A user in Azure Active Directory (AAD) is added as a member to an Azure Group that is Mapped to the Azure Principal login.
The Principal login has been assigned the required installation user permission sets as stated in the One Identity Manager (1IM) installation guide under Permissions for installation users.
The Azure AD user account is then used to perform installation of One Identity Manager (1IM) on the Azure SQL Managed Instance.
However, the installation fails at the Schema Installation step with the following error in the configuration wizard log:
"Processing step 'QBM ContentWaitForProcessing (wait for processing initial content)' failed."
There are differences in an on premise MS SQL server and an Azure SQL Managed instance. Please refer to Microsoft document which outlines these differences:
T-SQL differences between SQL Server & Azure SQL Managed Instance
In this case, Using a server principal who only gets permissions thru role memberships is not supported by Microsoft (Azure).
The following SQL Agent features currently aren't supported:
* Scheduling jobs on an idle CPU
* Enabling or disabling an Agent
This resulted in the Watchdog agent failing with the following error:
"The job failed. The owner (