# Integrate Microsoft Azure for MySQL with Databox Azure Database for MySQL is a fully managed relational database service built on the MySQL community edition. It handles provisioning, patching, backups, and scaling automatically, and is available in two deployment modes: Flexible Server and Single Server. Connecting Azure Database for MySQL to Databox lets you pull data directly from your managed database, build datasets using SQL queries, and visualize business-critical figures alongside data from your other connected tools. ## Connection If you've already established a connection, you can [reuse](/add-a-data-source) it to add new data sources to your Databox account. ### Step 1: Create a read-only MySQL user for Databox Databox only reads data from your database — it never writes to it. Create a dedicated MySQL user with `SELECT`-only privileges scoped to the Databox IP address. You can run these commands using the **Query editor** in the Azure portal, or via a MySQL client connected to your instance. **MySQL 8.0+ (modern syntax):** ```sql CREATE USER 'databox'@'52.4.198.118' IDENTIFIED BY 'your_secure_password'; GRANT SELECT ON your_database.* TO 'databox'@'52.4.198.118'; FLUSH PRIVILEGES; ``` **MySQL 5.7 (legacy single-statement syntax):** ```sql GRANT SELECT ON your_database.* TO 'databox'@'52.4.198.118' IDENTIFIED BY 'your_secure_password'; FLUSH PRIVILEGES; ``` Replace `your_database` with the name of the database you want to connect, and `your_secure_password` with a strong password. If you need to grant access to multiple databases, repeat the `GRANT` statement for each one. Avoid the following special characters in your password, as they can cause encoding issues when establishing the connection: ```, `'`, `"`, `/`, `\`, and spaces. ### Step 2: Enable public access on your Azure MySQL instance Databox connects to Azure Database for MySQL over a public endpoint. The steps differ depending on whether you are using Flexible Server or Single Server. **Flexible Server:** 1. In the [Azure portal](https://portal.azure.com), go to your Azure Database for MySQL Flexible Server resource. 2. Under **Settings**, click **Networking**. 3. Under **Connectivity method**, select **Public access (allowed IP addresses)**. 4. Click **Save** to apply the change. **Single Server:** 1. In the [Azure portal](https://portal.azure.com), go to your Azure Database for MySQL Single Server resource. 2. Under **Settings**, click **Connection security**. 3. Set **Allow access to Azure services** to **No** (unless required for other integrations). 4. Confirm that **Public access** is enabled. If not, enable it and click **Save**. The server's fully qualified hostname is shown on the **Overview** page of your instance (e.g., `myserver.mysql.database.azure.com`). Copy this value — you will need it in [Step 4](#step-4-enter-your-azure-mysql-connection-details-in-databox). ### Step 3: Add the Databox IP to your firewall rules Azure Database for MySQL uses firewall rules to control inbound network access. Add a rule that permits connections from the Databox IP address. **Flexible Server:** 1. In the [Azure portal](https://portal.azure.com), go to your Flexible Server resource. 2. Under **Settings**, click **Networking**. 3. Under **Firewall rules**, click **Add current client IP address** or click **Add firewall rule** to enter a custom range. 4. Set the **Start IP address** and **End IP address** both to `52.4.198.118`. 5. Give the rule a name (e.g., `Databox`) and click **Save**. **Single Server:** 1. In the [Azure portal](https://portal.azure.com), go to your Single Server resource. 2. Under **Settings**, click **Connection security**. 3. Under **Firewall rules**, click **Add client IP** or enter values manually: - **Rule name**: `Databox` - **Start IP**: `52.4.198.118` - **End IP**: `52.4.198.118` 4. Click **Save**. ### Step 4: Enter your Azure MySQL connection details in Databox 1. In Databox, go to **Data Sources > + New connection**. 2. Search for **Microsoft Azure for MySQL** and click **Connect**. 3. Fill in the connection form: - **Data source name** — a label for this connection in Databox. - **Host** — the fully qualified server name of your Azure MySQL instance, found on the **Overview** page in the Azure portal (e.g., `myserver.mysql.database.azure.com`). - **Port** — the port your instance listens on. The default for Azure Database for MySQL is `3306`. - **User** — the MySQL username created in [Step 1](#step-1-create-a-read-only-mysql-user-for-databox). For Flexible Server, use the plain username (e.g., `databox`). For Single Server, Azure may require the format `username@servername` (e.g., `databox@myserver`). - **Password** — the password for that user. - **Database name** (optional) — the specific database to connect to. Leave blank to connect at the server level. - **Timezone** — the time zone used to interpret date values in query results. Defaults to `Etc/UTC`. 4. Select an **SSL/TLS mode** (see [SSL/TLS](#ssltls) below). 