later. Reporting jobs were moved to a separate export path so they no longer blocked catalog writes.
📈Results & Business Impact
Release-night database incidents fell from five in a quarter to one minor rollback.
Average catalog query latency dropped 42 percent after Query Store tuning.
Point-in-time restore drills completed in 18 minutes, meeting the 30-minute objective.
Monthly database cost became traceable to one product budget instead of a shared VM.
💡Key Takeaway for Glossary Readers
A single database gave the team a clear ownership boundary without forcing a full platform migration.
Case study 02
City permit system avoids managed instance overreach
Scenario, objectives, solution, measured impact, and takeaway.
📌Scenario
A municipal permits office needed to modernize one high-value database used by inspectors, clerks, and a public status portal. The legacy estate had dozens of databases, but only one required immediate cloud resilience.
🎯Business/Technical Objectives
Modernize the permit database before a seasonal application surge.
Keep the migration small enough for a four-person IT team to operate.
Improve restore confidence without moving every legacy database.
Reduce weekend maintenance windows caused by VM patching.
✅Solution Using Single database
The team chose Azure SQL Database single database instead of moving the entire SQL Server estate to managed instance. They provisioned a logical server in the approved region, enabled auditing, configured firewall rules for migration tooling, and moved application connectivity through a private endpoint after testing. Backups and point-in-time restore were validated before the public portal cutover. Azure CLI scripts documented the database SKU, backup redundancy, max size, and diagnostic settings so the city could repeat the pattern for other databases later. The old VM stayed online temporarily only for read-only historical queries.
📈Results & Business Impact
The cutover finished in 52 minutes, below the two-hour public-service window.
VM patching effort for the permit workload dropped from monthly weekends to platform-managed maintenance.
Restore testing improved from untested backups to a documented 24-minute point-in-time restore.
Peak-season complaints about permit status outages dropped 68 percent.
💡Key Takeaway for Glossary Readers
Moving one database well can produce more reliability than moving a whole estate badly.
Case study 03
Research grant portal isolates unpredictable workload
Scenario, objectives, solution, measured impact, and takeaway.
📌Scenario
A university research office opened a grant submission portal twice per year. The database was nearly idle for months, then saw intense deadline traffic from faculty uploads, reviews, and budget approvals.
🎯Business/Technical Objectives
Handle deadline spikes without paying for high compute all year.
Protect grant data with private connectivity and audited access.
Give database administrators a simple restore path for submission mistakes.
Separate the portal database from unrelated campus systems.
✅Solution Using Single database
The architecture used an Azure SQL Database single database with serverless compute for the non-deadline months and a higher minimum vCore setting during submission windows. The team configured private endpoint access from the web app, Microsoft Entra-based administration, audit logs, and alerts for storage growth and CPU saturation. Before each grant cycle, operators ran CLI checks to confirm compute settings, backup redundancy, firewall rules, and diagnostic destinations. After the first cycle, Query Store data identified two slow review queries, and the database was tuned before the next deadline instead of permanently scaled up.
📈Results & Business Impact
Annual compute spend fell 31 percent compared with a permanently provisioned tier.
Submission-week timeout tickets dropped from 43 to 9 after query tuning.
Accidental data changes were recovered in a tested 19-minute restore drill.
Security review time fell because the database had one owner and one private path.
💡Key Takeaway for Glossary Readers
A single database works well when one workload needs its own lifecycle, cost model, and recovery story.
Why use Azure CLI for this?
As an Azure engineer, I use Azure CLI for single databases because database changes often need an audit trail and repeatable proof. Portal screens are fine for exploring, but CLI lets me capture the active subscription, server, database SKU, backup redundancy, zone redundancy, audit policy, firewall exposure, and restore settings before a change. It is also faster during incidents: I can compare production and staging, export JSON for review, or script a resize in a maintenance window. The CLI keeps database work tied to pull requests, runbooks, and change records instead of screenshots that nobody can reproduce. That repeatability avoids guessing.
CLI use cases
List all databases on a logical server and identify which ones are single databases rather than elastic-pool members.
Capture SKU, compute model, zone redundancy, backup storage redundancy, and size before a production scaling change.
Create a dev or staging database from automation with the same naming, tags, and baseline configuration as production.
Inspect auditing, threat detection, firewall rules, and private endpoint relationships before a security review.
Export database configuration as JSON so release engineers can compare drift across test, staging, and production.
Before you run CLI
Confirm the active tenant and subscription with az account show before touching a production SQL server.
Verify the resource group, logical server name, database name, and region because many teams reuse similar SQL names.
Check whether the command is read-only, cost-impacting, security-impacting, or destructive before pasting it into a shell.
Confirm your identity has SQL control-plane permissions and any data-plane permissions needed for related database checks.
Use JSON output for evidence, and avoid exposing admin passwords, connection strings, or keys in command history.
What output tells you
The sku and service objective fields show which performance and cost envelope currently applies to the database.