5. Click **Connect**. connect ## SSL/TLS Databox offers three SSL/TLS modes when connecting to a database. Choose the one that matches your server's configuration. | Mode | Description | | --- | --- | | None | The connection is made without SSL/TLS encryption. Use this only when your server does not have SSL enabled. | | Use SSL/TLS with provider CA bundle | The connection uses SSL/TLS and authenticates the server using a regional CA bundle managed by your cloud provider (for example, Amazon RDS). When you check **Verify server certificate using regional CA bundle**, an additional **CA certificate bundle (ssl-ca)** field appears, where you can paste your provider's CA certificate. | | Use SSL/TLS with custom certificates | The connection uses SSL/TLS with certificates you supply directly. When **Verify server certificate** is checked, you must provide a **CA certificate (ssl-ca)**. You may also supply a **Client certificate (ssl-cert)** and **Client private key (ssl-key)** for mutual TLS. If **Verify server certificate** is unchecked, only the client certificate and private key fields are shown. | Azure Database for MySQL enforces SSL/TLS connections by default. To use SSL with server certificate verification, download the DigiCert Global Root CA certificate from the [Azure SSL connectivity documentation](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-connect-tls-ssl) and paste its contents into the **CA certificate bundle (ssl-ca)** field in Databox. For step-by-step instructions on configuring each SSL mode, see [Enable SSL/TLS for your database connection](/enable-ssl-tls-for-your-database-connection). ## Datasets The MIcrosoft Azure for MySQL integration supports the creation of [datasets](/understanding-datasets), which allow you to define and shape the specific data you want to use for reporting in Databox. Datasets make it easier to focus on the most relevant information, enabling you to filter, visualize, and analyze metrics across projects, teams, and clients without writing complex queries each time. ### Steps to create a dataset 1. **Select a table**: Pick the appropriate schema within that database. 2. **Select columns**: Browse and select the specific columns (fields) from your tables or views to include in your dataset. These columns define the structure and content of your dataset. ### Optional: Write SQL For more advanced use cases, you can write a **custom SQL query** instead of selecting columns manually. This allows you to: - Join multiple tables - Apply filters and aggregations - Format or transform data before importing it into Databox Your query must return a valid tabular result to be used as a dataset. ### Additional resources - [Azure Database for MySQL documentation](https://learn.microsoft.com/en-us/azure/mysql/) — Official Microsoft docs for Azure Database for MySQL, covering Flexible Server and Single Server deployment modes, connectivity, security, backups, high availability, and monitoring. - [Azure Database for MySQL Flexible Server networking overview](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-networking) — Guidance on public access, private access (VNet integration), and firewall rule configuration for Flexible Server. ## Resources For comprehensive details on metrics, data availability, templates, specifications, usage guidelines, and other key information, refer to the resources listed below. No. Databox connects to Azure Database for MySQL using standard MySQL username and password authentication. Azure Active Directory (Microsoft Entra ID) authentication is not supported. Make sure the user you create in [Step 1](#step-1-create-a-read-only-mysql-user-for-databox) uses standard MySQL authentication, not Azure AD authentication. The required format depends on your deployment mode. Flexible Server accepts plain usernames (e.g., `databox`). Single Server requires the format `username@servername` (e.g., `databox@myserver`), where `myserver` is the part of your hostname before `.mysql.database.azure.com`. If the connection fails with an authentication error, check that you are using the correct format for your deployment mode. Check the following in order: 1. **Public access** is enabled on the instance (under **Networking** for Flexible Server, or **Connection security** for Single Server). 2. A **firewall rule** exists with both start and end IP set to `52.4.198.118`. 3. The MySQL user was created with `'databox'@'52.4.198.118'` as the host — not `'%'` or `'localhost'`. Run `FLUSH PRIVILEGES;` after any user or grant changes. 4. If SSL enforcement is enabled on the instance, select an SSL mode other than **Disabled** in the Databox connection form.   Ask Genie Get instant answers or help with your data using the in-app AI assistant. Talk to an expert For customers: Get help with your setup, strategy, or making the most of Databox. Book a demo New to Databox? See how it works and get guidance on getting started. Send an email Reach out to support for help with your account, data, or technical issues.