Status, location, and resource ID fields confirm whether you are inspecting the intended environment and logical server.
Backup redundancy, zone redundancy, and restore-related fields reveal whether recovery settings match the workload design.
Firewall, private endpoint, auditing, and threat policy outputs show whether access and evidence controls are configured.
Timestamps and provisioning states help distinguish a completed configuration from a deployment that is still changing.
Mapped Azure CLI commands
Azure SQL single database operations
direct
az sql db list --server <sql-server> --resource-group <resource-group> --output table
az sql dbdiscoverDatabases
az sql db show --name <database> --server <sql-server> --resource-group <resource-group> --output json
az sql dbdiscoverDatabases
az sql db create --name <database> --server <sql-server> --resource-group <resource-group> --service-objective S0
az sql dbprovisionDatabases
az sql db update --name <database> --server <sql-server> --resource-group <resource-group> --backup-storage-redundancy Geo
az sql dbconfigureDatabases
az sql db audit-policy show --name <database> --server <sql-server> --resource-group <resource-group>
az sql db audit-policydiscoverDatabases
Architecture context
Architecturally, a single database is a clean boundary for one application component, tenant group, or operational domain. I usually choose it when the workload has clear ownership, needs independent scaling, and does not benefit from pooled compute. The logical server becomes the network and identity anchor, while the database becomes the performance, backup, and data-protection unit. Private endpoints, firewall rules, diagnostic settings, auditing, TDE, Microsoft Entra authentication, and Query Store all need to be designed around that boundary. The main architecture risk is assuming the database is isolated while the application still shares secrets, connection pools, release pipelines, or downstream dependencies.
Security
Security starts with the logical server boundary, then continues at the database. Operators should avoid broad firewall rules, require encrypted connections, prefer Microsoft Entra authentication where practical, and limit SQL users to the permissions they need. Private endpoints reduce public exposure, but they also require DNS, subnet, and application routing checks. Auditing, Defender for SQL, vulnerability assessment, and transparent data encryption help produce evidence and detect risky behavior. The database is isolated from other databases at the service level, but shared application identities, reused admin accounts, or copied connection strings can still turn one compromise into a wider data incident.
Cost
Cost impact is direct because the database owns its compute, storage, backup storage, and optional redundancy choices. Provisioned compute can waste money when the workload is idle, while serverless can save money for intermittent use but may introduce auto-pause and warm-up considerations. Storage growth, long-term retention, geo-redundant backup storage, replicas, zone redundancy, and high service tiers can all add material cost. A single database also lacks the shared-capacity benefit of an elastic pool, so many small quiet databases can be expensive. FinOps checks should track utilization, abandoned dev databases, retention settings, and whether pooled or serverless options fit better. Review those choices with owners during each monthly FinOps pass.
Reliability
Reliability for a single database is mostly about recovery objectives, region design, and safe change. Azure handles platform high availability, backups, and maintenance, but the team still chooses service tier, backup storage redundancy, zone redundancy where available, failover group design, and restore testing. A resize, firewall change, key rotation, or schema deployment can still hurt users if it is done blindly. Operators should measure connection errors, DTU or vCore pressure, storage growth, deadlocks, and failover behavior. The smaller blast radius is useful: one database can be restored or tuned without moving every workload on the logical server. Regular restore drills confirm assumptions.
Performance
Performance is directly tied to the chosen service tier, compute size, storage, query design, indexing, and connection behavior. A single database has dedicated capacity for its database engine, so noisy neighbors inside an elastic pool are not the issue, but bad queries, insufficient vCores, high log writes, tempdb pressure, or missing indexes still are. Query Store, automatic tuning, wait statistics, CPU, data IO, log IO, and connection metrics show where pressure appears. Scaling up can help, but it should follow evidence. Application connection pooling, retry policies, and transaction scope often matter as much as the database SKU. Production baselines make decisions safer.
Operations
Operators manage single databases through a mix of SQL tooling and Azure control-plane checks. Routine work includes reviewing Query Store, checking CPU and storage metrics, verifying backup retention, confirming auditing destinations, testing point-in-time restore, and comparing configuration across environments. Change runbooks should capture the server name, database name, service objective, compute model, region, private endpoint state, firewall rules, and diagnostic settings. During incidents, CLI and KQL queries help distinguish an application connection issue from database saturation, blocked queries, an expired secret, a DNS problem, or a failed deployment. Good operations keep database changes small and reversible. Evidence should be saved after changes.
Common mistakes
Scaling a single database before checking Query Store, wait stats, and application connection behavior.
Opening a broad SQL firewall rule to fix connectivity instead of validating private DNS, subnet, and client address.
Assuming the logical server configuration applies safely to every database without reviewing database-specific settings.
Leaving development single databases on expensive provisioned tiers after a migration test or performance benchmark.
Changing backup redundancy, failover, or service tier without documenting the recovery and cost impact.